USB ripper

@Dragonware It can’t be decrypted, you have to crack it

@Kougloff I got it! Thank You for the help.

Type your comment> @davidlightman said:

Using the relevant tool I get a backtrace about wrong timestamp format. Has anyone experienced this issue?

yeah; it’s straightforward to edit the python code and get that fixed.

Cheers,

Only thing I get with the tool is:

[*] Started at 2019-08-14 10:14:21
[10:14:21] [INFO] Reading “/home/ant/Downloads/usb-ripper/auth.json”
new: 0.656 seconds
[10:14:21] [INFO] Opening authorized device list: “/home/ant/Downloads/usb-ripper/auth.json”
[10:14:22] [INFO] Searching for violations
[10:14:22] [INFO] Filtering events
[10:14:22] [INFO] No USB violation events found!

Or should i use events open ? Somehow it does nto work, give me several traceback errors on few components… Not sure if I need to edit every component or forumlate my command better…

Finally did this lol… what a mission :slight_smile:

@r0mka

I think it’s better you install another version. I also had problems too.

@Wolfstorm

Is the other version in the same github page ?

It seems that it cannot parse the syslog date format… Not sure if I have to modify script or i have to modify Syslog or i do not need to modify anything… ?

Thanks!

@r0mka

If you have 2.1.3 you pretty much don’t need to do any modifications. It’s a matter of pointing to the correct file(s) within the application’s commands.

If you use the correct commands then you will have the necessary information.

i got a violation events but don’t know which fields should be cracked

edited : I got it !

I think I have the event, (well there a few it could be but only one violation). Anyone want to hint me what and how to crack it, Tried John and RY with no joy on the three hex fields you get out of the tool.
Well I got something (a band name) but nothing that looks like a flag.

And the hint of using 2.1.3 was golden too had issues with the latest release…

The result you get if you do everything correctly is not in the usual flag format iirc, you’ll have to surround it with HTB{} when submitting.

@Gordin Thanks, that worked, if it wasn’t for your reply I’d have assumed I only had part of the solution and kept trying to decrypt all the rest of the data.

@> @GChester said:

@Gordin Thanks, that worked, if it wasn’t for your reply I’d have assumed I only had part of the solution and kept trying to decrypt all the rest of the data.

hi, check your PM please, looking for a tip.

Learned to use a new tool, funny and short challenge

Type your comment> @socialkas said:

Type your comment> @davidlightman said:

Using the relevant tool I get a backtrace about wrong timestamp format. Has anyone experienced this issue?

yeah; it’s straightforward to edit the python code and get that fixed.

Cheers,

Can you give a little more detail on editing the python code? I have 2.1.4-2 can get the time error.

FYI installed via “pip3 install appname”

@Br1a1d said:

Can you give a little more detail on editing the python code? I have 2.1.4-2 can get the time error.

Save yourself time, go back to 2.1.3 and try again…

ugg what an undeeded Hassel on this on… the creator of the tool and challenge did not make their update compatible and now i have to search for older versions…

The only tool that I used was awk, grep and sed.

Hi!
Guys I have some problems with the tool I try all possible version but whole version throws the same problem. Can you recommend another tool?

That hint from will135 only makes sense after cracking, it sent me on a wild goose chase trying to find info on the creator of the box, ignore that hint and get strait on with the task.