Some people really enjoy the kind of computer mouse that would not be entirely out of place in a F-16 cockpit. The kind of mouse that can launch a browser with the gentle shifting of one of its thirty-eight buttons ever so slightly to the left and open their garage door with a shifting to the right of that same button. However, can this power be used for evil, and not just frustrating guest users of their computer?
We’ve heard of the trusted peripheral being repurposed for nefarious uses before. Sometimes they’ve even been modified for more benign purposes. All of these have a common trend. The mouse itself must be physically modified to add the vulnerability or feature. However, the advanced mice with macro support can be used as is for a vulnerability.
The example in this case is a Logitech G-series gaming mouse. The mouse has the ability to store multiple personal settings in its memory. That way someone could take the mouse to multiple computers and still have all their settings available. [Stefan Keisse] discovered that the 100 command limit on the macros for each button are more than enough to get a full reverse shell on the target computer.
Considering how frustratingly easy it can be to accidentally press an auxiliary button on these mice, all an attacker would need to do is wait after delivering the sabotaged mouse. Video of the exploit after the break.
Continue reading “Unexpected Betrayal From Your Right Hand Mouse”
[Thomas] loves his Logitech MX Master mouse, which has a pretty elaborate scroll-wheel mechanism. Perhaps too elaborate; it broke on him after a week of use, just when he was getting used to the feature. So what did he do? Took it apart and fixed it, naturally. And as a bonus, we get a guided tour of the interesting mechanism. Check out his video below to watch it in action.
The weighted scroll wheel switches between two different modes, one with a detent like you’re probably used to, and one where the wheel is allowed to spin freely for long-distance travel. And to do this, it’s actually got a little motor inside that rotates a cam and throws a lever into the side of the scroll wheel for the detent mode, and pulls the lever out of the way for free spins. It must also have some logic inside that detects how quickly the scroller is spun because it re-engages as soon as the scroll wheel stops.
Continue reading “Fixing A Complicated Scrollwheel”
Last week we gave away a few Crazyflie 2.0 quadcopters to some cool Hackaday Prize entries. This quadcopter ships with the intention of being controlled by your smartphone. But it can also be controlled by a PC with USB dongle and an nRF24LU1+ SOC. [ajlitt] didn’t figure out he wanted the USB dongle (the Crazyradio) that can control this quad until after he used his gift code to claim his Crazyflie quad. No matter; the dongles for Logitech wireless keyboards and mice use the same radio as the Crazyflie and can be modded to make this quad fly.
The board inside the Logitech unifying receiver is a simple affair, with some pads for the USB connector, a crystal, the nRF24LU1+ radio module, and a few passives. To get this radio chip working with his computer, [ajlitt] simply needed to break out the SPI pins and wire everything to a Bus Pirate.
Getting the Crazyradio firmware onto this proved to be a little harder than soldering some magnet wire onto a few pins. The chip was first flashed without a bootloader, a full image with the bootloader was found, after wrangling a single byte into place, [ajlitt] had a working Crazyflie radio made from a wireless mouse dongle. The range isn’t great – only 30 feet or so, or about as far as you would expect a wireless mouse to work. Excellent work, even if [ajlitt] is temporarily without a mouse.
The Crazyflie 2.0 is available from the Hackaday Store, along with the add-ons if you don’t want to hack your own.
A while back, Logitech introduced their version of a wireless interface for keyboards, mice, and other human-oriented peripherals. Yes, they could have used Bluetooth, but that’s neither here nor there. What we do know, though, is that it’s now possible to stuff one of these Logitech transmitters into a Super Nintendo controller, allowing it to operate with your fancy-schmancy wireless keyboards and mice.
[Warrior_Rocker] wanted to retain as much of the stock appearance of the original controller as possible. To do this, he salvaged the Logitech transmitter from an old handheld Logitech keyboard/touchpad combo. The membrane of the keyboard connected directly to the transmitter, meaning tracing out the connections of the membrane to each pin was required to get a button mapping that made sense.
Once the lines of the SNES controller were wired up to the transmitter, [Warrior] needed a way to power his new wireless controller. The old keyboard used a pair of AA cells wired in parallel. With two AA cells, the keyboard had about a year of battery life, so with a single AAA cell, [Warrior]’s SNES controller should last a few months or more.
Except for a switch and a missing cable, [Warrior]’s wireless controller looks exactly like a stock controller. Pretty impressive, given this build is the product of stuff he just had lying around.
[Jacken] loves his lossless audio and because of that he’s long been a fan of Squeezebox. It makes streaming the high-bitrate files possible. But after Logitech acquired the company he feels they’ve made some choices which has driven the platform into the ground. But there is hope. He figured out how to use a Raspberry Pi as a Squeezebox server so that he can keep on using his client devices and posted details about the RPi’s performance while serving high-quality audio.
First the bad news: the RPi board doesn’t have the horsepower necessary to downsample on the fly. He even tried overclocking but that didn’t really help. The good news is that this issue only affects older Squeezebox clients (he had the issue with V3) and only when playing tracks that are much higher quality than a CD (24-bit at 88.2Khz). He has no problem streaming those files to devices that can play them, and can even stream multiple files at once without any issues.
You can install the Sqeezebox server on your own Raspberry Pi by following this guide.
[Jack Crossfire] took one of those inexpensive indoor helicopters and made it autonomous. He didn’t replace the hardware used for the helicopter, but augmented it and patched into the remote control to make a base station.
The position feedback is provided in much the same way that the Wii remote is used as a pointing device. On the gaming console there is a bar that goes under the TV with two IR LEDs in it. This is monitored by an IR camera in the Wii remote and used to calculate where you’re pointing the thing. [Jack’s] auto-pilot system uses two Logitech webcams with IR filters over the sensors. You can see them mounted on the horizontal bar in the cutout above. The helicopter itself has an IR LED added to it that is always on. The base station follows this beacon by moving the cameras with a pair of servo motors, calculating position and using it when sending commands to the remote control’s PCB.
Don’t miss the demo video of the rig after the break.
Continue reading “Autonomous helicopter works like a Wii remote”
[Gigawatts] built a pair of USB ports into his mouse and there’s enough room to plug-in small USB drives and dongles. After seeing Thursday’s storage mouse hack he decided to tip us off about the post.
He started with a Logitech G5 gaming mouse. The wireless version of this mouse has a battery pack, but on the corded version this space is used for a weight cartridge. Since he didn’t really care about that feature he ditched the weights, added a USB hub inside, and positioned the dual ports as seen in the photo. The void is deep enough for the mouse to function normally while hosting medium to small-sized devices. This is a fantastic solution that’s at least as impressive as Apple adding USB ports to a keyboard. We’d love to see it as a factory option.
Update: Video after the break
Continue reading “USB ports hidden inside gaming mouse”