Open denisbsu opened 8 years ago
I'm also looking for this too.
If anyone has the original firmware floating around, I'd really appreciate a copy too!
Here's the link to the firmware download https://community.logitech.com/s/question/0D531000055gw8YCAQ
I was unable to get the firmware extracted. When I run it nothing happens.
Same problem here, can't get back to old firmware through logitech page. I think we need .hex firmware image.
Here the are, found it under ProgramData inside Windows RQR_012_007_00029.hex http://www112.zippyshare.com/v/Z0cVxtTK/file.html RQR_024_005_00029.hex http://www112.zippyshare.com/v/Cj6TLcbZ/file.html
Thank you for sharing download page. how to use .hex file? I've faced maybe the same problem that I can't update unifying receiver firmware. thank you in advance
@eikaf Thank you for your answer fast. what you answered seems the way to adapt to linux like, right? I want to upgrade a receiver's firmware with windows 7. Do you know how to do?
I don't think you can, probably you should try cgiwin but I don't recommend you doing that. You can try to restore firmware with Logitech tool. But I did not managed to do that. In case let us know.
@eikaf hm.. actually when I change my M705 mouse to another M705, It's ok the reason why I wanna update receiver firmware is problem of scrolling web browser. It means the receiver (I didn't change receiver) pairs another M705. after then, I came back using previous M705 mouse that is before change. It works well.............. so strange! so I've stopped updating firmware. but I'm still giving you thanks.
you can open the the exes with 7zip and extract the file .rsrc\2048\FILES\137 , that'll be your firmware only thing i didnt know is how do you know which version of the firmware you need? i jumped the gun and didnt check before flashing the mousejack firmware :x
Does anyone have an old image, so, I can revert to the older, insecure RQR12.01_B0019 firmware?
Necro alert, but still pertinent.
The patched RQR12.07.B0029 as well as the insecure RQR12.05.B0028 can be found on github. https://github.com/Logitech/fw_updates
Necro alert, but still pertinent.
The patched RQR12.07.B0029 as well as the insecure RQR12.05.B0028 can be found on github. https://github.com/Logitech/fw_updates
Are you sure? I don't think so. The release notes (https://github.com/Logitech/fw_updates/blob/master/RQR12/RQR12.05/RQR12.05_B0028.txt) say it's patched and I cannot get jackit to work with this version.
Here the are, found it under ProgramData inside Windows RQR_012_007_00029.hex http://www112.zippyshare.com/v/Z0cVxtTK/file.html RQR_024_005_00029.hex http://www112.zippyshare.com/v/Cj6TLcbZ/file.html
Here's the link to the firmware download https://community.logitech.com/s/question/0D531000055gw8YCAQ
I was unable to get the firmware extracted. When I run it nothing happens.
These links are expired unfortunatley. Can someone share an old fw please? I'm kicking myself bc I had a vulnerable mouse and then I loaded the nordicresearch image onto it without backing up the old image. Can't find it now. :(
I have the same problem , I cant find an old vulnerable firmware
from this git https://github.com/xwings/tuya/tree/master/talks/mousejack/logitech%20firmware
The RQR_012_005_00028.hex make my dongle work , but its not vulnerable
And if i extract from RQR_024_003_00027.exe = RQR_024_003_00027.rsrc\2048\FILES\137 when i flash it , it show as boot loader and the mouse doesnt work
If anyone have an old firmware please upload
Yes I also extracted RQR_024_003_00027.hex from RQR_024_003_00027.exe using "strings RQR_024_003_00027.exe > RQRstrings.txt" and then just erasing all but the hex for the fw and also just got a bootloader. only the RQR012 images seem to work for my receiver but none are vulnerable to keystroke injection. I've also tried all the fw images on the fw_updates github from Logitech and none vulnerable.
This is for a receiver that I had tested and confirmed vulnerable several times just hours before so I am fairly certain that it is not human error on my part.
Hopefully someone is willing to share a vulnerable image and if nothing else I'll put it up on my github for future researchers.
Anyone knows a way or software to actually dump the firmware of an existing vulnerable dongle ?
@snoremaster3000 i end up buying a dongle on amazon https://www.amazon.ca/gp/product/B01LYFI2LN/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1
it work , its on 025.
@snoremaster3000 i end up buying a dongle on amazon https://www.amazon.ca/gp/product/B01LYFI2LN/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1
it work , its on 025.
That's too funny. Their stock is that old. I also found another vulnerable receiver and was able to dump the firmware off of it using logitech-usb-backup.py (can't find this tool in the github anymore for some reason) https://drive.google.com/open?id=1ed3xF_QWFSG8FJqvf3dAIAkMe3sX-1DK
It saved the firmware in binary format which I dont think will work. It needs some extra bytes added to the beginning too and I don't have time to figure it out at the moment but I will post what I have in case I never get around to it.
Definitely vulnerable https://drive.google.com/open?id=1PakgwcuM2IVsDIDid-tXnsXQP7_0kZlo
Probably vulnerable(didn't have time to test this receiver but judging by the release version I would say it probably vulnerable) https://drive.google.com/open?id=1TuCDm6zq2Ugrh03abzNSriaJL-PMtKfk
Necro alert again, but still relevant.
I'v tried the logitech-usb-backup.py
on my unpatched device, it works. At least it extract some data from the device, but I would be very surprised if you can re-flash it as is. It's very different from the Logitech published firmwares and some data it's definitely missing.
@snoremaster3000 how did you manage to find the firmwares you uploaded ?
I have this device, but I would like to dump the vulnerable firmware before patching:
Current version: RQR12.03_B0025
Bootloader Version: BOT01.02_B0015
Btw the tool logitech-usb-backup.py
is still available on github in older commits, they have removed it from the master's HEAD :
https://github.com/BastilleResearch/nrf-research-firmware/commit/80ea8288cf3931365c86d599fd3de772cf993b90
I'm interested if anyone can show a way to properly dump the entire firmware.
Update: You can dump the firmware with https://github.com/mame82/munifying
Steps to reproduce:
git clone https://github.com/mame82/munifying
cd munifying
go build
./munifying dumpnordic
Hi,
Any idea how I can analyze the contents of the firmware? What architecture etc? I'm trying to understand how the AES counter works https://github.com/RoganDawes/LOGITacker/issues/55#issuecomment-617739408
Thank you.
Is there a way to get any .hex version (12 or 24) of Logitech Unifying firmware without Windows installation?