Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pair problem #1

Open
puba opened this issue Sep 11, 2019 · 4 comments
Open

pair problem #1

puba opened this issue Sep 11, 2019 · 4 comments

Comments

@puba
Copy link

puba commented Sep 11, 2019

Tried to pair a receiver, but have this error after unsuccesfull injection:

root@kali:~/munifying# ./munifying pair
Logitech Unifying dongle found
Using dongle USB config: Configuration 1
Resetting dongle in order to release it from kernel (connected devices won't be usable)
EP descr: ep #1 IN (address 0x81) interrupt - undefined usage [8 bytes]
EP descr: ep #2 IN (address 0x82) interrupt - undefined usage [8 bytes]
EP descr: ep #3 IN (address 0x83) interrupt - undefined usage [32 bytes]
HID++ interface: vid=046d,pid=c52b,bus=2,addr=31,config=1,if=2,alt=0
HID++ interface IN endpoint: ep #3 IN (address 0x83) interrupt - undefined usage [32 bytes]
Enable pairing for 60 seconds
USB response timeout
Closing Logitech receiver in Firmware mode (not bootloader)...

After munifying info:

root@kali:~/munifying# ./munifying info
Logitech Unifying dongle found
Using dongle USB config: Configuration 1
Resetting dongle in order to release it from kernel (connected devices won't be usable)
EP descr: ep #1 IN (address 0x81) interrupt - undefined usage [8 bytes]
EP descr: ep #2 IN (address 0x82) interrupt - undefined usage [8 bytes]
EP descr: ep #3 IN (address 0x83) interrupt - undefined usage [32 bytes]
HID++ interface: vid=046d,pid=c52b,bus=2,addr=31,config=1,if=2,alt=0
HID++ interface IN endpoint: ep #3 IN (address 0x83) interrupt - undefined usage [32 bytes]
Dongle Info

Firmware (maj.minor.build):  RQR24.00.B0018
Bootloader (maj.minor):      00.06
WPID:                        8808
(likely) protocol:           0x04
Serial:                      23:64:98:42
Connected devices:           0

Closing Logitech receiver in Firmware mode (not bootloader)...

Once more :

root@kali:~/munifying# ./munifying info
Logitech Unifying dongle found
Using dongle USB config: Configuration 1
Resetting dongle in order to release it from kernel (connected devices won't be usable)
EP descr: ep #1 IN (address 0x81) interrupt - undefined usage [8 bytes]
EP descr: ep #2 IN (address 0x82) interrupt - undefined usage [8 bytes]
EP descr: ep #3 IN (address 0x83) interrupt - undefined usage [32 bytes]
HID++ interface: vid=046d,pid=c52b,bus=2,addr=31,config=1,if=2,alt=0
HID++ interface IN endpoint: ep #3 IN (address 0x83) interrupt - undefined usage [32 bytes]
Error reading dongle info couldn't read dongle info
Closing Logitech receiver in Firmware mode (not bootloader)...

Is it possible to somehow reset the receiver, tried to flash it, but it seems not to recognise the firmware anymore..

Thanks for help....

@PierreS1
Copy link

PierreS1 commented Dec 3, 2019

Hello, I'm experiencing a similar issue with a C-U0012.
I'm trying to use it as suggested by L Bongiorni for weaponization there.
Uploading firmware went wrong with 1st link but works fine with the 2nd one : Yes I know they don't have the same size nor same hash !
417637/ SHA256 : 50b55a7167758aa370dbc42ed89c16504801dca5d9706f4fd0df29599231eba8
vs 68352/ SHA256 : 3d87c3bfb66494f1c229010e577a8e5f383dcdb2e5e906da4c9cf5bc1cc08c6e

Here is the result :

`Found unknown Logitech dongle in Firmware Mode (not bootloader)
Using dongle USB config: Configuration 1
Resetting dongle in order to release it from kernel (connected devices won't be usable)
EP descr: ep #1 IN (address 0x81) interrupt - undefined usage [8 bytes]
EP descr: ep #2 IN (address 0x82) interrupt - undefined usage [16 bytes]
EP descr: ep #3 IN (address 0x83) interrupt - undefined usage [32 bytes]
HID++ interface: vid=046d,pid=c539,bus=4,addr=57,config=1,if=2,alt=0
HID++ interface IN endpoint: ep #3 IN (address 0x83) interrupt - undefined usage [32 bytes]
Dongle Info

Firmware (maj.minor.build):  RQR39.06.B0040
Bootloader (maj.minor):      01.08
WPID:                        800d
(likely) protocol:           0x0c
Serial:                      41:60:90:53
Connected devices:           1

Device Info for device index index 0

Destination ID:              0x07
Default report interval:     8ms
WPID:                        1337
Device type:                 0x01 (KEYBOARD)
Serial:                      2d:9a:9f:02
Report types:                0000401e (Report types: keyboard mouse multimedia power keys keyboard LEDs )
Capabilities:                b3 (not Unifying compatible, link encryption enabled)
Usability Info:              0x09 (power switch location on the top edge)
Name:                        LOGITacker
RF address:                  41:60:90:53:07
KeyData:                     00
Key:                         none (no link encryption in use or key not extractable)

Closing Logitech receiver in Firmware mode (not bootloader)...`

Just questioning myself about the bootloader version (> 2 on Logitec official repo for this firmware).
Then i wanted to pair it with Logitacker 👍
I'm unable to accomplish it : when launching the pair command on munifying I've got this result.
`I'm unable to pair my devices : when launching the pair command on munifying I've got this result.

Found unknown Logitech dongle in Firmware Mode (not bootloader)
Using dongle USB config: Configuration 1
Resetting dongle in order to release it from kernel (connected devices won't be usable)
EP descr: ep #1 IN (address 0x81) interrupt - undefined usage [8 bytes]
EP descr: ep #2 IN (address 0x82) interrupt - undefined usage [16 bytes]
EP descr: ep #3 IN (address 0x83) interrupt - undefined usage [32 bytes]
HID++ interface: vid=046d,pid=c539,bus=4,addr=57,config=1,if=2,alt=0
HID++ interface IN endpoint: ep #3 IN (address 0x83) interrupt - undefined usage [32 bytes]
Enable pairing for 60 seconds
USB Report type: HID++ short message, DeviceID: 0xff, SubID: ERROR MESSAGE, Params: 0x80 0xb2 0x05 0x00
Error notification with parameters: 0x80 0xb2 0x05 0x00
param 0 (HID++ command) : 0x80
param 1 (likely register): 0xb2 - 'REGISTER PAIRING'
param 2 (error) : 0x05 - 'LOGITECH INTERNAL ERROR'
HID++ error response
Closing Logitech receiver in Firmware mode (not bootloader)...
`

Any advices for debugging it ?

Best regards

PS : if someone knows how to proceed for updating C-U0012 bootloader I'm ok to validate the procedure

@mame82
Copy link
Collaborator

mame82 commented May 23, 2020

@PierreS1

The RQR39 firmware you flashed could only pair a single device (in contrast to RQR24 Unifying firmwares).

You have to unpair the already listed devices, before pairing LOGITacker.

This could f.e. be done with

munifying unpairall

@mame82
Copy link
Collaborator

mame82 commented May 23, 2020

@puba RQR24.00 is the oldest firmware available. The bootloader is not signed.

You should re-flash it with RQR24.06 (unsigned, vulnerable to AES key extraction) or RQR24.10 (unsigned, not vulnerable to AES key extraction)

@977973414
Copy link

Hello, may I ask if I have this problem when I brush into RQR44, can I ask me how to solve it?
06bcdc6e672ab23c905ffc9e5704313

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants