Unified Remote server crashes on Linux when typing using the keyboard in bottom ribbon

[kaxlabs]

I'm using Fedora 38 on x11 protocol. Whenever I type, it sends one character and then crashes the Unified Remote server entirely. There's an ongoing reddit thread that speaks of it happening on Ubuntu 22.04, Xubuntu 22.04, and several other Debian distros, allegedly.

[canove]

Same here. I'm using PopOS 22.04. Typing any key on cellphone keyboard kills the server and I need to restart it manually.

[FetchFast]

Crashes less with the built in keyboard, but still crashes especially when typing quickly. Not using wayland. Affects X11 too. Lots of linux users affected

[0957811]

I had the same issue on Linux Mint which uses X11 and not Wayland. The first character went trough, but the server crashed immediately after.

I decided to debug/reverse the cause of the crash in the 64-bit urserver binary with Ghidra and GDB using the crash dump as a starting point. I ended up succeeding in patching the binary to fix the issue. The bug is definitely in the server binary and is not an issue with the remote nor the OS (if using X11).

I will not be releasing the patched binary to avoid breaking terms of service. For those who know what they are doing, here are the bytes I patched to resolve this issue (use at your own risk). Addresses below include the default 0x00100000 offset added by Ghidra.

urserver-3.13.0.2505 0x002b4050: (e8 9b 85 ed ff) --> (e9 71 ff ff ff) // JMP 0x002b3fc6 0x002b4f19: (0f 1f 80 00 00) --> (e8 d2 76 ed ff) // CALL 0x0018c5f0 0x002b4f1e: (00 00) --> (eb 13) // JMP 0x002b4f33 0x002b4f65: (eb cc 66 0f) --> (66 e9 d5 00) // JMP 0x002b503e 0x002b5043: (e8 a8 75 ed ff) --> (e9 d1 fe ff ff) // JMP 0x002b4f19

[GenZai]

same problem here, it the server crashes after the first letter inputs correctly.

I'm on ubuntu mate 22.04 But I don't have the same binary as you 0x002b4050: E9 3D 40 E3 FF

[0957811]

same problem here, it the server crashes after the first letter inputs correctly.

I'm on ubuntu mate 22.04 But I don't have the same binary as you 0x002b4050: E9 3D 40 E3 FF

That's because the addresses I posted are offset by 0x00100000 from the actual binary, my bad. Try with those addresses instead:

0x001b4050: (e8 9b 85 ed ff) --> (e9 71 ff ff ff) // JMP 0x002b3fc6 0x001b4f19: (0f 1f 80 00 00) --> (e8 d2 76 ed ff) // CALL 0x0018c5f0 0x001b4f1e: (00 00) --> (eb 13) // JMP 0x002b4f33 0x001b4f65: (eb cc 66 0f) --> (66 e9 d5 00) // JMP 0x002b503e 0x001b5043: (e8 a8 75 ed ff) --> (e9 d1 fe ff ff) // JMP 0x002b4f19

[GenZai]

sorry now you mention it, I can see you gave the proper instructions

. Addresses below include the default 0x00100000 offset added by Ghidra.

It works, you're a gem ! Thanks

[ImanityDev]

same problem here, it the server crashes after the first letter inputs correctly. I'm on ubuntu mate 22.04 But I don't have the same binary as you 0x002b4050: E9 3D 40 E3 FF

That's because the addresses I posted are offset by 0x00100000 from the actual binary, my bad. Try with those addresses instead:

0x001b4050: (e8 9b 85 ed ff) --> (e9 71 ff ff ff) // JMP 0x002b3fc6 0x001b4f19: (0f 1f 80 00 00) --> (e8 d2 76 ed ff) // CALL 0x0018c5f0 0x001b4f1e: (00 00) --> (eb 13) // JMP 0x002b4f33 0x001b4f65: (eb cc 66 0f) --> (66 e9 d5 00) // JMP 0x002b503e 0x001b5043: (e8 a8 75 ed ff) --> (e9 d1 fe ff ff) // JMP 0x002b4f19

You're an absolute hero, I don't know how the issue still isn't fixed by the devs, but this saved a lot of hassle for me.

[kaxlabs]

I had the same issue on Linux Mint which uses X11 and not Wayland. The first character went trough, but the server crashed immediately after.

I decided to debug/reverse the cause of the crash in the 64-bit urserver binary with Ghidra and GDB using the crash dump as a starting point. I ended up succeeding in patching the binary to fix the issue. The bug is definitely in the server binary and is not an issue with the remote nor the OS (if using X11).

I will not be releasing the patched binary to avoid breaking terms of service. For those who know what they are doing, here are the bytes I patched to resolve this issue (use at your own risk). Addresses below include the default 0x00100000 offset added by Ghidra.

urserver-3.13.0.2505 0x002b4050: (e8 9b 85 ed ff) --> (e9 71 ff ff ff) // JMP 0x002b3fc6 0x002b4f19: (0f 1f 80 00 00) --> (e8 d2 76 ed ff) // CALL 0x0018c5f0 0x002b4f1e: (00 00) --> (eb 13) // JMP 0x002b4f33 0x002b4f65: (eb cc 66 0f) --> (66 e9 d5 00) // JMP 0x002b503e 0x002b5043: (e8 a8 75 ed ff) --> (e9 d1 fe ff ff) // JMP 0x002b4f19

Thanks for allowing me to enjoy my makeshift Linux TV again.

[artfabrique]

I have the same issue.

[jon389]

I had the same issue, linux 64bit binary urserver-3.13.0.2505 I used Ghidra for the first time (never heard of it) to patch and fix my urserver binary - thank you very much @0957811 Can this bug be fixed please Unified Remote team ? @pqvst @UI-Jakob

[littelbro14]

I'm having the same problem on Pop!_OS 22.04.

[lukegrehan]

For anyone who doesn't want to install ghidra, here's the above as a binary .patch file:

001b4050: e9  .
001b4051: 71  q
001b4052: ff  .
001b4053: ff  .
001b4f19: e8  .
001b4f1a: d2  .
001b4f1b: 76  v
001b4f1c: ed  .
001b4f1d: ff  .
001b4f1e: eb  .
001b4f1f: 13  .
001b4f65: 66  f
001b4f66: e9  .
001b4f67: d5  .
001b4f68: 00  .
001b5043: e9  .
001b5044: d1  .
001b5045: fe  .
001b5046: ff  .

Just run xxd -c1 -r $PATH_TO_PATCHFILE $PATH_TO_URSERVER_BIN

[bestcodename]

The same problem occurs with the Raspberry Pi (ARM64) package. I already opend it in ghidra and compared it to the x64 package. Mabe its possible to patch it similarily but i currently dont really have time for that.

If someone else wants to look into the ARM64 package he can maybe tell if that would be the first address that needs a change: 0x00492f54: (df e0 fd 97) --> (todo) // JMP 0x00492e4c

[githubplanetarparrot]

Same issue.

[kaxlabs]

I'm surprised it's been more than a year and an issue this significant hasn't been resolved.

[Eggroley]

It's so simple to fix as demonstrated by the people in this thread. I'm not sure why they aren't just implementing the changes here.