USB ripper

Hi, thanks to the comments here, i’ve used the right version of the tool… I’m grateful for that.
Here is my question : does a hash that you can reverse to something looking like a keyboard sequence deserve to dig or is it a rabbit hole ? Any hint would be appreciated

Someone can give me a hint?? I installed usbrip tool, and i get some information with auth.json, but after that what I should do it? could you help me please?
What kind of flag we are looking for?

A little guidance on the cracking portion of this would be nice. I threw the hash into chef and got possible formats. Now I am trying those different hash formats with John the Ripper. Feels like I am going in the wrong direction.

Latest version I got from pip (2.1.4-7) worked fine. Almost faster to do it manually though.
Happy to give cracking hints if anyone needs them.

Done. PM for a help.
Little hint - use rockyou for the last part of the challenge.

Here’s a hint for after you have the v*******n:

The length of your options is important.

Type your comment> @hx47 said:

Type your comment> @davidlightman said:

Using the relevant tool I get a backtrace about wrong timestamp format. Has anyone experienced this issue?

pip3 install usbrip==2.1.3.post3

huge thanks

I like challenge very much at all but i found by my self only one rock group name and after i don’t know what to do i have done everything

Can I get a hint please, feel like I am missing the obvious, I have found a violation event but looking at the surrounding times within syslog doesn’t show me anything and using the PID/VID doesnt seem to bring me any help either so clearly I am missing something :<

Update.

Nevermind sorted, fml.

I’ve found the violation event, the “crack” in what consists PM me please

When I use usbrip to find violations it seems to return way too many results. Do you guys only get one violation back? Im stuck :confused:

i found it using awk,grep,sed but when i “crack” and submit the flag it’s not accepted. Any ideas?

Can someone explain how usbrip found a violation if the same manufacturer ID is it in auth.json? I don’t get it.

btw. is it possible to do it with one command using grep, awk & sed?

Nice challenge but now I must resist the urge to make u*****r faster…

[*] Time taken: 0:08:07.389734

time python3 parse.py

real 0m2.091s
user 0m2.016s
sys 0m0.073s

Nice challenge, learned new tool (and I was lucky enough because the tool works just fine and I had no problem with it, just install, run and found violation).

For the cracking part, I used a well known online service, and it was almost instantaneous.

Tip: this is a lot easier than you expect! Once you get the v*******, what is the easiest thing you can do with it? :wink:

Edit. Nvm. I said f-it on trying to crack it myself I just looked it up instead of cracking first result was correct.

this can be done in a few lines of python + online tool. nice challange though :slight_smile:

any nudge on the “crack” part ?

I’m looking over the tool. I ran the command to pull violations. However I know I’m using the tool wrong as it output my usb devices as the violations. I’m stuck on how to make this work. Can someone PM me a nudge please?