1. Read the lesson
This is an article about coding capabilities. The subject gives us 8 files including:
- 3 log file keys from brick nokia 7110 (sms1 / 2 / 3.csv)
- 3 sms1 / 2 / 3.txt files containing original contents of sms1 / 2 / 3.csv
- A log file sms4.csv contains the flag content
- A file defining keys.h keys
Looking through the sms4 356 log file, make sure I am not the lord of the time to sit and work hands, just have to code
Open keys.h file:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | <span class="token macro property"># <span class="token directive keyword">ifndef</span> N7110</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110</span> <span class="token keyword">enum</span> <span class="token punctuation">{</span> N7110_KEYPAD_ZERO <span class="token operator">=</span> <span class="token number">0</span> <span class="token punctuation">,</span> N7110_KEYPAD_ONE <span class="token operator">=</span> <span class="token number">1</span> <span class="token punctuation">,</span> N7110_KEYPAD_TWO <span class="token operator">=</span> <span class="token number">2</span> <span class="token punctuation">,</span> N7110_KEYPAD_THREE <span class="token operator">=</span> <span class="token number">3</span> <span class="token punctuation">,</span> N7110_KEYPAD_FOUR <span class="token operator">=</span> <span class="token number">4</span> <span class="token punctuation">,</span> N7110_KEYPAD_FIVE <span class="token operator">=</span> <span class="token number">5</span> <span class="token punctuation">,</span> N7110_KEYPAD_SIX <span class="token operator">=</span> <span class="token number">6</span> <span class="token punctuation">,</span> N7110_KEYPAD_SEVEN <span class="token operator">=</span> <span class="token number">7</span> <span class="token punctuation">,</span> N7110_KEYPAD_EIGHT <span class="token operator">=</span> <span class="token number">8</span> <span class="token punctuation">,</span> N7110_KEYPAD_NINE <span class="token operator">=</span> <span class="token number">9</span> <span class="token punctuation">,</span> N7110_KEYPAD_STAR <span class="token operator">=</span> <span class="token number">10</span> <span class="token punctuation">,</span> N7110_KEYPAD_HASH <span class="token operator">=</span> <span class="token number">11</span> <span class="token punctuation">,</span> N7110_KEYPAD_MENU_LEFT <span class="token operator">=</span> <span class="token number">100</span> <span class="token punctuation">,</span> N7110_KEYPAD_MENU_RIGHT <span class="token operator">=</span> <span class="token number">101</span> <span class="token punctuation">,</span> N7110_KEYPAD_MENU_UP <span class="token operator">=</span> <span class="token number">102</span> <span class="token punctuation">,</span> N7110_KEYPAD_MENU_DOWN <span class="token operator">=</span> <span class="token number">103</span> <span class="token punctuation">,</span> N7110_KEYPAD_CALL_ACCEPT <span class="token operator">=</span> <span class="token number">104</span> <span class="token punctuation">,</span> N7110_KEYPAD_CALL_REJECT <span class="token operator">=</span> <span class="token number">105</span> <span class="token punctuation">}</span> N7110_KEYPAD_KEYS <span class="token punctuation">;</span> <span class="token keyword">enum</span> <span class="token punctuation">{</span> N7110_IME_T9 <span class="token operator">=</span> <span class="token number">0</span> <span class="token punctuation">,</span> N7110_IME_T9_CAPS <span class="token operator">=</span> <span class="token number">1</span> <span class="token punctuation">,</span> N7110_IME_ABC <span class="token operator">=</span> <span class="token number">2</span> <span class="token punctuation">,</span> N7110_IME_ABC_CAPS <span class="token operator">=</span> <span class="token number">3</span> <span class="token punctuation">}</span> N7110_IME_METHODS <span class="token punctuation">;</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_ZERO_ABC_CHARS " 0"</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_ONE_ABC_CHARS ".,'?!"1-()@/:"</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_TWO_ABC_CHARS "abc2"</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_THREE_ABC_CHARS "def3"</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_FOUR_ABC_CHARS "ghi4"</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_FIVE_ABC_CHARS "jkl5"</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_SIX_ABC_CHARS "mno6"</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_SEVEN_ABC_CHARS "pqrs7"</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_EIGHT_ABC_CHARS "tuv8"</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_NINE_ABC_CHARS "wxyz9"</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_STAR_ABC_CHARS "@/:_;+&%*[]{}"</span> <span class="token macro property"># <span class="token directive keyword">define</span> N7110_KEYPAD_HASH_CHARS N7110_IME_METHODS</span> <span class="token macro property"># <span class="token directive keyword">endif</span> </span> <span class="token comment">// N7110</span> |
Basically, these keys are the same as when I was playing with Nokia during class time But in addition to straight typing, when reading the log file we can see there are other activities such as moving the cursor, deleting …
To be true to the idea of the creator, I will code 1 tool to retype based on the results from the log file. There are 2 ways to code here:
- Method 1: Code read log file and print string, when encountering the navigation keys, just print the key name and do it yourself.
- Method 2: Code tool controls keyboard for machine to type automatically.
Because I was lazy, I chose option 2
I code tool typing in python, using pynput
2. Analysis
2.1 Nokia 7110 phone
I did not write the wrong title: v To code out, you have to see how this 7110, here is a picture of it: Regarding the number keys, the text is normal, but it does not have a navigation key. Instead 7171 has an additional scrollbar like on a computer mouse.
2.2 Pynput library
pynput is a library that supports controlling input devices such as keyboards and mice. In this article, we only need to care about how to control the keyboard.
To control the keyboard, you need to add a list of keys and control methods. You can read the article Controlling the keyboard with pynput here.
One small thing to note is that the keyboard control will start as soon as the code runs, the keys will be typed right at the location of the text cursor, regardless of where it is located. So let the program sleep for a few seconds before starting to run to have time to click on the empty text file.
2.3 Key log file
Each log file consists of 2 columns:
- The first column is the time for pressing the key
- The second column is the key pressed
Do not skip column 1. Why ?
Notice the contents of the sms1.txt file as follows: "rudolf where are you brrr".
See the "rrr" text, in the log file, that's 9 times of typing 7: 3
According to my analysis, if the time between 2 key presses> 1000, it means that I have stopped to type new characters. Otherwise, a character is still selected.
3. Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | <span class="token keyword">from</span> pynput <span class="token punctuation">.</span> keyboard <span class="token keyword">import</span> Key <span class="token punctuation">,</span> Controller <span class="token keyword">import</span> csv <span class="token keyword">import</span> time k <span class="token operator">=</span> <span class="token punctuation">[</span> <span class="token string">' 0'</span> <span class="token punctuation">,</span> <span class="token string">'.,'?!"1-()@/:'</span> <span class="token punctuation">,</span> <span class="token string">'abc2'</span> <span class="token punctuation">,</span> <span class="token string">'def3'</span> <span class="token punctuation">,</span> <span class="token string">'ghi4'</span> <span class="token punctuation">,</span> <span class="token string">'jkl5'</span> <span class="token punctuation">,</span> <span class="token string">'mno6'</span> <span class="token punctuation">,</span> <span class="token string">'pqrs7'</span> <span class="token punctuation">,</span> <span class="token string">'tuv8'</span> <span class="token punctuation">,</span> <span class="token string">'wxyz9'</span> <span class="token punctuation">,</span> <span class="token string">'@/:_;+&%*[]{}'</span> <span class="token punctuation">]</span> keyboard <span class="token operator">=</span> Controller <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token keyword">with</span> <span class="token builtin">open</span> <span class="token punctuation">(</span> <span class="token string">'sms4.csv'</span> <span class="token punctuation">,</span> <span class="token string">'r'</span> <span class="token punctuation">)</span> <span class="token keyword">as</span> f <span class="token punctuation">:</span> reader <span class="token operator">=</span> csv <span class="token punctuation">.</span> reader <span class="token punctuation">(</span> f <span class="token punctuation">)</span> press_list <span class="token operator">=</span> <span class="token builtin">list</span> <span class="token punctuation">(</span> reader <span class="token punctuation">)</span> <span class="token keyword">def</span> <span class="token function">pressNum</span> <span class="token punctuation">(</span> kcode <span class="token punctuation">,</span> times <span class="token punctuation">)</span> <span class="token punctuation">:</span> keyboard <span class="token punctuation">.</span> press <span class="token punctuation">(</span> k <span class="token punctuation">[</span> kcode <span class="token punctuation">]</span> <span class="token punctuation">[</span> <span class="token punctuation">(</span> times <span class="token operator">-</span> <span class="token number">1</span> <span class="token punctuation">)</span> <span class="token operator">%</span> <span class="token builtin">len</span> <span class="token punctuation">(</span> k <span class="token punctuation">[</span> kcode <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> keyboard <span class="token punctuation">.</span> release <span class="token punctuation">(</span> k <span class="token punctuation">[</span> kcode <span class="token punctuation">]</span> <span class="token punctuation">[</span> <span class="token punctuation">(</span> times <span class="token operator">-</span> <span class="token number">1</span> <span class="token punctuation">)</span> <span class="token operator">%</span> <span class="token builtin">len</span> <span class="token punctuation">(</span> k <span class="token punctuation">[</span> kcode <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> time <span class="token punctuation">.</span> sleep <span class="token punctuation">(</span> <span class="token number">0.1</span> <span class="token punctuation">)</span> <span class="token keyword">def</span> <span class="token function">pressMov</span> <span class="token punctuation">(</span> kcode <span class="token punctuation">,</span> times <span class="token punctuation">)</span> <span class="token punctuation">:</span> <span class="token keyword">for</span> i <span class="token keyword">in</span> <span class="token builtin">range</span> <span class="token punctuation">(</span> times <span class="token punctuation">)</span> <span class="token punctuation">:</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> kcode <span class="token operator">==</span> <span class="token number">101</span> <span class="token punctuation">)</span> <span class="token punctuation">:</span> keyboard <span class="token punctuation">.</span> press <span class="token punctuation">(</span> Key <span class="token punctuation">.</span> backspace <span class="token punctuation">)</span> keyboard <span class="token punctuation">.</span> release <span class="token punctuation">(</span> Key <span class="token punctuation">.</span> backspace <span class="token punctuation">)</span> <span class="token keyword">elif</span> <span class="token punctuation">(</span> kcode <span class="token operator">==</span> <span class="token number">102</span> <span class="token punctuation">)</span> <span class="token punctuation">:</span> keyboard <span class="token punctuation">.</span> press <span class="token punctuation">(</span> Key <span class="token punctuation">.</span> left <span class="token punctuation">)</span> keyboard <span class="token punctuation">.</span> release <span class="token punctuation">(</span> Key <span class="token punctuation">.</span> left <span class="token punctuation">)</span> <span class="token keyword">elif</span> <span class="token punctuation">(</span> kcode <span class="token operator">==</span> <span class="token number">103</span> <span class="token punctuation">)</span> <span class="token punctuation">:</span> keyboard <span class="token punctuation">.</span> press <span class="token punctuation">(</span> Key <span class="token punctuation">.</span> right <span class="token punctuation">)</span> keyboard <span class="token punctuation">.</span> release <span class="token punctuation">(</span> Key <span class="token punctuation">.</span> right <span class="token punctuation">)</span> time <span class="token punctuation">.</span> sleep <span class="token punctuation">(</span> <span class="token number">0.1</span> <span class="token punctuation">)</span> logsize <span class="token operator">=</span> <span class="token builtin">len</span> <span class="token punctuation">(</span> press_list <span class="token punctuation">)</span> i <span class="token operator">=</span> <span class="token number">0</span> <span class="token keyword">while</span> <span class="token punctuation">(</span> i <span class="token operator"><</span> logsize <span class="token operator">-</span> <span class="token number">1</span> <span class="token punctuation">)</span> <span class="token punctuation">:</span> times <span class="token operator">=</span> <span class="token number">1</span> kcode <span class="token operator">=</span> press_list <span class="token punctuation">[</span> i <span class="token punctuation">]</span> <span class="token punctuation">[</span> <span class="token number">1</span> <span class="token punctuation">]</span> <span class="token keyword">while</span> <span class="token punctuation">(</span> kcode <span class="token operator">==</span> press_list <span class="token punctuation">[</span> i <span class="token operator">+</span> <span class="token number">1</span> <span class="token punctuation">]</span> <span class="token punctuation">[</span> <span class="token number">1</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">:</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token builtin">int</span> <span class="token punctuation">(</span> press_list <span class="token punctuation">[</span> i <span class="token operator">+</span> <span class="token number">1</span> <span class="token punctuation">]</span> <span class="token punctuation">[</span> <span class="token number">0</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token operator">-</span> <span class="token builtin">int</span> <span class="token punctuation">(</span> press_list <span class="token punctuation">[</span> i <span class="token punctuation">]</span> <span class="token punctuation">[</span> <span class="token number">0</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token operator">></span> <span class="token number">1000</span> <span class="token punctuation">)</span> <span class="token punctuation">:</span> <span class="token keyword">break</span> times <span class="token operator">+=</span> <span class="token number">1</span> i <span class="token operator">+=</span> <span class="token number">1</span> i <span class="token operator">+=</span> <span class="token number">1</span> kcode <span class="token operator">=</span> <span class="token builtin">int</span> <span class="token punctuation">(</span> kcode <span class="token punctuation">)</span> <span class="token keyword">print</span> <span class="token punctuation">(</span> i <span class="token punctuation">,</span> <span class="token string">' '</span> <span class="token punctuation">,</span> kcode <span class="token punctuation">,</span> <span class="token string">' '</span> <span class="token punctuation">,</span> times <span class="token punctuation">)</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> kcode <span class="token operator">==</span> <span class="token number">11</span> <span class="token punctuation">)</span> <span class="token punctuation">:</span> <span class="token keyword">print</span> <span class="token punctuation">(</span> <span class="token string">'T9 <-> ABC ???'</span> <span class="token punctuation">)</span> <span class="token keyword">elif</span> <span class="token punctuation">(</span> kcode <span class="token operator">>=</span> <span class="token number">100</span> <span class="token punctuation">)</span> <span class="token punctuation">:</span> pressMov <span class="token punctuation">(</span> kcode <span class="token punctuation">,</span> times <span class="token punctuation">)</span> <span class="token keyword">else</span> <span class="token punctuation">:</span> pressNum <span class="token punctuation">(</span> kcode <span class="token punctuation">,</span> times <span class="token punctuation">)</span> <span class="token triple-quoted-string string">''' OUTPUT: alright pal heres ye flag good luck entering it with those hooves lol its aotw{l3ts_dr1nk_s0m3_eggn0g_y0u_cr4zy_d33r}0m.. .l ,p '''</span> |
In the analysis I also talked about the Nokia 7110 only has scroll bars instead of 4 navigation keys. The effect of that bar is actually in place of 2 left – right navigation keys. Scrolling the cursor will move to the left, scroll down the cursor will move to the right.
In addition to typing the wrong, it must be deleted again, this time the MENU_RIGHT key (key code = 101) will correspond to the Backspace key on the computer keyboard.
Keycode | 7110 | Keyboard |
---|---|---|
101 | MENU_RIGHT | Backspace |
102 | MENU_UP | Left |
103 | MENU_DOWN | Right |
I still don't know what the keycode = 11 (Convert T9 <-> ABC) for, nor does it affect the flag
Capitalize aotw flag: AOTW {l3ts_dr1nk_s0m3_eggn0g_y0u_cr4zy_d33r}