Snooping Wireless Keyboards

[Xzin]

http://www.hackaday.com/2007/12/02/w...asily-cracked/

People at Dreamlab have managed to crack the encryption on Microsoft's Wireless Optical Desktop 1000 and 2000 products (and possibly more). Analyzing the protocol they found out that meta keys like shift and ALT are transmitted in cleartext. The "encryption" used on each regular keystroke involves XORing the key against a random one byte value determined during the initial sync with the receiver. So, if you sniff the handshake, you can decrypt the keystrokes. You really don't have to though; there are only 256 possible encryption keys. Using a dictionary file you can check all possible keys and determine the correct one after only receiving 20-50 keystrokes.

This could be used "for good" to box with. Not sure the practical use though.

[Xzin]

"The reason for the limited reception range is that receivers use pathetically small, internal antennas: Mine was about 1/32 wavelength. With a full wave antenna or directional antenna, you can easily pick them up from outside a building. After I added a larger (1/4 or 1/8 wave) antenna to my receiver, I could type with my keyboard outside the house."

So, in theory one could hack the receivers to make them bigger and perhaps account for drift and make them more reliable at anything further than 2 or 3 feet.