0

I recently bought a small USB device that acts as an "HID keyboard device" (standard USB keyboard)

It has only one key, which is bound to a lowercase 'b'.

I want it to be rebound to something else, and several options come to mind:

  1. Software rebind. Easy and simple, but I don't want to configure each machine I connect the device to.

  2. The device comes with a Windows driver. This has two inconvenients: No support for Linux/BSD/whatever, and the driver MAY be malware (considering the origin of the device, it's a realistic possibility). This driver may however allow the device to be rebound.

  3. Write my own driver. It has the inconvenient of also having to deploy it everywhere, but it could be fun to do :)

  4. Reprogram the device.

I'd like to avoid options 1 and 2. And I would certainly like to do 4, but I don't know if it's possible to reprogram a USB keyboard device to output different keys (it could be simple since the devices has ONLY 1 key).

CLARIFICATION: The device does work on all platforms as a standard USB keyboard does. However, the CD included has a custom driver that can be configured to translate the key to something the user selects

Imanol Barba Sabariego
  • 126
  • 1
  • 7
  • 1
    What do you mean by `considering the origin of the device, it's a realistic possibility`? Where did you get this keyboard? – Arkadiusz Drabczyk Oct 04 '16 at 07:46
  • 1
    In this case it is also possible the keyboard can send keystrokes to perform malicious actions on its own. – Kamil Maciorowski Oct 04 '16 at 07:53
  • I'd rather not make any more commentary about it. It's not far fetched that the drivers contain malware, and that's as much as I'm going to disclose. In fact, I was going to analyze the drivers using windbg on kernel mode... but that's not relevant to the issue :) – Imanol Barba Sabariego Oct 04 '16 at 07:55
  • Kamil, yes it's possible, however, I do suspect the device DRIVERS that came on the packaging not the hardware itself. The hardware is not nearly expensive or sofisticated enough to pull that out. Even if it DID send keystrokes, it just has ONE KEY, so it's pretty useless info – Imanol Barba Sabariego Oct 04 '16 at 07:56
  • But then again, we're deviating from the point – Imanol Barba Sabariego Oct 04 '16 at 07:57
  • 1
    @ImanolBarbaSabariego OK, we're deviating. I just want to let you know the electronics inside may not need a physical button to send `[win+r] iexplore http://infected-website [enter]`, so the number of keys is irrelevant. – Kamil Maciorowski Oct 04 '16 at 08:03
  • I checked the input events using linux, it only sends lowercase 'b'. The hardware is not malicious. The driver MAY very well be – Imanol Barba Sabariego Oct 04 '16 at 08:04
  • 1
    @ImanolBarbaSabariego Or it is a receiver for wireless full keyboard that is in malicious hands nearby. Or it receives orders via mobile network. Or it has a clock and awaits 2 AM to re-register as a hub with keyboard and a dongle from which the said keyboard will try to copy some ransomware. Or it has a capacitor and will fry your motherboard at some point. You cannot rule this out for now. I don't want you to stop using this keyboard; just don't be so sure the hardware is safe, *considering the origin of the device*. :) – Kamil Maciorowski Oct 04 '16 at 08:19
  • @KamilMaciorowski, It has no antenna, nor GSM module, nor emits anything visible on the spectrum analyzer, it has already been plugged on a linux machine, no mobo frying. I CAN rule it out. Considering the origin of the device, as you very well cited, the driver is not trusted. The hardware is because I analyzed it and it has no means to do it, specially since ANY of the things you mention would require it to be MUCH more expensive than it is. – Imanol Barba Sabariego Oct 04 '16 at 08:43
  • Why do you dislike the 'b'? Isn't it just like the famous "anykey"? More, the supplied driver does the remapping. Then what is the problem? – Ale..chenski Oct 05 '16 at 17:10
  • It would interfere with my typing. The driver is Windows only (I want to use it with Linux too) and probably malicious, and it will very likely translate the keypress rather than rebind it in the hardware (I still have to reverse it) – Imanol Barba Sabariego Oct 06 '16 at 10:58

3 Answers3

1

Why don't you build your own? Just take an old Keyboard you are not using, track the keys and rebuild with only the key you want to use! Somethink like this:

One-Key-Keyboard

USB-Keyboard

Or, you can go even further and use a micro controller and some switches to send the signal to whatever key you want to use and write you own driver for the micro controller. Something like that:

KEY ---> Microcontroler ---> Data Bus ---> Keyboard electronic board

edit: Re-programing wouldn't be worth it. It will take you forever for a $2 piece of electronic. Why the letter 'b'? did the manufacturer say anything about that? Can you change this letter using the Driver? The chip in the keyboard in theory is the one sending the string 'b' using RS232. What about a physical USB key-logger?

Joe
  • 663
  • 5
  • 10
  • I sorta just bought it, I would not like to throw it away :_D. I will keep the links though, it looks fun to try – Imanol Barba Sabariego Oct 04 '16 at 08:44
  • Please post your answer once you finish! it would be really interesting to know how you did it :) – Joe Oct 04 '16 at 09:35
  • what about a physical USB keylogger? I don't know.. but instead of logging the key pressed you could potentially change output to your needs... – Joe Oct 05 '16 at 00:56
  • Hmm... Maybe if I reverse-engineer the driver I can see how it changes the bound key **IF** it does so, and not just grab it and translate it on the fly (as I think it does) – Imanol Barba Sabariego Oct 05 '16 at 07:30
0

A software rebinding is the most sensible solution here. Check out autohotkey. It has an entire scripting language, and can do some really interesting things with your arguably bizarre one-key keyboard (Even LONG key combinations - which I can imagine becoming VERY strange and fun): "https://www.autohotkey.com/"

Spooler
  • 432
  • 2
  • 10
  • Yeah, I thought about using AH, but I'd like to avoid it if possible and opt for a multi-platform, no-messing-with-configuration solution – Imanol Barba Sabariego Oct 04 '16 at 08:45
  • 1
    Multi-platform? I thought it didn't work on *nix at all? Well, if you want it to be truly multi-platform, then you're going to have to write a driver for it. That driver can't be more than a few lines of C anyways. What does this creature look like? Can you get a look at its board so you can get to know what ICs its using onboard? Can't be much. – Spooler Oct 04 '16 at 08:48
  • I will check it out as soon as I get home. And yes, it does work on *nix as a standard USB keyboard, sorry for not clarifying – Imanol Barba Sabariego Oct 04 '16 at 08:49
  • Cool, that's way more useful. – Spooler Oct 04 '16 at 08:50
0

If there's a custom driver for Windows that allows reprogramming the device, install usbsnoop or similar software, capture the USB traffic while rebinding it to different keys, figure out the protocol and implement your own rebinding tool or just repeat the traffic under Linux.

If the custom Windows driver just intercepts they key event and substitutes something else, you can do the same under Linux, see e.g. here or here.

As for (4), I'd assume there's some kind of microcontroller on the device, and in principle you should be able to reprogram it given the right tools, but there'll be substantial effort to reverse engineer it first.

Community
  • 1
dirkt
  • 16,421
  • 3
  • 31
  • 37