Open linux0ne opened 5 years ago
Google translates this as:
1, my device is MK520, keyboard and mouse set. 2, I can not determine firmware unifying equipment is old or new, how to determine? 3, I'm on Logitech's official website, only to see the unifying device recognition software, version 2010, and did not see where to download the firmware, three years ago, did not see where the firmware repair patches, seeking advice ? 4, demo video, USB class identification device with an antenna What is? How can I get?
Re 4, that is likely to be either a CrazyRadio PA+LNA, with a NRF24LU1 chip on it, or possibly an AprilBrother NRF52840 dongle. Perhaps you can provide a link to the video in question, so we can be sure?
Re 3, this article has more information on the difficulty of updating the firmware of the receiver:
Not too helpful, I admit. Perhaps Logitech will improve their website, and updaters. You may actually have better luck using the Linux fwupd site. https://fwupd.org/
Re 4, that is likely to be either a CrazyRadio PA+LNA, with a NRF24LU1 chip on it, or possibly an AprilBrother NRF52840 dongle. Perhaps you can provide a link to the video in question, so we can be sure?
https://www.freebuf.com/news/207981.html 看这个链接中的演示视频。注意视频中带天线的那个设备。
I believe that is the CrazyRadio.
Re 4, that is likely to be either a CrazyRadio PA+LNA, with a NRF24LU1 chip on it, or possibly an AprilBrother NRF52840 dongle. Perhaps you can provide a link to the video in question, so we can be sure?
https://www.freebuf.com/news/207981.html 看这个链接中的演示视频。注意视频中带天线的那个设备。
The PoC for CVE-2019-13052 (sniff pairing, live decryption of keyboard) could be replicated using either LOGITacker
or mjackit
:
1) With software tool mjackit
and a CrazyRadio PA or Logitech CU0007 dongle (both run nRF24LU1+) + modified firmware
In order to sniff a pairing, additional software is needed to pair a device:
PoC for CVE-2019-13053 (encrypted injection without knowledge of encryption key) could be replicated using mjackit
.
PoC for CVE-2019-13054 (extraction of encryption keys from presentation clicker receivers) and CVE-2019-13055 (extraction of encryption keys from Unifying receivers) could be replicated using the full version of munifying combined with either mjackit
or LOGITacker
(for sniffing/injection). The full version of munifying will be released in August, along with availability of a vendor patch for those vulnerabilities.
Note: CVE-2019-13052 (which will not be patched) will achieve the same results as CVE-2019-13054/13055 (will be patched). All of these vulnerabilities allow an attacker with one-time physical access to steal the link encryption keys of a wireless device. The vulnerability which will be patched (USB based key eextraction), only applies to some Logitech receivers - the vulnerability which will not be patched (key extraction based on sniffing of device pairing) applies to ALL Logitech receivers
@mame82 Thank! Thank you very much for your guidance and help. Looking forward to your further updates.
@RoganDawes Thank! Thank you very much for your guidance and help.
@mame82 I would like to ask the following questions further: 1、“firmware for CU0007 / CrazyRadio PA: https://github.com/mame82/nrf-research-firmware” What's the function of this firmware and how to use it? It updates the firmware of CU0007 itself and adds security? Normally, if you want to invade a CU0007 device, you can't rewrite its firmware first, can you?
2、What is "LOGITacker"?It's "AprilBrother NRF52840 dongle"?Are there any corresponding pictures or introductory links?
3、I really want to know, what is the wireless receiver used in your video? Are all the four vulnerabilities detected using this device for signal sniffing?
Do you mean that:
This combination of software and hardware has the most obvious effect on CU0007 equipment. yes or no ?
Of course, you need to brush firmware into a LOGITacker device before using it. “https://github.com/mame82/LOGITacker/releases/tag/v0.1.2-beta”
This combination of software and hardware has the most obvious effect on CU0007 equipment. yes or no ?
Everything correct, but with CU0007 it is a bit different.
LOGITacker and/or mjackit could be used to interact with CU0007 (Unifying Nordic), CU0008 (Unifying TI / Lightspeed), CU0012 (Unifying TI nano) ... additionally CU0016 (R500/SPOTLIGHT clickers TI).
As CU0007 is a Nordic based dongle with nRF24LU1+ it could server as replacement for the CrazyRadio PA. The modified 'nrf-research-firmware' could be flashed onto this dongle, instead. In contrast to CrazyRadio, the CU0007 has a PCB antenna and misses the PA, so RF range isn't as good.
1、我的设备是MK520,键盘和鼠标套装。 2、我现在无法确定unifying设备的固件是旧的还是新的,怎么确定? 3、我在罗技的官方网站上,只看到了unifying设备的识别软件,是2010年的版本,并没有看到固件在哪里下载,也没有看到三年前的固件修复补丁在哪里,求指教? 4、演示视频中,带天线的USB类识别装置是什么 ?如何可以得到?