Issue with C-U0008

[yiu-hongsum]

Is there a different instruction set for U0008 and U0012? I only have 1 0007 and I cant seem to get 0008 to work. The script get transmitted but nothing executes on my victim end. The receiver is out of box version.

Is there a way to flash the vulnerable firmware into the receiver?

[mame82]

It doesn't depend on the Unifying receiver, but on the firmware version, which kinds of vulnerability exists.

Rule of thumb:
Only the oldest Unifying receiver firmwares accept plain injection (MouseJack). But, also the newest firmware accept injection, if the encryption key is known, because

a) pairing of a keyboard was sniffed with LOGITacker (CVE-2019-13052)
b) the key was dumped with munifying (receiver is vulnerable to CVE-2019-13055) and manually added to LOGITacker.

For details on patched vulnerabilities across different firmware versions, see the respective READMEs in Logitech's repo (CU0007 is RQR12, CU0008/0016 is RQR24):

https://github.com/Logitech/fw_updates/tree/update2019-08-27/RQR12

[antonowicz]

@mame82 is there some repo with older versions of firmware (vulnerable) for attack?