Keykeriki


Name: Keykeriki
Type: Hardware and Software
Slides:Our slides from ph-neutral7d9 keykeriki_ph7d9.pdf
Hardware: keykeriki-hw-0.6.tar.gz (Eagle files, partlists, build howto)
Software: keykeriki-release-0.5.2.tar.gz (Software & documentation)
Documentation: See folder "docs" within the download package
License: OpenSource, free for non-commercial use, commercial usage needs special permission
Contact: hardhack@remote-exploit.org


Description:Now 1.5 years after releasing our whitepaper "27Mhz Wireless Keyboard Analysis Report" about wireless keyboard insecurities, we are proud to present the universal wireless keyboard sniffer: Keykeriki. This opensource hardware and software project enables every person to verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose only). The hardware itself is designed to be small and versatile, it can be extended to currently undetected/unknown keyboard traffic, and/or hardware extensions, for example, a repeating module or amplifier

Please note, we will provide pre made PCB's and components very soon at a fair price. Please check back after some time.

See it in action at http://vimeo.com/4990390 if you dont see the video below

Why is there a rooster in the logo for a security device? Kikeriki is the scream of a rooster (English:"cock-a-doodle-doo"). And because the phonetic sound is very similar to the word "Key" the name popped up. Yeah, i I know, it might be stupid but we liked it and already had some good laughs about it.

Hardware About the hardware: Keykeriki is build around the Texas Instruments TRF7900 chip controlled by an ATMEL ATMEGA microcontroller. For logging abilities an SDCard interface is built into the board layout, as well as an additional USART channel for future hardware extensions, that we like to call "backpacks". The whole board can be powered directly via the USB bus or a stable 5V power source. When connected a computer’s USB port, one can use either a decent terminal application or the keyctrl software which is part of included in the software package of this project. One can download all the schematics in eagle and PDF format as part of the projects software package. The following interfaces are available on the board:

  • Mini USB connector (USB to serial + power)
  • SDCard slot
  • External Antenna Connector
  • USART connector for Backpacks

Please note, we currently don't supply pre-fabricated boards (yet). Check back in a few weeks for news about that topic. We are investigating our options to be able to provide ready-made boards for a fair price.

About the Software: Because of the flexible hardware design, most features are built within software. We wanted to provide more than just decoding of the collected data in this initial release, and we have. Please see the following feature list:

  • Radio frequency channel switching
  • Signal strenght (RSSI) display
  • Data logging to SDCard
  • Dumping content of SDCard to terminal
  • Encryption key handling
  • On-the-fly deciphering of Microsoft's XOR based encryption
  • Hardware signal filter state configuration
  • Feature state configuration incl. persistent storage
  • Activation and usage of backpack USART interface
  • Sniffing and decoding of keystrokes of Microsoft 27Mhz based keyboards

Please note: the decoding for the Logitech keyboards is known and documented already but not yet implemented within this first release. Check back later to see it soon.

About Backpacks: Keykeriki uses one of the ATMEGA's USART's for interfacing with external hardware extensions. Those "Backpacks" add additional functionality. We are not finished with the design for them, but we are working on the following extensions so far:

  • LCD Backpack - Shows keystrokes on lcd
  • epeater Backpack - Sends the keystrokes using GPRS or other radio transmission
  • Iphone interface

Video: An early prototype LCD backpack in action





Free Projects