the Logitech receiver in question next to the mouse it's paired to

Uncovering Secrets Of Logitech M185’s Dongle

June 15, 2024 by Arya Voronova 14 Comments

[endes0] has been hacking with USB HID recently, and a Logitech M185 mouse’s USB receiver has fallen into their hands. Unlike many Logitech mice, this one doesn’t include a Unifying receiver, though it’s capable of pairing to one. Instead, it comes with a pre-paired CU0019 receiver that, it turns out, is based on a fairly obscure TC32 chipset by Telink, the kind we’ve seen in cheap smart wristbands. If you’re dealing with a similarly obscure MCU, how do you even proceed?

In this case, GitHub had a good few tools developed by other hackers earlier — a Ghidra integration, and a tool for working with the MCU using a USB-UART and a single resistor. Unfortunately, dumping memory through the MCU’s interface was unreliable and frustrating. So it was time to celebrate when fuzzing the HID endpoints uncovered a memory dump exploit, with the memory dumper code helpfully shared in the blog post.

From a memory dump, the exploration truly began — [endes0] uncovers a fair bit of dongle’s inner workings, including a guess on which project it was based on, and even a command putting the dongle into a debug mode where a TC32-compatible debugger puts this dongle fully under your control.

Yet another hands-on course on Ghidra, and a wonderful primer on mouse dongle hacking – after all, if you treat your mouse’s dongle as a development platform, you can easily do things like controlling a small quadcopter, or pair the dongle with a SNES gamepad, or build a nifty wearable.

We thank [adistuder] for sharing this with us!

ATtiny85 Mouse Jiggler Lets You Take A Break

June 3, 2024 by Tom Nardi 54 Comments

The good news is that more and more people are working from home these days. The bad news is that some of the more draconian employers out there aren’t too happy about it, to the point of using ~~spyware~~ software to keep tabs on their workers. Better make that bathroom break quick — Big Brother is watching!

One simple way to combat such efforts is a mouse jiggler, which does…well it does exactly what it sounds like. If you find yourself in need of such a device, the WorkerMouse from [Zane Bauman] is a simple open source design that can be put together with just a handful of components.

The WorkerMouse is designed to be assembled using through-hole parts on a scrap of perfboard, but you could certainly swap them out for their SMD variants if that’s what you have on hand. The circuit is largely made up out of passive components anyway, except for the ATtiny85 that’s running the show.

[Zane] decided to embrace modernity and couple the circuit with a USB-C breakout board, but naturally you could outfit it with whatever USB flavor you want so long as you’ve got a cable that will let you plug it into your computer.

The project’s C source code uses V-USB to connect to the computer and act as a USB Human Interface Device (HID). From there, it generates random speed and position data for a virtual mouse, and dumps it out every few seconds. The end result is a cursor that leaps around the screen whenever the WorkerMouse is plugged in, which should be enough to show you online while you step away from the computer. As an added bonus, [Zane] has put together a nice looking 3D printable enclosure for the board. After all, the thing is likely going to be sitting on your desk, might as well have it look professional.

If you’ve got the time to get a PCB made, you might also be interested in the MAUS we covered last year, which also keeps the ATtiny85 working so you don’t have to.

A screenshot of the release page, showing the headline and a crop of the release notes

MicroPython 1.23 Brings Custom USB Devices, OpenAMP, Much More

June 2, 2024 by Arya Voronova 25 Comments

MicroPython is a wonderful Python interpreter that runs on many higher-end microcontrollers, from ESP8266 to STM32 to the RP2040. MicroPython lets you build devices quickly, and its latest release, 1.23, brings a number of improvements you should be aware of.

The first one is custom USB device support, and it’s a big one. Do you want to build HID devices, or play with MIDI, or do multiple serial streams with help of PIO? Now MicroPython lets you easily create USB devices on a variety of levels, from friendly wrappers for creating HID or MIDI devices, to low-level hooks to let you define your own USB descriptors, with user-friendly libraries to help all the way through. Currently, SAMD and RP2040 ports are supported in this part of code, but you can expect more in the future.

There’s more – support for OpenAMP, an inter-core communication protocol, has received a ton of improvements for systems where MicroPython reigns supreme on some of the CPU cores but also communicates with different systems on other cores. A number of improvements have made their way through the codebase, highlighting things we didn’t know MicroPython could do – for instance, did you know that there’s a WebAssembly port in the interpreter, letting you run MicroPython in your browser?

Well, it’s got a significant overhaul in this release, so there’s no better time to check it out than now! Library structure has been refactored to improve CPython compatibility, the RP2040 port receives a 10% performance boost thanks to core improvements, and touches upon areas like PIO and SPI interfaces.

We applaud all contributors involved on this release. MicroPython is now a decade old as of May 3rd, and it keeps trucking on, having firmly earned its place in the hacker ecosystem. If you’ve been playing with MicroPython, remember that there are multiple IDEs, graphics libraries, and you can bring your C code with you!

USB HID And Run Exposes Yet Another BadUSB Surface

April 4, 2024 by Arya Voronova 20 Comments

You might think you understand the concept of BadUSB attacks and know how to defend it, because all you’ve seen is opening a terminal window. Turns out there’s still more attack surface to cover, as [piraija] tells us in their USB-HID-and-run publication. If your system doesn’t do scrupulous HID device filtering, you might just be vulnerable to a kind of BadUSB attack you haven’t seen yet, rumoured to have been the pathway a few ATMs got hacked – simply closing the usual BadUSB routes won’t do.

The culprit is the Consumer Control specification – an obscure part of HID standard that defines media buttons, specifically, the “launch browser” and “open calculator” kinds of buttons you see on some keyboards, that operating systems, surprisingly, tend to support. If the underlying OS you’re using for kiosk purposes isn’t configured to ignore these buttons, they provide any attacker with unexpected pathways to bypass your kiosk environment, and it works astonishingly well.

[piraija] tells us that this attack provides us with plenty of opportunities, having tested it on a number of devices in the wild. For your own tests, the writeup has Arduino example code you can upload onto any USB-enabled microcontroller, and for better equipped hackers out there, we’re even getting a Flipper Zero application you can employ instead. While we’ve seen some doubts that USB devices can be a proper attack vector, modern operating systems are more complex and bloated than even meets the eye, often for hardly any reason – for example, if you’re on Windows 10 or 11, press Ctrl+Shift+Alt+Win+L and behold. And, of course, you can make a hostile USB implant small enough that you can build them into a charger or a USB-C dock.

USB image: Inductiveload, Public domain.

Building Up Unicode Characters One Bit At A Time

September 7, 2023 by Dan Maloney 33 Comments

The range of characters that can be represented by Unicode is truly bewildering. If there’s a symbol that was ever used to represent a sound or a concept anywhere in the world, chances are pretty good that you can find it somewhere in Unicode. But can many of us recall the proper keyboard calisthenics needed to call forth a particular character at will? Probably not, which is where this Unicode binary input terminal may offer some relief.

“Surely they can’t be suggesting that entering Unicode characters as a sequence of bytes using toggle switches is somehow easier than looking up the numpad shortcut?” we hear you cry. No, but we suspect that’s hardly [Stephen Holdaway]’s intention with this build. Rather, it seems geared specifically at making the process of keying in Unicode harder, but cooler; after all, it was originally his intention to enter this in last year’s Odd Inputs and Peculiar Peripherals contest. [Stephen] didn’t feel it was quite ready at the time, but now we’ve got a chance to give this project a once-over.

The idea is simple: a bank of eight toggle switches (with LEDs, of course) is used to compose the desired UTF-8 character, which is made up of one to four bytes. Each byte is added to a buffer with a separate “shift/clear” momentary toggle, and eventually sent out over USB with a flick of the “send” toggle. [Stephen] thoughtfully included a tiny LCD screen to keep track of the character being composed, so you know what you’re sending down the line. Behind the handsome brushed aluminum panel, a Pi Pico runs the show, drawing glyphs from an SD card containing 200 MB of True Type Font files.

At the end of the day, it’s tempting to look at this as an attractive but essentially useless project. We beg to differ, though — there’s a lot to learn about Unicode, and [Stephen] certainly knocked that off his bucket list with this build. There’s also something wonderfully tactile about this interface, and we’d imagine that composing each codepoint is pretty illustrative of how UTF-8 is organized. Sounds like an all-around win to us.

Hackaday Prize 2023: Sleek Macro Pad Makes 2FA A Little Easier

June 20, 2023 by Dan Maloney 1 Comment

We all know the drill when it comes to online security — something you know, and something you have. But when the “something you have” is a two-factor token in a keyfob at the bottom of a backpack, or an app on your phone that’s buried several swipes and taps deep, inconvenience can stand in the way of adding that second level of security. Thankfully, this “2FA Sidecar” is the perfect way to lower the barrier to using two-factor authentication.

That’s especially true for a heavy 2FA user like [Matt Perkins], who typically needs to log in and out of multiple 2FA-protected networks during his workday. His Sidecar is similar in design to many of the macro pads we’ve seen, with a row of Cherry MX key switches, a tiny TFT display — part of an ESP32-S3 Reverse TFT Feather — and a USB HID interface. Pressing one of the five keys on the pad generates a new time-based one-time password (TOTP) and sends it over USB as typed keyboard characters; the TOTP is also displayed on the TFT if you prefer to type it in yourself.

As for security, [Matt] took pains to keep things as tight as possible. The ESP32 only connects to network services to keep the time synced up for proper TOTP generation, and to serve up a simple web configuration page so that you can type in the TOTP salts and service name to associate with each key. He also discusses the possibility of protecting the ESP32’s flash memory by burning the e-fuses, as well as the pros and cons of that maneuver. The video below shows the finished project in action.

This is definitely a “use at your own risk” proposition, but we tend to think that in the right physical environment, anything that makes 2FA more convenient is probably a security win. If you need to brush up on the risks and benefits of 2FA, you should probably start here.

Continue reading “Hackaday Prize 2023: Sleek Macro Pad Makes 2FA A Little Easier” →

The MouSTer Adapter Now Has Amiga Scroll Support

February 16, 2023 by Lewin Day 6 Comments

The MouSTer is a device that enables modern USB HID mice to be used on various retro computers. The project has been through its ups and downs over years, but [drygol] is here to say one thing: rumors of the MouSTers demise have been greatly exaggerated. Now, the project is back and better than ever!

The team has been hard at work on quashing bugs and bringing new features to bear. The headline is that the MouSTer project will now offer mouse wheel support for Amiga users. This is quite the coup, as mouse wheels were incredibly obscure until the late 90s. Now, users of Commodore’s finest machines will be able to scroll with abandon with modern HID mice.

While the progress is grand, much is still left to be done. Despite the name, the MouSTer was never intended to solely serve Atari users. Future goals involve adding support for ADB mice for retro Macs, DB9 mouse support for even-older Apple machines, and DB9 mouse support for older PCs. The team is eager for there to be one MouSTer to rule them all, so to speak, and hopes to make the ultimate retro computer mouse adapter to serve as many purposes as possible.

We first looked at the MouSTer back in 2020, and it’s great to see how far it’s come.

Continue reading “The MouSTer Adapter Now Has Amiga Scroll Support” →