push3ax / usbairborne Goto Github PK
View Code? Open in Web Editor NEWAn Advanced BadUSB
License: GNU General Public License v3.0
An Advanced BadUSB
License: GNU General Public License v3.0
我非常喜欢您这个开源项目。但是SendString()函数好像有些问题,如果作为一个badusb的hid攻击,SendString()的第二个参数是字符串长度,如果这个参数大于输入的第二个参数会出现一些奇怪的问题。我认为是你的SendString()函数中进行for循环的时候第二个如果参数过大会使得对s这个字符串的操作越位了,进行的操作的数据是这个字符串后面的内存空间的数据,是不可知的。并且我实验证实了这一猜测。
所以SendString()的第二个参数及其重要,我觉得不应该让使用者来填写。应该在SendString()函数中调用strlen()函数并且在得到的值加一得到for循环的次数。
I really like your open source project. But there seems to be something wrong with the SendString() function, if as a badusb hid attack, the second parameter of SendString() is the string length, and if this parameter is larger than the second parameter entered, there will be some strange problems. I think it's the second for loop in your SendString () function that makes the operation on the string s offside if the argument is too large, and the data that is performed is the memory space behind the string, which is unknowable. And my experiment confirmed this hypothesis.
So the second argument to SendString () is so important that I don't think it should be left to the user to fill in. The strlen() function should be called in the SendString () function and the resulting value should be added by one to get the number of for loops.
void SendString(UINT8 *s)
{
UINT8 i;
for(i=0;i<(strlen(s)+1);i++)
{
if( (s[i]>='a')&&(s[i]<='z')){
SendKey(KB_NULL,s[i]-'a'+KB_A);
}else if((s[i]>='A')&&(s[i]<='Z')){
SendKey(KB_LeftShift,s[i]-'A'+KB_A);
}else if((s[i]>='1')&&(s[i]<='9')){
SendKey(KB_NULL,s[i]-'1'+KB_1);
}else{
bad usb普遍能被360检测到
如果能,我想了解其中的原理
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.