Just a question

[bluegizmo83]

I'm gonna buy a mousejack vulnerable wireless keyboard/mouse for testing purposes, so that I can practice attacking it, but I'm not sure which one I should buy. I know there are lists out there of vulnerable keyboards, but I'm looking for what's the best option of those listed keyboards to buy for testing.

Does anyone have a recommendation as to which vulnerable keyboard/mouse to buy?

Also, if I happened to buy one and it comes with an updated firmware that's already patched, can it be downgraded back to a vulnerable state?

[thewasabiguy]

found this on the readme https://github.com/insecurityofthings/jackit/blob/master/README.md

is this what you want?

We have successfully tested with the following hardware:

Microsoft Wireless Keyboard 800 (including keystroke logging) Microsoft Wireless Mouse 1000 Microsoft Wireless Mobile Mouse 3500 Microsoft All-In-One Media Keyboard Microsoft Sculpt Ergonomic Mouse Logitech Wireless Touch Keyboard K400r Logitech Marathon M705 Mouse Logitech Wave M510 Mouse Logitech Wireless Gaming Mouse G700s Logitech Wireless M325 Mouse Logitech K750 Wireless Keyboard Logitech K320 Wireless Keyboard Dell KM636 Wireless Mouse and Keyboard AmazonBasics MG-0975 Wireless Mouse Known to not work with:

Logitech M185 and M187 mice (red unifying dongle C-U0010) All older 27MHz devices, such as: Microsoft Wireless Optical Mouse 2.0 Microsoft Wireless Notebook Optical Mouse 3000 Dell KM632 (on the roadmap) HP wireless devices (on the roadmap) Lenovo wireless devices (on the roadmap)

[bluegizmo83]

found this on the readme https://github.com/insecurityofthings/jackit/blob/master/README.md

is this what you want?

We have successfully tested with the following hardware:

Microsoft Wireless Keyboard 800 (including keystroke logging) Microsoft Wireless Mouse 1000 Microsoft Wireless Mobile Mouse 3500 Microsoft All-In-One Media Keyboard Microsoft Sculpt Ergonomic Mouse Logitech Wireless Touch Keyboard K400r Logitech Marathon M705 Mouse Logitech Wave M510 Mouse Logitech Wireless Gaming Mouse G700s Logitech Wireless M325 Mouse Logitech K750 Wireless Keyboard Logitech K320 Wireless Keyboard Dell KM636 Wireless Mouse and Keyboard AmazonBasics MG-0975 Wireless Mouse Known to not work with:

Logitech M185 and M187 mice (red unifying dongle C-U0010) All older 27MHz devices, such as: Microsoft Wireless Optical Mouse 2.0 Microsoft Wireless Notebook Optical Mouse 3000 Dell KM632 (on the roadmap) HP wireless devices (on the roadmap) Lenovo wireless devices (on the roadmap)

Sort of, but not quite. That's a good list of vulnerable devices, but what I'm looking for is more like, of those devices, which one is the best to buy and practice attacks on? Because I know some devices are only vulnerable to keystroke injections, while others are vulnerable to injections and keylogging. I'd also imagine some devices are able to have they're firmware downgraded as well as upgraded, while others cannot be downgraded...

Basically, which ones support the most attack vectors (hopefully one device vulnerable to all attack vectors), and which one of those also supports downgrading the firmware if needed (i.e. if it comes pre-patched with a newer firmware I need to be able to downgrade it to be vulnerable again).

[thewasabiguy]

I dont believe an exquisite list such as that exists.

and the reflashing would require access to the exact vulnerable firmware then the ability to interface with the device to be able for it to get flashed.

Im afraid you will just need to start at the top of the list provided and work your way down. Those devices are not getting updates and will have the vulnerability you need to key inject

[bluegizmo83]

I dont believe an exquisite list such as that exists.

and the reflashing would require access to the exact vulnerable firmware then the ability to interface with the device to be able for it to get flashed.

Im afraid you will just need to start at the top of the list provided and work your way down. Those devices are not getting updates and will have the vulnerability you need to key inject

Ok thanks. That gives me a place to start then.