Forensic
Monday 3 February 2020, 06:25 #1
Forensic (Homemade Keylogger)
What happen with the flag ? [SPOIL Please do not disclose the flag or part of the flag]
[UPDATE] I used fr keyboard outline as the chall’s setup
[SPOIL]
[SOLVED]
index-2.jpg (JPEG, 5.6 kb)
Thursday 25 February 2021, 17:40 #6
Forensic (Homemade Keylogger)
For those who stuck for hours trying to decode event sream by means of python sample from Stack Overflow (like me)
default "long integer" variable is 8 byte in Linux@64, but 4 byte in Win@64. Details here
So correct code is
“FORMAT = ’QQHHI’
EVENT_SIZE = struct.calcsize(FORMAT)
print("EVENT_SIZE =", EVENT_SIZE)”
"llHHI" gives wrong result on Windows machines, but correct on Linux.