This was a really fun exercise and a lesson to be taught, that USB keyboard keystrokes can be captured as a pcap file.
Originally, I was stumped, and looked online to find this original keymapper
The original keystroke mapper was pretty shoddy and did not consider CAPITALIZED characters. A better solution I found here better keymapper
First use tshark to strip out only the keyscans
tshark -r deadly_arthropod.pcap -T fields -e usb.capdata > keystrokes.txt
When you program the script and run it the first time, make sure you clear out empty whitespaces from the capture file with the cat keystrokes.txt | awk 'NF' > pipe;cat pipe > keystrokes.txt command. Otherwise the script will throw an error as it does not interpret empty lines.
Originally I received two faux keys and one final string of gibberish that I did not understand.
[email protected]
Th1sC0uldB3MyR3alP@ssw0rd
QK<>.<<<5<<{>ck>'>>b0<<<<<<<<<I<<<>f>>>>>>>>>>>>}<.<.<<<<3<<<<<<<<u<<t>>a<<<<<<<<<>>>>>>>>>>>>>t>5<<>>_>>>>>a<<<<<>>>>>d<<<>>r
You're not done yet. On line 3, follow the keystrokes, '<' is left arrow, and '>' is right arrow. If you did it correctly, you will find the key as:
HTB{If_It_Quack5_It'5_a_K3yb0ard...}
Submit it and get your points!
This was a very fun exercise and I enjoyed it, particularly how pcap file formats can be used to capture keystrokes as well.
There were at least two public sources of Hacking/Cybersecurity CTF match write-ups to cite from. If you use my second script translate_attempt_2.py you will get the same result and properly register CAPITALIZED letters that were missing in the first script. Registering the [shift] key is critical to solving the challenge. Be patient with the left and right arrows, following them closely will reveal the typed out flag.