search

mame82 / UnifyingVulnsDisclosureRepo

Formerly private repository for discussion, knowledge- and code-sharing around new Unifying vulns, as announced on Twitter
154 stars 27 forks source link

mjackit not pairing with C-U0007/C-U0008 Unifying receivers #8

Open JohnHonai2255 opened 1 year ago

JohnHonai2255 commented 1 year ago 
Dongle Info
-------------------------------------
    Firmware (maj.minor.build):  RQR12.11.B0032
    Bootloader (maj.minor):      04.16
    WPID:                        8802
    (likely) protocol:           0x04
    Serial:                      2c:ba:95:79
    Connected devices:           0
Dongle Info
-------------------------------------
    Firmware (maj.minor.build):  RQR24.11.B0036
    Bootloader (maj.minor):      02.09
    WPID:                        8808
    (likely) protocol:           0x04
    Serial:                      52:7d:cf:f4
    Connected devices:           0

Cleared existing paried devices and put the dongle in pairing

sudo ./munifying unpairall
sudo ./munifying pair

But unable to pair it using mjackit

sudo ./mjackit pairflood
=============================================================
=                         - mjackit -                       =
=                                                           =
=      Demo tool for Logitech Unifying vulnerabilities      =
=           by Marcus Mengs (MaMe82) Feb, 2019              =
=============================================================
each time a dongle is put into pairing mode, a new device will be paired immediately
EP In ep #1 IN (address 0x81) bulk [64 bytes]
EP Out ep #1 OUT (address 0x01) bulk [64 bytes]
Search dongle in pairing mode on bb:0a:dc:a5:75
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
RoganDawes commented 1 year ago

I'm sorry, Marcus is no longer maintaining this code, and I have no idea how it all works. :-(

DRCRecoveryData commented 1 year ago
  • C-U0007 Dongle Info

Dongle Info

-------------------------------------

  Firmware (maj.minor.build):  RQR12.11.B0032

  Bootloader (maj.minor):      04.16

  WPID:                        8802

  (likely) protocol:           0x04

  Serial:                      2c:ba:95:79

  Connected devices:           0
  • C-U0008 Dongle Info

Dongle Info

-------------------------------------

  Firmware (maj.minor.build):  RQR24.11.B0036

  Bootloader (maj.minor):      02.09

  WPID:                        8808

  (likely) protocol:           0x04

  Serial:                      52:7d:cf:f4

  Connected devices:           0

Cleared existing paried devices and put the dongle in pairing


sudo ./munifying unpairall

sudo ./munifying pair

But unable to pair it using mjackit


sudo ./mjackit pairflood

=============================================================

=                         - mjackit -                       =

=                                                           =

=      Demo tool for Logitech Unifying vulnerabilities      =

=           by Marcus Mengs (MaMe82) Feb, 2019              =

=============================================================

each time a dongle is put into pairing mode, a new device will be paired immediately

EP In ep #1 IN (address 0x81) bulk [64 bytes]

EP Out ep #1 OUT (address 0x01) bulk [64 bytes]

Search dongle in pairing mode on bb:0a:dc:a5:75

.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Your C-U0007 is new bootloader "BOT01.04_B0016" can't flash nrf-research firmware and logitech older version so i flash via SPI for Nordic bootloader

https://github.com/al177/buspirate_nrf24lu1p

My result:

https://twitter.com/drcrecovery/status/1671590705238781953?s=46