Oct
30

## Hack.lu 2010 CTF Challenge #10 Writeup

#10 – Chip Forensic

To solve this task we have something like this (original image is lost)

and hex string:
0B 12 0F 0F 1C 4A 4C 0D 4D 15 12 0A 08 15.

What we see on image? Some USB device. Those who have seen them on ebay or on other sites knows that it is USB-keylogger. If you see them for first time use image search(e.x. tineye.com) or just guess.

Well, now we know it is keylogger. So hex string might be a log of USB-keyboard protocol. But organizators have simplified this task(. They put in hex string only scan-codes without synchronization signals. So just use table of USB-keyboard scan-codes.

 0B 12 0F 0F 1C 4A 4C 0D 4D 15 12 0A 08 15 H O L L Y Home Delete J End R O G E R

So “JOLLYROGER” was typed.