Thursday, May 9, 2019

Using scan codes to instrument VMs (VirtualBox)

I will try make this blogpost KISS. This is a feature that I came across during one of my projects and that saved my ass. The feature is present in VirtualBox although there is not much you can find out there regarding it's usage: Sending keyboard inputs.

This feature doesn't require guest additions or anything aside from having a keyboard attached to our VM, and it is OS agnostic. The commands regarding this feature are:

keyboardputscancode <hex> [<hex> …] | Sends input via scan codes.

keyboardputstring <string1> [<string2> …] | Sends a string 

keyboardputfile <filename> | Sends input strings included in a file.

The last two are very straightforward, you write your string and that's it. But… What if you want to press enter? What if you want to press the SHIFT keys? What if you want to press the Windows Key or do key combinations…?

So, for the scan codes, I took a quick look at this link and learned about the basic ones. What's most important about this, is that whatever key you send (press) you will also have to release it.

The way releases are calculated is by adding 0x80 to the key-press. Let's take the ENTER key as an example:


0x1c (ENTER) - Press

+ 0x80

0x9C (ENTER) - Release

Easy isn't it? Let's see an example in action:

The example consists of opening a cmd.exe window, closing it, and opening wikipedia.org with internet explorer.

To automate this, I coded a python script that allows users to send inputs to the VMs of their choice. You can find it here https://github.com/ineedblood/virtualbox_keyboard 

Resources

Repository: https://github.com/ineedblood/virtualbox_keyboard

Scan codes: https://www.win.tue.nl/~aeb/linux/kbd/scancodes-1.html

No comments:

Post a Comment

Zanubis updates their list of targets, author nickname

 In recent changes the actors behind the Zanubis banking trojan have broadened their list of targets: The basic configuration has been updat...