Path: blob/master/payloads/library/remote_access/duckNet/Encoder/src/Encoder.java
3020 views
// File: Encoder.java1// Created: 8/10/20112// Original Author:Jason Appelbaum [email protected]3// Author: Dnucna4// Modified: 8/18/20125// Modified: 11/9/2013 midnitesnake "added COMMAND-OPTION"6// Modified: 1/3/2013 midnitesnake "added COMMAND"7// Modified: 1/3/2013 midnitesnake "added REPEAT X"8// Modified: 2/5/2013 midnitesnake "added ALT-SHIFT"9// Modified: 4/18/2013 midnitesnake "added more user feedback"10// Modified: 5/2/2013 midnitesnake "added skip over empty lines"11// Modified: 1/12/2014 Benthejunebug "added ALT-TAB"12// Modified: 9/13/2016 rbeede "added STRING_DELAY n text"1314import java.io.DataInputStream;15import java.io.File;16import java.io.FileInputStream;17import java.io.FileOutputStream;18import java.io.IOException;19import java.io.InputStream;20import java.util.ArrayList;21import java.util.List;2223import javax.swing.text.BadLocationException;24import javax.swing.text.Document;25import javax.swing.text.rtf.RTFEditorKit;2627import java.util.Properties;2829public class Encoder {30/* contains the keyboard configuration */31private static Properties keyboardProps = new Properties();32/* contains the language layout */33private static Properties layoutProps = new Properties();34private static String version = "2.6.4";35private static Boolean debug=false;3637public static void main(String[] args) {38String helpStr = "Hak5 Duck Encoder "+version+"\n\n"39+ "Usage: duckencode -i [file ..]\t\t\tencode specified file\n"40+ " or: duckencode -i [file ..] -o [file ..]\tencode to specified file\n\n"41+ "Arguments:\n"42+ " -i [file ..] \t\tInput File\n"43+ " -o [file ..] \t\tOutput File\n"44+ " -l [file ..] \t\tKeyboard Layout (us/fr/pt or a path to a properties file)\n\n"45+ "Script Commands:\n"46+ " ALT [key name] (ex: ALT F4, ALT SPACE)\n"47+ " CTRL | CONTROL [key name] (ex: CTRL ESC)\n"48+ " CTRL-ALT [key name] (ex: CTRL-ALT DEL)\n"49+ " CTRL-SHIFT [key name] (ex: CTRL-SHIFT ESC)\n"50+ " DEFAULT_DELAY | DEFAULTDELAY [Time in millisecond] (change the delay between each command)\n"51+ " DELAY [Time in millisecond] (used to overide temporary the default delay)\n"52+ " GUI | WINDOWS [key name] (ex: GUI r, GUI l)\n"53+ " REM [anything] (used to comment your code, no obligation :) )\n"54+ " ALT-SHIFT (swap language)\n"55+ " SHIFT [key name] (ex: SHIFT DEL)\n"56+ " STRING [any character of your layout]\n"57+ " STRING_DELAY [Number] [any character of your layout] (Number is ms delay between each character)\n"58+ " REPEAT [Number] (Repeat last instruction N times)\n"59+ " [key name] (anything in the keyboard.properties)";6061String inputFile = null;62String outputFile = null;63String layoutFile = null;6465if (args.length == 0) {66System.out.println(helpStr);67System.exit(0);68}6970for (int i = 0; i < args.length; i++) {71if (args[i].equals("--gui") || args[i].equals("-g")) {72System.out.println("Launch GUI");73} else if (args[i].equals("--help") || args[i].equals("-h")) {74System.out.println(helpStr);75} else if (args[i].equals("-i")) {76// encode file77inputFile = args[++i];78} else if (args[i].equals("-o")) {79// output file80outputFile = args[++i];81} else if (args[i].equals("-l")) {82// output file83layoutFile = args[++i];84} else if (args[i].equals("-d")) {85// output file86debug=true;87} else {88System.out.println(helpStr);89break;90}91}9293System.out.println("Hak5 Duck Encoder "+version+"\n");9495if (inputFile != null) {96String scriptStr = null;9798if (inputFile.contains(".rtf")) {99try {100FileInputStream stream = new FileInputStream(inputFile);101RTFEditorKit kit = new RTFEditorKit();102Document doc = kit.createDefaultDocument();103kit.read(stream, doc, 0);104105scriptStr = doc.getText(0, doc.getLength());106System.out.println("Loading RTF .....\t\t[ OK ]");107} catch (IOException e) {108System.out.println("Error with input file!");109} catch (BadLocationException e) {110System.out.println("Error with input file!");111}112113} else {114DataInputStream in = null;115try {116File f = new File(inputFile);117byte[] buffer = new byte[(int) f.length()];118in = new DataInputStream(new FileInputStream(f));119in.readFully(buffer);120scriptStr = new String(buffer);121System.out.println("Loading File .....\t\t[ OK ]");122} catch (IOException e) {123System.out.println("Error with input file!");124} finally {125try {126in.close();127} catch (IOException e) { /* ignore it */128}129}130}131loadProperties((layoutFile == null) ? "us" : layoutFile);132133encodeToFile(scriptStr, (outputFile == null) ? "inject.bin"134: outputFile);135}136137}138139private static void loadProperties (String lang){140InputStream in;141ClassLoader loader = ClassLoader.getSystemClassLoader ();142try {143in = loader.getResourceAsStream("keyboard.properties");144if(in != null){145keyboardProps.load(in);146in.close();147System.out.println("Loading Keyboard File .....\t[ OK ]");148}else{149System.out.println("Error with keyboard.properties!");150System.exit(0);151}152} catch (IOException e) {153System.out.println("Error with keyboard.properties!");154}155156try {157in = loader.getResourceAsStream(lang + ".properties");158if(in != null){159layoutProps.load(in);160in.close();161System.out.println("Loading Language File .....\t[ OK ]");162}else{163if(new File(lang).isFile()){164layoutProps.load(new FileInputStream(lang));165System.out.println("Loading Language File .....\t[ OK ]");166} else{167System.out.println("External layout.properties non found!");168System.exit(0);169}170}171} catch (IOException e) {172System.out.println("Error with layout.properties!");173System.exit(0);174}175176}177private static void encodeToFile(String inStr, String fileDest) {178179inStr = inStr.replaceAll("\\r", ""); // CRLF Fix180String[] instructions = inStr.split("\n");181String[] last_instruction = inStr.split("\n");182List<Byte> file = new ArrayList<Byte>();183int defaultDelay = 0;184int loop =0;185boolean repeat=false;186System.out.println("Loading DuckyScript .....\t[ OK ]");187if(debug) System.out.println("\nParsing Commands:");188for (int i = 0; i < instructions.length; i++) {189try {190boolean delayOverride = false;191String commentCheck = instructions[i].substring(0, 2);192if (commentCheck.equals("//"))193continue;194if (instructions[i].equals("\n"))195continue;196String[] instruction = instructions[i].split(" ", 2);197198if(i>0){199last_instruction=instructions[i-1].split(" ", 2);200last_instruction[0].trim();201if (last_instruction.length == 2) {202last_instruction[1].trim();203}204}else{205last_instruction=instructions[i].split(" ", 2);206last_instruction[0].trim();207if (last_instruction.length == 2) {208last_instruction[1].trim();209}210}211212instruction[0].trim();213214if (instruction.length == 2) {215instruction[1].trim();216}217218if (instruction[0].equals("REM")){219continue;220}221if (instruction[0].equals("REPEAT")){222loop=Integer.parseInt(instruction[1].trim());223repeat=true;224}else{225repeat=false;226loop=1;227}228while(loop>0){229if (repeat){230instruction=last_instruction;231//System.out.println(Integer.toString(instruction.length));232}233if (debug) System.out.println(java.util.Arrays.toString(instruction));234if (instruction[0].equals("DEFAULT_DELAY")235|| instruction[0].equals("DEFAULTDELAY")) {236defaultDelay = Integer.parseInt(instruction[1].trim());237delayOverride = true;238} else if (instruction[0].equals("DELAY")) {239int delay = Integer.parseInt(instruction[1].trim());240while (delay > 0) {241file.add((byte) 0x00);242if (delay > 255) {243file.add((byte) 0xFF);244delay = delay - 255;245} else {246file.add((byte) delay);247delay = 0;248}249}250delayOverride = true;251} else if (instruction[0].equals("STRING")) {252for (int j = 0; j < instruction[1].length(); j++) {253char c = instruction[1].charAt(j);254addBytes(file,charToBytes(c));255}256} else if (instruction[0].equals("STRING_DELAY")) {257final String[] twoOptions = instruction[1].split(" ", 2);258final int delayMillis = Integer.parseInt(twoOptions[0].trim());259final String userText = twoOptions[1].trim();260261if(debug) System.out.println(delayMillis);262if(debug) System.out.println(userText);263264for (int j = 0; j < userText.length(); j++) {265char c = userText.charAt(j);266addBytes(file,charToBytes(c));267268// Now insert the delay before the next character (and after the last is provided)269for(int counter = delayMillis; counter > 0; counter -= 0xFF) {270file.add((byte) 0x00);271if(counter > 0xFF) {272file.add((byte) 0xFF);273} else {274file.add((byte) counter); // Last one275}276}277}278} else if (instruction[0].equals("CONTROL")279|| instruction[0].equals("CTRL")) {280if (instruction.length != 1){281file.add(strInstrToByte(instruction[1]));282file.add(strToByte(keyboardProps.getProperty("MODIFIERKEY_CTRL")));283} else {284file.add(strToByte(keyboardProps.getProperty("KEY_LEFT_CTRL")));285file.add((byte) 0x00);286}287} else if (instruction[0].equals("ALT")) {288if (instruction.length != 1){289file.add(strInstrToByte(instruction[1]));290file.add(strToByte(keyboardProps.getProperty("MODIFIERKEY_ALT")));291} else {292file.add(strToByte(keyboardProps.getProperty("KEY_LEFT_ALT")));293file.add((byte) 0x00);294}295} else if (instruction[0].equals("SHIFT")) {296if (instruction.length != 1) {297file.add(strInstrToByte(instruction[1]));298file.add(strToByte(keyboardProps.getProperty("MODIFIERKEY_SHIFT")));299} else {300file.add(strToByte(keyboardProps.getProperty("KEY_LEFT_SHIFT")));301file.add((byte) 0x00);302}303} else if (instruction[0].equals("CTRL-ALT")) {304if (instruction.length != 1) {305file.add(strInstrToByte(instruction[1]));306file.add((byte) (strToByte(keyboardProps.getProperty("MODIFIERKEY_CTRL"))307| strToByte(keyboardProps.getProperty("MODIFIERKEY_ALT"))));308} else {309continue;310}311} else if (instruction[0].equals("CTRL-SHIFT")) {312if (instruction.length != 1) {313file.add(strInstrToByte(instruction[1]));314file.add((byte) (strToByte(keyboardProps.getProperty("MODIFIERKEY_CTRL"))315| strToByte(keyboardProps.getProperty("MODIFIERKEY_SHIFT"))));316} else {317continue;318}319} else if (instruction[0].equals("COMMAND-OPTION")) {320if (instruction.length != 1) {321file.add(strInstrToByte(instruction[1]));322file.add((byte) (strToByte(keyboardProps.getProperty("MODIFIERKEY_KEY_LEFT_GUI"))323| strToByte(keyboardProps.getProperty("MODIFIERKEY_ALT"))));324} else {325continue;326}327} else if (instruction[0].equals("ALT-SHIFT")) {328if (instruction.length != 1) {329file.add(strInstrToByte(instruction[1]));330file.add((byte) (strToByte(keyboardProps.getProperty("MODIFIERKEY_LEFT_ALT"))331| strToByte(keyboardProps.getProperty("MODIFIERKEY_SHIFT")))332);333} else {334file.add(strToByte(keyboardProps.getProperty("KEY_LEFT_ALT")));335file.add((byte) (strToByte(keyboardProps.getProperty("MODIFIERKEY_LEFT_ALT"))336| strToByte(keyboardProps.getProperty("MODIFIERKEY_SHIFT")))337);338}339} else if (instruction[0].equals("ALT-TAB")){340if (instruction.length == 1) {341file.add(strToByte(keyboardProps.getProperty("KEY_TAB")));342file.add(strToByte(keyboardProps.getProperty("MODIFIERKEY_LEFT_ALT")));343} else{344// do something?345}346} else if (instruction[0].equals("REM")) {347/* no default delay for the comments */348delayOverride = true;349continue;350} else if (instruction[0].equals("WINDOWS")351|| instruction[0].equals("GUI")) {352if (instruction.length == 1) {353file.add(strToByte(keyboardProps.getProperty("MODIFIERKEY_LEFT_GUI")));354file.add((byte) 0x00);355} else {356file.add(strInstrToByte(instruction[1]));357file.add(strToByte(keyboardProps.getProperty("MODIFIERKEY_LEFT_GUI")));358}359} else if (instruction[0].equals("COMMAND")){360if (instruction.length == 1) {361file.add(strToByte(keyboardProps.getProperty("KEY_COMMAND")));362file.add((byte) 0x00);363} else {364file.add(strInstrToByte(instruction[1]));365file.add(strToByte(keyboardProps.getProperty("MODIFIERKEY_LEFT_GUI")));366}367}else {368/* treat anything else as a key */369file.add(strInstrToByte(instruction[0]));370file.add((byte) 0x00);371}372loop--;373}374// Default delay375if (!delayOverride & defaultDelay > 0) {376int delayCounter = defaultDelay;377while (delayCounter > 0) {378file.add((byte) 0x00);379if (delayCounter > 255) {380file.add((byte) 0xFF);381delayCounter = delayCounter - 255;382} else {383file.add((byte) delayCounter);384delayCounter = 0;385}386}387}388}catch (StringIndexOutOfBoundsException e){389//do nothing390}391catch (Exception e) {392System.out.println("Error on Line: " + (i + 1));393e.printStackTrace();394}395}396397// Write byte array to file398byte[] data = new byte[file.size()];399for (int i = 0; i < file.size(); i++) {400data[i] = file.get(i);401}402try {403File someFile = new File(fileDest);404FileOutputStream fos = new FileOutputStream(someFile);405fos.write(data);406fos.flush();407fos.close();408System.out.println("DuckyScript Complete.....\t[ OK ]\n");409} catch (Exception e) {410System.out.print("Failed to write hex file!");411}412413}414415private static void addBytes(List<Byte> file, byte[] byteTab){416for(int i=0;i<byteTab.length;i++)417file.add(byteTab[i]);418if(byteTab.length % 2 != 0){419file.add((byte) 0x00);420}421}422423private static byte[] charToBytes (char c){424return codeToBytes(charToCode(c));425}426private static String charToCode (char c){427String code;428if(c<128){429code = "ASCII_"+Integer.toHexString(c).toUpperCase();430}else if (c<256){431code = "ISO_8859_1_"+Integer.toHexString(c).toUpperCase();432}else{433code = "UNICODE_"+Integer.toHexString(c).toUpperCase();434}435return code;436}437438private static byte[] codeToBytes (String str){439if(layoutProps.getProperty(str) != null){440String keys[] = layoutProps.getProperty(str).split(",");441byte[] byteTab = new byte[keys.length];442for(int j=0;j<keys.length;j++){443String key = keys[j].trim();444if(keyboardProps.getProperty(key) != null){445byteTab[j] = strToByte(keyboardProps.getProperty(key).trim());446}else if(layoutProps.getProperty(key) != null){447byteTab[j] = strToByte(layoutProps.getProperty(key).trim());448}else{449System.out.println("Key not found:"+key);450byteTab[j] = (byte) 0x00;451}452}453return byteTab;454}else{455System.out.println("Char not found:"+str);456byte[] byteTab = new byte[1];457byteTab[0] = (byte) 0x00;458return byteTab;459}460}461private static byte strToByte(String str) {462if(str.startsWith("0x")){463return (byte)Integer.parseInt(str.substring(2),16);464}else{465return (byte)Integer.parseInt(str);466}467}468469private static byte strInstrToByte(String instruction){470instruction = instruction.trim();471if(keyboardProps.getProperty("KEY_"+instruction)!=null)472return strToByte(keyboardProps.getProperty("KEY_"+instruction));473/* instruction different from the key name */474if(instruction.equals("ESCAPE"))475return strInstrToByte("ESC");476if(instruction.equals("DEL"))477return strInstrToByte("DELETE");478if(instruction.equals("BREAK"))479return strInstrToByte("PAUSE");480if(instruction.equals("CONTROL"))481return strInstrToByte("CTRL");482if(instruction.equals("DOWNARROW"))483return strInstrToByte("DOWN");484if(instruction.equals("UPARROW"))485return strInstrToByte("UP");486if(instruction.equals("LEFTARROW"))487return strInstrToByte("LEFT");488if(instruction.equals("RIGHTARROW"))489return strInstrToByte("RIGHT");490if(instruction.equals("MENU"))491return strInstrToByte("APP");492if(instruction.equals("WINDOWS"))493return strInstrToByte("GUI");494if(instruction.equals("PLAY") || instruction.equals("PAUSE"))495return strInstrToByte("MEDIA_PLAY_PAUSE");496if(instruction.equals("STOP"))497return strInstrToByte("MEDIA_STOP");498if(instruction.equals("MUTE"))499return strInstrToByte("MEDIA_MUTE");500if(instruction.equals("VOLUMEUP"))501return strInstrToByte("MEDIA_VOLUME_INC");502if(instruction.equals("VOLUMEDOWN"))503return strInstrToByte("MEDIA_VOLUME_DEC");504if(instruction.equals("SCROLLLOCK"))505return strInstrToByte("SCROLL_LOCK");506if(instruction.equals("NUMLOCK"))507return strInstrToByte("NUM_LOCK");508if(instruction.equals("CAPSLOCK"))509return strInstrToByte("CAPS_LOCK");510/* else take first letter */511return charToBytes(instruction.charAt(0))[0];512}513}514515516