BlueZ security patch breaks Joy-Con connections

DanielOgorchock / joycond

userspace daemon to combine joy-cons from the hid-nintendo kernel driver

GNU General Public License v3.0

338 stars 68 forks source link

BlueZ security patch breaks Joy-Con connections #134

Closed applecuckoo closed 6 months ago

applecuckoo commented 7 months ago

A recently uncovered flaw in the Bluetooth protocol (CVE-2023-45866) has shown that an unauthenticated Bluetooth connection allows the injection of malicious keystrokes. If you want to read up on that flaw, you can click here for a write-up from the discoverer. Down the line, it seems to affect the connection of Joy-Cons to the system.

I had to do a bit of tinkering and rolling back to determine that the patch broke the operation with the Joy-Cons. I'm writing here in the hopes that there is a secure workaround (i.e. using Nintendo's pairing system) to this problem. Otherwise, it might spell the end of Joy-Cons on Linux (and potentially other systems).

EDIT: Seems like the CVE just popped up on the NVD which is making it show up on the full code in the brackets 🚀

DanielOgorchock commented 6 months ago

Oh no! That's a bummer to hear. Yeah I wonder if we can use the usb-based pairing procedure.

applecuckoo commented 6 months ago

Hello! I can confirm that the Pro Controller still works. Maybe I should start a discussion in the BlueZ repo? The maintainer seems to be quite active there.

Edit: I do have a dock that has USB data (it shows up in lsusb). It's this one. Anyways, I meant the bluetooth pairing that the Switch regularly uses to keep the thing connected. No, the pro controller only works via USB.

DanielOgorchock commented 6 months ago

Oh interesting. So pairing the pro controller directly via bluetooth still works but not the joycons?

applecuckoo commented 6 months ago

@DanielOgorchock No, neither controllers work as in Bluetooth can't connect to the controllers. They're connected for a short while, then disconnect suddenly.

hajosattila commented 6 months ago

same here on Arch They're connected for a short while, then disconnect..

applecuckoo commented 6 months ago

Welp, I guess we'll learn more on this vulnerability when ShmooCon rolls around - the researcher who discovered the attack, Marc Newlin, is doing a talk there on the 13th of January next year in the 'Bring It On' set of talks.

applecuckoo commented 6 months ago

Seems like the problem will go away if you pair with the controller, disconnect from it and then reconnect to it again. Closing this issue for now. @hajosattila Feel free to post here if you still need more help.

hajosattila commented 6 months ago

@hajosattila Feel free to post here if you still need more help.

It works perfectly!