Skip to content
No description, website, or topics provided.
JavaScript HTML
Branch: master
Clone or download
Latest commit 0419d85 Dec 4, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE
README.md
index.html text Dec 4, 2019
main.js

README.md

munifying-web

Experimental in-browser implementation of CVE-2019-13054/CVE-2019-13054 from Chrome 78+.

The page utilizes the new WebHID API to extract AES encryption keys from vulnerable dongles.

As this is a PoC, there is no proper error handling implemented. The code is supposed to work with Logitech receivers utilizing a Texas Instruments Chip (R500, SPOTLIGHT, LightSpeed Logitech Unifying with RQR24.x). The vulnerability was patched with firmware RQR24.10 / RQR24.11 for Logitech Unifying receivers.

How to use

Browse to https://mame82.github.io/munifying-web/ with Chrome 78+. Once the 'Experimental Web Platform features' are enabled, the dump button should present a dialog, which let you choose from connected Logitech receivers. If the dongle is vulnerable, extracted keys will be printed to the page.

Everything runs locally in the browser.

Inspect the main.js file to adopt this for other projects.

For a full implemetation of a dumping/flashing tool for Unifying receivers, watch out for munifying

DISCLAIMER

this code is a Proof of Concept and should be used for authorized testing and/or educational purposes only. The only exception is using it against devices owned by yourself.

I take no responsibility for the abuse of this code or any information given in the related documents.

I DO NOT GRANT PERMISSIONS TO USE this code TO BREAK THE LAW.

I disclaim any warranty for this code, it is provided "as is".

You can’t perform that action at this time.