Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HID_KEY_.... #62

Open
k-redas opened this issue Dec 30, 2021 · 0 comments
Open

HID_KEY_.... #62

k-redas opened this issue Dec 30, 2021 · 0 comments

Comments

@k-redas
Copy link

k-redas commented Dec 30, 2021
edited
Loading

Hi @ALL

Sorry the title is not very explicite...and my approximative english...

I test your wonderfull tool since one week.

After de pairing (good RF adress + Key)

First, From my computer’s terminal I run “sudo ./munifying pair”
Then, From LOGITacker console I run “pair device run”
The pairing data (i.e. encryption keys) will be stored into LOGITacker’s flash.
And then I stock the device data with "devices storage save xx:xx:xx:xx:xx"
At last I use "options discover onhit passive-enum on"

I can sniff and pair my device (logitech MK700/710 with vulnerability), but when i am in passive enumeration mode and i press A key letter i have this output :

LOGITACKER_PROCESSOR_PASIVE_ENUM: frame RX in passive enumeration mode (addr 0F:20:98:35:0C, len: 22, ch idx 0, raw ch 5)
app: Unifying RF frame: Encrypted keyboard, counter 3ABFCFAB
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 D3 75 E3 78 02 EA 1F|..u.x...
LOGITACKER_PROCESSOR_PASIVE_ENUM: 69 5D 3A BF CF AB 00 00|i]:.....
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 00 00 00 00 19 |......
LOGITACKER_PROCESSOR_PASIVE_ENUM: Test decryption of keyboard payload:
LOGITACKER_PROCESSOR_PASIVE_ENUM: 5E FB E7 18 A4 E7 88 08|^.......
LOGITACKER_KEYBOARD_MAP: LEFT_ALT appended
LOGITACKER_PROCESSOR_PASIVE_ENUM: Mod: (LEFT_SHIFT | LEFT_ALT | LEFT_GUI | RIGHT_CONTROL | RIGHT_ALT)
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: UNKNOWN HID KEY
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: HID_KEY_RIGHTMETA
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: HID_KEY_U
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: UNKNOWN HID KEY
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: HID_KEY_RIGHTMETA
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: HID_KEY_KATAKANAHIRAGANA
LOGITACKER_PROCESSOR_PASIVE_ENUM: frame RX in passive enumeration mode (addr 0F:20:98:35:0C, len: 22, ch idx 0, raw ch 5)
app: Unifying RF frame: Encrypted keyboard, counter 3ABFCFAC
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 D3 18 5C 09 85 68 0B|.....h.
LOGITACKER_PROCESSOR_PASIVE_ENUM: 96 78 3A BF CF AC 00 00|.x:.....
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 00 00 00 00 36 |.....6
LOGITACKER_PROCESSOR_PASIVE_ENUM: Test decryption of keyboard payload:
LOGITACKER_PROCESSOR_PASIVE_ENUM: FE 19 38 EB AD A0 4E 2E|..8...N.
LOGITACKER_KEYBOARD_MAP: LEFT_ALT appended
LOGITACKER_PROCESSOR_PASIVE_ENUM: Mod: (LEFT_SHIFT | LEFT_ALT | LEFT_GUI | RIGHT_CONTROL | RIGHT_SHIFT | RIGHT_ALT | RIGHT_GUI)
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: HID_KEY_V
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: HID_KEY_SLASH
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: UNKNOWN HID KEY
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: UNKNOWN HID KEY
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: UNKNOWN HID KEY
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key: HID_KEY_PAGEDOWN
LOGITACKER_PROCESSOR_PASIVE_ENUM: frame RX in passive enumeration mode (addr 0F:20:98:35:0C, len: 10, ch idx 0, raw ch 5)
app: Unifying RF frame: Set keep-alive
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 4F 00 01 9A 00 00 00|.O......
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 16

but the output may be this (source : mame82/UnifyingVulnsDisclosureRepo#2)

app: Unifying RF frame: Encrypted keyboard, counter 73361F9D
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 D3 7C FF EF 3B 04 CA|..|..;..
LOGITACKER_PROCESSOR_PASIVE_ENUM: 9C 9D 73 36 1F 9D 00 00|..s6....
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 00 00 00 00 1C |......
LOGITACKER_PROCESSOR_PASIVE_ENUM: Test decryption of keyboard payload:
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 04 00 00 00 00 00 C9|........
LOGITACKER_PROCESSOR_PASIVE_ENUM: Key 1: HID_KEY_A
LOGITACKER_PROCESSOR_PASIVE_ENUM: frame RX in passive enumeration mode (addr E2:C7:94:F2:C5, len: 22, ch idx 23, raw ch 74)
app: Unifying RF frame: Encrypted keyboard, counter 73361F9E
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 D3 99 D3 78 25 E5 53|....x%.S
LOGITACKER_PROCESSOR_PASIVE_ENUM: 21 D7 73 36 1F 9E 00 00|!.s6....
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 00 00 00 00 8E |......
LOGITACKER_PROCESSOR_PASIVE_ENUM: Test decryption of keyboard payload:
LOGITACKER_PROCESSOR_PASIVE_ENUM: 00 00 00 00 00 00 00 C9|........

We see " LOGITACKER_PROCESSOR_PASIVE_ENUM: Key 1: HID_KEY_A" except that i dont have this reslut line.

In the other hand, if i press the same key, each time i have a different result.

Do you have some ideas to resolve this ?

Thank Up
@k-redas k-redas changed the title <info> LOGITACKER_PROCESSOR_PASIVE_ENUM: Key 1: HID_KEY_A not appared HID_KEY_.... Dec 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@k-redas