Active Topics
-
Porting apps to Leste (29)
to Maemo 7 / Leste by Arno_11 - 1 day, 7 hrs ago -
Install Fonts in N900 (68)
to Maemo 5 / Fremantle by teroyk - 2 days, 10 hrs ago - more...
 |
|
2009-07-16
, 11:29
|
|
Posts: 4,930 |
Thanked: 2,272 times |
Joined on Oct 2007
|
#22
|
Originally Posted by deeteroderdas
They aren't, at least not directly; the mouse movements are. But since the computer can translate the data coming over the mouse line into characters, the only question is: what state information is your computer using to make that translation that the attacker doesn't have, and how hard is it for them to guess?
Sorry, still don't get it. If I install an On Screen Keyboard, and click the characters with a mouse, AT or PS/2, how are those characters getting transmitted across the serial link?
Initial cursor position, but that's controlled once the user has made a move long enough to bump one edge of the screen. Screen resolution, as mentioned, matters, but in practice can be reduced to a short list instead of all possible dimensions. I guess acceleration could mess things up, if you use it, but odds are trying various minimum and maximum settings from different desktops would get it. So you've got absolute positions of all clicks. (How to know when you've got these accurate? Analyze patterns; for example, the Windows taskbar is normally at the bottom of the screen, and you should see some activity there if you've got the height right. Compare ones that bounced off the bottom limit to ones coming directly from the top limit; they should match up. In general, look for clustered clicks coming from the top, and corresponding clusters from the bottom, and similarly left and right.)
Now to convert the click-list to keypresses, the entire code of the OSK in use is involved, but given only a handful of these in common use, you can assume they have that, and just need to guess which one is running. Location on-screen, and (if configurable) key pitch? You can estimate these from a bunch of click data, and the results will help confirm the OSK & layout; frequency analysis of the proposed keys will allow you to distinguish geometrically similar layouts (e.g. QWERTY vs. Dvorak). Now you should be able to translate large periods of of the click-list into text, some of which should be identifiable natural language; at this point, you know you've got everything right; start looking for passwords or whatever sensitive info was desired.
__________________
World's first inductively-charged N900!
World's first inductively-charged N900!
 |
|
2009-07-16
, 12:03
|
|
Posts: 274 |
Thanked: 62 times |
Joined on Jul 2007
@ Helotes, TX
|
#23
|
Benson,
Thanks for the explanation!
Thanks for the explanation!
__________________
Mitch Thompson, Helotes, TX USA
N800|2x 16GB SDHC|PDAir case|i737 BT GPS
"There are two major products that come out of Berkeley: LSD and BSD. We don't believe this to be a coincidence. " - Jeremy S. Anderson
N800|2x 16GB SDHC|PDAir case|i737 BT GPS
"There are two major products that come out of Berkeley: LSD and BSD. We don't believe this to be a coincidence. " - Jeremy S. Anderson
maemo.org profile