About the unconventional way to use a computer mouse

On July 7, NeoQUEST-2016 “confrontation” will take place in St. Petersburg. Interesting reports, contests, communication with colleagues are waiting for the guests, and the best participants of the online stage are an eight-hour competition in cybersecurity! In the run-up to the “confrontational rate”, we continue to sort out the tasks of the online stage, and the next step is a task dedicated to the not so typical way of using a computer mouse.

Have you ever thought about how an optical mouse works? It's simple: in the lower part there is a camera that quickly takes pictures of the surface over which the mouse is driven. Comparing the obtained images, the mouse controller calculates the offset. There is a question and more interesting: is it possible to somehow get the image of the surface under the arm? Spoiler: you can! How to do this, tell under the cut!

Initial data

The participant was given a docx file, the text of which contained a certain IP address. First of all, of course, the participants went to this address. This was where the most interesting thing began: some numbers literally fell out on them!


')
Something completely unintelligible! And most importantly, it is not clear what to do with it.

Decision

First, you should carefully examine the docx file. You can notice a curious detail: it weighs 223 kb - a bit too much for a single IP address. It immediately recalls that docx is actually an archive. When you open a file using WinRAR (or another archiver), a pdf file with the first key is found inside. One is, but there must be others.



This file contains the Agilent ADNS-2610 optical sensor specification, in particular, information on how to get an image from under the mouse. It becomes clear that the numbers from the site are pictures taken using the sensor.

The only problem is that, according to the specification, the picture has a size of 18x18, which means it is supposed to be 324 bytes in size (considering that it is black and white). But at a time we get only 243 single-byte numbers. Something does not converge here!

After carefully reading the specification, you can understand that one pixel is encoded not by one byte, but by six bits. This explains the discrepancy: 243/6 = 324/8.

To restore the picture, you could either write an application that receives and processes the data, or change the logic of an existing one. The second method is simpler, so consider it in detail.

We go to the site, open the developer tools and stop the execution of all scripts. Then we insert the canvas element into the page's html-code:



After that, we change the logic of the script: instead of displaying data as text, draw a picture:



Finally, run the script and get the video from the mouse!



By moving the cursor around the screen, you can find the second key. Here, by the way, the whole sheet, on which they “drove” with the mouse:

And something else ...

In this task, the acquisition of data from the optical sensor was simulated. And what about the real mouse? It turns out that with a real mouse, you can take a picture, but with some limitations. First, not all optical sensors are suitable for imaging. Secondly, even if the sensor is suitable, it is necessary to disassemble the mouse and connect a specially programmed board to the sensor. So without serious preparation, snooping through the camera in the mouse is impossible.