Just over a year ago Bastille security announced the discovery of a suite of vulnerabilities commonly referred to as MouseJack. The vulnerabilities targeted the low level wireless protocol used by Unifying devices, typically mice and keyboards. The issues included the ability to:
- Pair new devices with the receiver without user prompting
- Inject keystrokes, covering various scenarios
- Inject raw HID commands
This gave an attacker with $15 of hardware the ability to basically take over remote PCs within wireless range, which could be up to 50m away. This makes sitting in a café quite a dangerous thing to do when any affected hardware is inserted, which for the unifying dongle is quite likely as it’s explicitly designed to remain in an empty USB socket. The main manufacturer of these devices is Logitech, but the hardware is also supplied to other OEMs such as Amazon, Microsoft, Lenovo and Dell where they are re-badged or renamed. I don’t think anybody knows the real total, but by my estimations there must be tens of millions of affected-and-unpatched devices being used every day.
Shortly after this announcement, Logitech prepared an update which mitigated some of these problems, and then again a few weeks later prepared another update that worked around and fixed the various issues exploited by the malicious firmware. Officially, Linux isn’t a supported OS by Logitech, so to apply the update you had to start Windows, and download and manually deploy a firmware update. For people running Linux exclusively, like a lot of Red Hat’s customers, the only choice was to stop using the Unifying products or try and find a Windows computer that could be borrowed for doing the update. Some devices are plugged in behind racks of computers forgotten, or even hot-glued into place and unremovable.
The MouseJack team provided a firmware blob that could be deployed onto the dongle itself, and didn’t need extra hardware for programming. Given the cat was now “out of the bag” on how to flash random firmware to this proprietary hardware I asked Logitech if they would provide some official documentation so I could flash the new secure firmware onto the hardware using fwupd. After a few weeks of back-and-forth communication, Logitech released to me a pile of documentation on how to control the bootloader on the various different types of Unifying receiver, and the other peripherals that were affected by the security issues. They even sent me some of the affected hardware, and gave me access to the engineering team that was dealing with this issue.
It took a couple of weeks, but I rewrote the previously-reverse-engineered plugin in fwupd with the new documentation so that it could update the hardware exactly according to the official documentation. This now matches 100% the byte-by-byte packet log compared to the Windows update tool. Magic numbers out, #define’s in. FIXMEs out, detailed comments in. Also, using the documentation means we can report sensible and useful error messages. There were other nuances that were missed in the RE’d plugin (for example, making sure the specified firmware was valid for the hardware revision), and with the blessing of Logitech I merged the branch to master. I then persuaded Logitech to upload the firmware somewhere public, rather than having to extract the firmware out of the .exe files from the Windows update. I then opened up a pull request to add the .metainfo.xml files which allow us to build a .cab package for the Linux Vendor Firmware Service. I created a secure account for Logitech and this allowed them to upload the firmware into a special testing branch.
This is where you come in. If you would like to test this, you first need a version of fwupd that is able to talk to the hardware. For this, you need fwupd-0.9.2-2.fc26 or newer. You can get this from Koji for Fedora.
Then you need to change the DownloadURI in /etc/fwupd.conf to the testing channel. The URI is in the comment in the config file, so no need to list it here. Then reboot, or restart fwupd. Then you can either just launch GNOME Software and click Install, or you can type on the command line fwupdmgr refresh && fwupdmgr update — soon we’ll be able to update more kinds of Logitech hardware.
If this worked, or you had any problems please leave a comment on this blog or send me an email. Thanks should go to Red Hat for letting me work on this for so long, and even more thanks to Logitech to making it possible.
Amazing work! :)
Awesome, thanks!
Thank you for your diligence in this area. Props to Logitech for being so cooperative as well.
Amazing work! Thank you and Logitech for coming together to provide an effective solution for us. The GUI firmware update tool is an excellent addition to gnome and I’m glad to see more devices added.
[root@dylantaylor-precision dtaylor]# fwupdmgr update
Downloading RQR24.05_B0029 for Unifying Reciever…
Updating RQR24.05_B0029 on Unifying Reciever…
Decompressing…
request timed out
[root@dylantaylor-precision dtaylor]# fwupdmgr update
Downloading RQR24.05_B0029 for Unifying Reciever…
Updating RQR24.05_B0029 on Unifying Reciever…
Decompressing…
not found /sys/devices/pci0000:00/0000:00:14.0/usb1/1-2
Looks like it didn’t work. I lost connectivity to my mouse until I plugged it back in again.
[root@dylantaylor-precision dtaylor]# fwupdmgr get-devices
Unifying Reciever
Guid: 77d843f7-682c-57e8-8e29-584f5b4f52a1
Guid: cc4cbfa9-bf9d-540b-b92b-172ce31013c1
UniqueID: */*/lvfs/firmware/com.logitech.Unifying.RQR24.firmware/*
DeviceID: /sys/devices/pci0000:00/0000:00:14.0/usb1/1-2
Description: A Unifying receiver allows you to connect multiple compatible keyboards and mice to a laptop or desktop computer with a single USB receiver. Updating the firmware on your Unifying receiver improves performance, adds new features and fixes security issues.
Plugin: unifying
Flags: allow-online|supported
DeviceVendor: Logitech
Version: RQR24.01_B0023
VersionBootloader: BOT03.01_B0008
Created: 2017-05-23
AppstreamId: com.logitech.Unifying.RQR24.firmware
Summary: Firmware for the Logitech Unifying receiver
UpdateDescription: RQR24.05_B0029:This release addresses an unencrypted keystroke injection issue known as Bastille security issue #11. The vulnerability is complex to replicate and would require a hacker to be physically close to a target.RQR24.03_B0027:This release addresses an unencrypted keystroke injection issue and fake mouse issue known as Bastille security issues #2 and #3. The vulnerabilities are complex to replicate and would require a hacker to be physically close to a target.
UpdateVersion: RQR24.05_B0029
UpdateHash: 0e7e9dafeb4dcc144d1434759ebf7bd71ea2a4d7
UpdateChecksumKind: sha1
License: Proprietary
UpdateUri: https://secure-lvfs.rhcloud.com/downloads/4511b9b0d123bdbe8a2007233318ab215a59dfe6-Logitech-Unifying-RQR24.05_B0029.cab
UrlHomepage: http://support.logitech.com/en-us/software/unifying
Vendor: Logitech
Trusted: none
Precision 5510
Guid: 124c207d-5db8-4d95-bd31-34fd971b34f9
DeviceID: UEFI-124c207d-5db8-4d95-bd31-34fd971b34f9-dev0
Plugin: uefi
Flags: internal|allow-offline|require-ac|supported
Version: 0.1.2.25
VersionLowest: 0.1.2.25
Created: 2017-05-23
GM107GLM [Quadro M1000M]
Guid: 2b07aa6b-6b41-5e92-8f2f-ff742f711a81
DeviceID: ro__sys_devices_pci0000_00_0000_00_01_0_0000_01_00_0
Plugin: udev
Flags: internal|locked
DeviceVendor: NVIDIA Corporation
Created: 2017-05-23
MX Anywhere 2
Guid: dafe29a6-79c9-5309-a9fe-f54073408c17
DeviceID: /sys/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.2/0003:046D:C52B.000C/0003:046D:4063.000E/hidraw/hidraw1
Plugin: unifying
Flags: none
DeviceVendor: Logitech
Created: 2017-05-23
USB BootLoader
Guid: 87fd7145-3913-50c8-bfcb-86f85006d7d1
Guid: c033c930-2f19-5148-bf82-5f232464d5d7
DeviceID: usb:00:02
Plugin: usb
Flags: none
Version: 3.1
Created: 2017-05-23
Shouldn’t the DownloadURI option default to a GNOME.org link under the control of the Foundation? In case the AWS link dies or for some other reason needs to be redirected to another host.
Well, it’s handling millions of requests every day currently, so it’s not a trivial thing to handle. It’s also security sensitive as there are embargoed updates on the LVFS. I can share more news on this soon, but at the moment it’s work in process with various legal teams.
No success…
agoode@lincoln260 ~ $ sudo fwupdmgr refresh
agoode@lincoln260 ~ $ sudo fwupdmgr update
Downloading RQR12.07_B0029 for Unifying Reciever…
Updating RQR12.07_B0029 on Unifying Reciever…
Decompressing…
request timed out
agoode@lincoln260 ~ $ sudo fwupdmgr update
Downloading RQR12.07_B0029 for Unifying Reciever…
Updating RQR12.07_B0029 on Unifying Reciever…
Restarting device… [****************************************]
USB error on device 046d:aaaa : No such device (it may have been disconnected) [-4]
agoode@lincoln260 ~ $ sudo fwupdmgr update
Downloading RQR12.07_B0029 for Unifying Reciever…
Updating RQR12.07_B0029 on Unifying Reciever…
Decompressing…
request timed out
agoode@lincoln260 ~ $ sudo fwupdmgr update
Downloading RQR12.07_B0029 for Unifying Reciever…
Updating RQR12.07_B0029 on Unifying Reciever…
Writing… [******* ]
Restarting device… [****************************************]
USB error on device 046d:aaaa : No such device (it may have been disconnected) [-4]
After a few more tries it finally worked.
[root@lincoln260 ~]# fwupdmgr -v update
Downloading RQR12.07_B0029 for Unifying Reciever…
Updating RQR12.07_B0029 on Unifying Reciever…
Decompressing…
request timed out
[root@lincoln260 ~]# fwupdmgr -v -v update
Downloading RQR12.07_B0029 for Unifying Reciever…
Updating RQR12.07_B0029 on Unifying Reciever…
Restarting device… [****************************************]
[root@lincoln260 ~]# fwupdmgr -v -v update
No devices can be updated: Nothing to do
Also, after the “decompressing, request timed out” failures, the receiver was disabled until I tried running fwupdmgr again or replugging the receiver. Feel free to contact me by email for any followup.
I ran `fwupdmgr update` by hand, and noticed a typo:
% fwupdmgr update
Downloading RQR12.07_B0029 for Unifying Reciever…
Updating RQR12.07_B0029 on Unifying Reciever…
Restarting device… [****************************************]
“Reciever” should be “Receiver”. Not sure where this string comes from; your screenshot and `lsusb` show slightly different device names with the correct spelling. On my machine:
% lsusb -d 046d:
Bus 001 Device 009: ID 046d:c52b Logitech, Inc. Unifying Receiver
Otherwise, worked fine. Nice!
Fixed, thanks! https://github.com/hughsie/fwupd/commit/26a52be318b9bb540d88bbb5139e97e1e9b009db
Great! But fwupd is not yet in this version on Debian, even in Sid..
Not much I can do about that I’m afraid; you could probably use this new version of fwupd on a Fedora LiveUSB image if that helps.
Seems that it has been since 2015:
https://tracker.debian.org/pkg/fwupd
uops, I misread :).
Yep, this specific one is not there, it has been released a day a ago; and Debian is on the freeze.
Version 0.9.2 is currently available in Debian experimental only. If you are running Testing/Stretch you should be able to install the package ‘fwupd’ from experimental.
You could try converting the rpm file to a deb using “alien”
Don’t do this, it’s completely untested and the linked to libraries will be different.
This is great news!
As I have a Logitech M510 mouse with a Unifying receiver (as a backup mouse), I tried this out. After following your instructions, GNOME-Software doesn’t find any updates and the command line says all hardware is updated.
$ lsusb | grep -i Unify
Bus 001 Device 014: ID 046d:c52b Logitech, Inc. Unifying Receiver
fwupd-0.9.2-1.fc26.x86_64 (from Koji)
$ grep ^Down /etc/fwupd.conf
DownloadURI=https://s3.amazonaws.com/lvfsbucket/downloads/firmware-testing.xml.gz
What’s the output of “fwupdmgr get-devices”?
I’ve similiar issue, output of “fwupdmgr get-devices” https://paste.fedoraproject.org/paste/laG9zQTtB0h15noTRn5Dp15M1UNdIGYhyRLivL9gydE=
.....
USB Receiver
Guid: c32f7489-62b0-5c0c-9056-e7a94e5a1c0a
Guid: 073d3a5a-9de8-59df-b4d6-3b2a262352f4
DeviceID: usb:00:02
Plugin: usb
Flags: none
Version: 48.0
Created: 2017-05-23
another little bug maybe, after install fwupd I must uplug Receiver then replug, or it wont detected my Receiver
btw I use fwupd.x86_64 0.9.2-2.fc25
and testing URI
DownloadURI=https://s3.amazonaws.com/lvfsbucket/downloads/firmware-testing.xml.gz
Did you reboot / restart fwupd after installing 0.9.2-2?
after some reboot no result.
No devices can be updated: Nothing to do
I’m using M185 wireless mouse
Can you try fwupd-0.9.2-2 please — I’ve backported all the fixes done today to there. Thanks!
Kudo! That’s a great achievement !
Man you are a legend for sorting this out :-)
This is really impressive – the only downside I can come up with is that you had to write the “Linux flash code” yourself. Ideally this would be something provided by the manufacturer (similar to open source Linux drivers) by default. But that is really a tiny complaint compared to your great achievement (which I guess is also due to good work by various non-tech people from Red Hat).
Btw: Would you mind looking at https://bugzilla.redhat.com/show_bug.cgi?id=1442985 ? fwupd does not work on F25 currently due to this but the fix is really trivial…
and of course I’m eagerly awaiting the public announcement about the embargoed firmware files…
I hope that Dell will support more models via LVFS. I just got a new Latitude – partly due to their support of LVFS (and their models are generally quite Linux-friendly).
Is there any mechanism in LVFS to tell Hardware vendors about the number of users they could make happy by supporting LVFS? My biggest wish for RHEL 8 is actually fwupd support for common (server) hardware.
Currently most of our servers never receive a firmware update even though we know that quite a few components might benefit from patching. Boy, we struggled quite a bit just to patch the recent Intel AMT bug on all affected machines. I would have been *so* nice just to let fwupd its job and be done with it. :-)
We actually avoid uploading any details about the users system — it would be interesting data, but is far too security sensitive and private to do without confirmation. I think your best bet is to ask your hardware vendor directly; preferably through a sales channel as this is where companies really care! The AMT bug has thrown a lot of vendors towards the LVFS in recent weeks, although I obviously can’t go into details here.
Hi,
Thanks for all your work on LVFS. Being able to do firmware updates for so many devices is really great – and ahead of Windows where a separate proprietary tool is often needed for each device.
However I have some questions about enterprise usage. As far as I can see each computer individual connects to the LVFS servers?
Is work being done to enable LVFS for enterprise? Is it possible to mirror required updates locally in an automated way? Spacewalk integration? dnf plugin?
Thanks
For enterprise I think the best way to do this at the moment is to use a proxy server. I’m not super-keen on letting people mirror the entire archive as some firmware is in an embargoed state. I’m open for ideas if you have a specific use case in mind.
Ohh, forgot to say; Cockpit should have firmware update support soon too.
Whoa, this worked really well and was easy to patch. Nice work!
No matter how many times I try…
$ fwupdmgr –verbose update
Downloading RQR12.07_B0029 for Unifying Receiver…
Updating RQR12.07_B0029 on Unifying Receiver…
Decompressing…
Writing… [********************** ]
Restarting device… [****************************************]
USB error on device 046d:aaaa : No such device (it may have been disconnected) [-4]
Odd! Can you share the /usr/libexec/fwupd/fwupd –verbose log when you do the update in another terminal please. I’m assuming this is -2 as well.
Do you need to install unifying-receiver-udev-0.2-7.fc25.noarch as well?
Does it matter if you have a device paired that is not available? I had a mouse and keyboard paired, but the keyboard is not there anymore.
It installed ltunify, it dragged in the unifying-receiver-udev dependency, I restarted fwupd and then it somehow worked, or seemed to have already worked.
$ ltunify receiver-info
Firmware version: 012.007.00029
Bootloader version: BL.002.015
Nope, fwupd runs as root and does not need the udev rules.
Today (after reboot), I don’t seem to be able to update anymore:
$ fwupdmgr –verbose update
No devices can be updated: Nothing to do
Refreshing doesn’t help.
Here’s fwupd –verbose output, but again after reboot:
https://da.gd/64Y1
Does it mean the firmware was updated successfully, despite the error?
This is on F25 with:
fwupd-0.9.2-2.fc26.x86_64
libdfu-0.9.2-2.fc26.x86_64
I think so.
fwupdmgr get-deviceswill get the current version.Yes, it has been updated. Any detailed logs to help you discover the problem?
One additional information. It’s not obvious due to blog formatting, but the Writing phase was never completed in my case. The stars progress bar was only half or two thirds full (different value for different attempts), when it jumped to Restarting.
Hi Richard this worked like a charm on my Logitech Mx master receiver. I am shocked by how easy the process was, it should be the default everywhere. This was completely unreal, thanks for all the work, simply amazing!
$ lsusb |grep Logitech
Bus 003 Device 010: ID 046d:c52b Logitech, Inc. Unifying Receiver
With fwupd 0.9.2-2.fc25 and testing URI:
Downloading RQR12.07_B0029 for Unifying Receiver…
Updating RQR12.07_B0029 on Unifying Receiver…
Decompressing…
version of bootloader incorrect: failed predicate [BOT01.0[0-3]_* regex BOT01.02_B0014]
Can you update appstream-glib (possibly to the version in f26…), reboot and try again? If this fails, can you please file a bug on the fwupd issue tracker on github. Thanks.
M705 update worked in 1st attempt.
M510 update worked in 3rd attempt.
When I connected M510 USB receivers on same laptop where M705 was connected, fwupd did not detected any updated.
Connected to a different laptop and ran fwupd, failed at first attempt but success on second attempt.
Worked perfectly on my F26 box’s Logitech receiver. Well done, Richard!
$ sudo fwupdmgr refresh && sudo fwupdmgr update
Downloading RQR12.07_B0029 for Unifying Receiver…
Updating RQR12.07_B0029 on Unifying Receiver…
Decompressing…
Specified firmware is older than installed ‘RQR12.03_B0025 < RQR12.07_B0029
Try a new appstream-glib perhaps?
“The AMT bug has thrown a lot of vendors towards the LVFS in recent weeks”
Is there anymore info that you’re allowed to say here? Maybe how many vendors have shown interest?
Not yet, sorry.
Bus 003 Device 004: ID 046d:c52b Logitech, Inc. Unifying Receiver
I have _not_ rebooted. Does this mean that my firmware is already up2date?
This is really impressive work.
Has anyone looked at how to update the firmware on Lenovo docking stations, like the OneLink Pro? They have regular firmware upgrades, and those upgrades fix important functionality of the dock. But as far as I can tell, there’s no way to upgrade them without running Windows, and you’d have to have a Windows system with the magic dock connector to do it. I’d *love* to have a Linux solution for this via fwupd.
Maybe ask Lenovo? Without specs it’s a dangerous thing to try to RE :)
If you have a spare usb drive you can install Windows 10 on it using Windows To Go mode via Rufus and then update without having to find another Windows system with a OneLink port. You can get the Windows 10 iso directly from the Microsoft website.
Hi! Nice work!
Device seems to show that it should be updated:
Unifying Receiver
Guid: 77d843f7-682c-57e8-8e29-584f5b4f52a1
Guid: 9d131a0c-a606-580f-8eda-80587250b8d6
UniqueID: */*/lvfs/firmware/com.logitech.Unifying.RQR12.firmware/*
DeviceID: /sys/devices/pci0000:00/0000:00:14.0/usb1/1-1
Description: A Unifying receiver allows you to connect multiple compatible keyboards and mice to a laptop or desktop computer with a single USB receiver. Updating the firmware on your Unifying receiver improves performance, adds new features and fixes security issues.
Plugin: unifying
Flags: allow-online|supported
DeviceVendor: Logitech
Version: RQR12.01_B0019
VersionBootloader: BOT01.02_B0014
Created: 2017-05-24
AppstreamId: com.logitech.Unifying.RQR12.firmware
Summary: Firmware for the Logitech Unifying receiver
UpdateDescription: RQR12.07_B0029:This release addresses an unencrypted keystroke injection issue known as Bastille security issue #11. The vulnerability is complex to replicate and would require a hacker to be physically close to a target.RQR12.05_B0028:This release addresses an force pairing issue, an unencrypted keystroke injection issue and fake mouse issue known as Bastille security issues #1, #2 and #3. The vulnerabilities are complex to replicate and would require a hacker to be physically close to a target.
UpdateVersion: RQR12.07_B0029
UpdateHash: d0d33e760ab6eeed6f11b9f9bd7e83820b29e970
UpdateChecksumKind: sha1
License: Proprietary
UpdateUri: https://secure-lvfs.rhcloud.com/downloads/938fec082652c603a1cdafde7cd25d76baadc70d-Logitech-Unifying-RQR12.07_B0029.cab
UrlHomepage: http://support.logitech.com/en-us/software/unifying
Vendor: Logitech
Trusted: none
But when trying to run the update, it says the new firmware is not as new as the firmware installed, though the version seems lower (?):
Downloading RQR12.07_B0029 for Unifying Receiver…
Updating RQR12.07_B0029 on Unifying Receiver…
Decompressing…
Specified firmware is older than installed ‘RQR12.01_B0019 < RQR12.07_B0029'
My M310 Logitech mouse has the Unifying logo underneath, but my receiver does not have the unifying logo anywhere.
One might think the receiver is merely a plain nano-receiver, but running lsusb shows differently:
$ lsusb |grep Logitech
Bus 001 Device 006: ID 046d:c52f Logitech, Inc. Unifying Receiver
Richard, thank you for all your work. I hope Ubuntu updates to the latest fwupd soon.
It seems this receiver is indeed a nano receiver with the ability to understand the unifying protocol to handle unifying peripherals (my M310). Solaar reports the receiver only supports pairing a single device.
Similarly to Garret above, I’m unable to update the firmware on my Unifying Receiver.
I’m using
fwupd-0.9.2-2.fc26.x86_64.rpmandlibdfu-0.9.2-2.fc26.x86_64.rpmon Fedora 26. Myfwupd.confis pointing at the appropriatefirmware-testing.xml.gzURL. I rebooted and ranfwupdmgr refreshafter installing the above RPMs and editing the config file.My receiver appears in
lsusbasBus 001 Device 005: ID 046d:c52b Logitech, Inc. Unifying Receiver.My receiver appears in
fwupdmgr get-devicesas:USB ReceiverGuid: 77d843f7-682c-57e8-8e29-584f5b4f52a1
Guid: b36dbde8-215b-5df7-ab6f-7af1dd33e2fa
DeviceID: usb:00:02
Plugin: usb
Flags: none
Version: 36.0
Created: 2017-05-25
However,
fwupdmgr updatereportsNo devices can be updated: Nothing to do.Great work guys.
This worked really well for me too with my MX Master mouse.
However, it installed a different version than the one in the example. Is the version “RQR24.05_B0029” fine too? It was the one it automatically found and updated to.
Rqr24 is a different chipset. We install the right firmware on the right hardware :)
I’m trying to update the firmware on Arch:
> lsusb | grep Logitech
Bus 001 Device 092: ID 046d:c52b Logitech, Inc. Unifying Receiver
> sudo fwupdmgr update
Downloading RQR12.07_B0029 for Unifying [runtime]…
Updating RQR12.07_B0029 on Unifying [runtime]…
Decompressing…
version of org.freedesktop.fwupd incorrect: failed predicate [0.9.2 ge 0.8.1]
fwupdmgr get-devices output for Unifying device:
https://paste.xinu.at/YC7/
Tried both fwupd 0.9.2 and fwupd-git, no luck. appstream-glib is at 0.6.13.
Are you sure the new fwupd is running? Try rebooting.
Yes, I’m absolutely sure.
I’ve updated two Unfiying receivers so far. I’ve documented and posted my experience to my local Linux User Group mailing list. Our community has a lot of Raspberry Pi folks, and the Logitech K400 keyboard is very popular.
https://gtalug.org/pipermail/talk/2017-May/004847.html
Doesn’t work for me…
$ fwupdmgr get-devices
Unifying Receiver
Guid: 77d843f7-682c-57e8-8e29-584f5b4f52a1
Guid: 9d131a0c-a606-580f-8eda-80587250b8d6
UniqueID: */*/lvfs/firmware/com.logitech.Unifying.RQR12.firmware/*
DeviceID: /sys/devices/pci0000:00/0000:00:12.0/usb3/3-1
Description: A Unifying receiver allows you to connect multiple compatible keyboards and mice to a laptop or desktop computer with a single USB receiver. Updating the firmware on your Unifying receiver improves performance, adds new features and fixes security issues.
Plugin: unifying
Flags: allow-online|supported
DeviceVendor: Logitech
Version: RQR12.01_B0019
VersionBootloader: BOT01.02_B0014
Created: 2017-05-25
AppstreamId: com.logitech.Unifying.RQR12.firmware
Summary: Firmware for the Logitech Unifying receiver
UpdateDescription: RQR12.07_B0029:This release addresses an unencrypted keystroke injection issue known as Bastille security issue #11. The vulnerability is complex to replicate and would require a hacker to be physically close to a target.RQR12.05_B0028:This release addresses an force pairing issue, an unencrypted keystroke injection issue and fake mouse issue known as Bastille security issues #1, #2 and #3. The vulnerabilities are complex to replicate and would require a hacker to be physically close to a target.
UpdateVersion: RQR12.07_B0029
UpdateHash: d0d33e760ab6eeed6f11b9f9bd7e83820b29e970
UpdateChecksumKind: sha1
License: Proprietary
UpdateUri: https://secure-lvfs.rhcloud.com/downloads/938fec082652c603a1cdafde7cd25d76baadc70d-Logitech-Unifying-RQR12.07_B0029.cab
UrlHomepage: http://support.logitech.com/en-us/software/unifying
Vendor: Logitech
Trusted: none
$ sudo fwupdmgr unlock /sys/devices/pci0000:00/0000:00:12.0/usb3/3-1
Device /sys/devices/pci0000:00/0000:00:12.0/usb3/3-1 is not locked
$ sudo fwupdmgr update
Downloading RQR12.07_B0029 for Unifying Receiver…
Updating RQR12.07_B0029 on Unifying Receiver…
Restarting device… [****************************************]
failed to attach back to runtime: failed to get data: device was disconnected
This is however on 0.9.2-2.fc25 , so maybe it doesn’t work on Fedora 25 for some odd reason?
I lied, the error with “device was disconnected” seems like it just needed to reboot to update. After reboot it is on the updated firmware now.
It worked perfect!
Thank you!
Hi, and thanks for the work you’re doing here.
I keep running into a “Timeout was reached” problem. This seems to stop the update process, but I’ve also had it happen with the refresh. I guess it could be a network issue, but I’m not sure how to diagnose further. If I do a wget on the DownloadURI, the file is retrieved without any problems.
I’m running fwupd-0.9.2-2.fc25.x86_64 on Fedora 25. Any help, when you’re not busy, would be great.
Thanks,
Mark C.
Still not working for me:
# fwupdmgr -v update
Downloading RQR12.07_B0029 for Unifying Receiver…
Updating RQR12.07_B0029 on Unifying Receiver…
Writing… [********************* ]
Restarting device… [****************************************]
failed to attach back to runtime: failed to get data: transfer failed
And after replug Unifying Receiver
[root@localhost ~]# fwupdmgr -v refresh
[root@localhost ~]# fwupdmgr -v update
Downloading RQR12.07_B0029 for Unifying Receiver…
Updating RQR12.07_B0029 on Unifying Receiver…
Decompressing…
not found /sys/devices/pci0000:00/0000:00:14.0/usb1/1-9/1-9.1/1-9.1.6
very good work. thanks a lot.
I can confirm, this works on Fedora 25, Arch Linux and Manjaro.
In Manjaro you have to fix the PGKBUILD, like described in AUR at package fwupd (https://aur.archlinux.org/packages/fwupd/)
Hi Hughsie! I tried this on Debian using the current `fwupd` build from _experimental_. After `service fwupd status && fwupdmgr refresh` I tried `fwupdmgr update`, which unfortunately failed saying “No devices can be updated: Nothing to do”. My receiver identifies through `lsusb` as _046d:c52b Logitech, Inc. Unifying Receiver_.
I’ve some problem with the update:
Downloading RQR24.05_B0029 for Unifying [runtime]…
Updating RQR24.05_B0029 on Unifying [runtime]…
Decompressing?
version of bootloader incorrect: failed predicate [BOT03.0[0-1]_* regex BL.000.006]
I’m not sure that the dongle is in the right state for starting the update. How to put in boot loader mode?
Can you open an issue against fwupd on github please with the full output of fwupdmgr get-devices please.
Actually, it looks like you have an old version of fwupd running. Perhaps reboot?
The 0.9.2 package has been added to Debian experimental as well now.
I am also seeing a problem with the 046d:c52b on Arch.
After installing fwupd from git, this date.
Restarting fwupd with “killall fwupd”.
$ lsusb
Bus 003 Device 002: ID 046d:c52b Logitech, Inc. Unifying Receiver
$ fwupdmgr -v get-devices
Unifying Receiver
Guid: 77d843f7-682c-57e8-8e29-584f5b4f52a1
Guid: 9d131a0c-a606-580f-8eda-80587250b8d6
DeviceID: /sys/devices/pci0000:00/0000:00:1d.1/usb3/3-1
Plugin: unifying
Flags: allow-online
DeviceVendor: Logitech
Version: RQR12.01_B0019
VersionBootloader: BOT01.02_B0014
Created: 2017-05-27
$ sudo fwupdmgr refresh
[ This is silent, which is kind of annoying. ]
$ sudo fwupdmgr update
No devices can be updated: Nothing to do
Perhaps a separate issue – unplugging and replugging the device gives only:
$ fwupdmgr -v get-devices
USB Receiver
Guid: 77d843f7-682c-57e8-8e29-584f5b4f52a1
Guid: 9f1820d3-8b97-5d02-8889-b47b2037247b
DeviceID: usb:00:01
Plugin: usb
Flags: none
Version: 18.1
Created: 2017-05-27
But then, restarting fwupd, with “killall fwupd”, gives again:
$ fwupdmgr -v get-devices
Unifying Receiver
Guid: 77d843f7-682c-57e8-8e29-584f5b4f52a1
Guid: 9d131a0c-a606-580f-8eda-80587250b8d6
DeviceID: /sys/devices/pci0000:00/0000:00:1d.1/usb3/3-1
Plugin: unifying
Flags: allow-online
DeviceVendor: Logitech
Version: RQR12.01_B0019
VersionBootloader: BOT01.02_B0014
Created: 2017-05-27
So now, the output of “fwupdmgr -v get-devices” depends upon the history of device-plugging and fwupd-starting. This seems very very bad.
I’ve done zero testing on Arch, sorry.
Fedora 25, fwupd 0.9.2-2.fc25 installed and restarted (fresh reboot actually), and:
046d:c52b Logitech, Inc. Unifying Receiver
However, `sudo fwupdmgr -v refresh` is always failing with a timeout.
I’ve successfully updated one Unifying Receiver (after updating to appstream-glib-0.6.13 as suggested in one of the comments). However, I am struggling with an older device. I get some resource errors in fwupd: https://pastebin.com/URz1F5jp
Should be fixed in https://github.com/hughsie/fwupd/commit/e1e9fa99b460f71c20fd4bb8fd68bbf196278634
Thanks, confirming the fix.
Tested today on a Fedora25 XPS 13 (popular development machine):
# fwupdmgr refresh && fwupdmgr update
Downloading RQR12.07_B0029 for Unifying Receiver…
Updating RQR12.07_B0029 on Unifying Receiver…
Decompressing…
Writing… [********************* ]
Restarting device… [****************************************]
Downloading 0.1.3.5 for XPS 13 9360…
Updating 0.1.3.5 on XPS 13 9360…
Decompressing… [****************************************]
Retrying as an offline update…
Scheduling… [****************************************]
Hi,
what a breeze! This worked flawlessly – thanks a lot for your awesome work!
Rouven
Thank you for the effort to get Logitech to cooperate.
Thanks for your efforts. Worked for me on F25:
Installed Packages
Name : fwupd
Arch : x86_64
Epoch : 0
Version : 0.9.2
Release : 2.fc25
Size : 855 k
Repo : @System
From repo : updates
Summary : Firmware update daemon
URL : https://github.com/hughsie/fwupd
License : GPLv2+
Description : fwupd is a daemon to allow session software to update device firmware.
————
Before updating:
$ fwupdmgr get-devices
Unifying Receiver
Guid: 77d843f7-682c-57e8-8e29-584f5b4f52a1
Guid: cc4cbfa9-bf9d-540b-b92b-172ce31013c1
DeviceID: /sys/devices/pci0000:00/0000:00:13.4/usb6/6-1
Plugin: unifying
Flags: allow-online
DeviceVendor: Logitech
Version: RQR24.01_B0023
VersionBootloader: BOT03.01_B0008
Created: 2017-06-11
Do the update:
# fwupdmgr refresh && fwupdmgr update —
Downloading RQR24.05_B0029 for Unifying Receiver…
Updating RQR24.05_B0029 on Unifying Receiver…
Decompressing…
Writing… [********************** ]
Restarting device… [****************************************]
[root@oscar etc]# fwupdmgr get-devices
USB Receiver
Guid: 77d843f7-682c-57e8-8e29-584f5b4f52a1
Guid: a00c69e9-62ec-56f5-bab4-177f3424793c
DeviceID: usb:00:01
Plugin: usb
Flags: none
Version: 36.5
Created: 2017-06-11
Only thing I noticed is label got changed from “Unifying Receiver” to “USB Receiver”. This is on a 4.11.3-202.fc25.x86_64 system (KDE).
In your last screenshot I can see you’ve installed Firefox developer edition via GNOME software? How did you do that? In my Fedora installation it is not available…
I’m using the flatpak package — it works great!
Hm, I’m getting Timeout was reached for all commands like get-updates/refresh etc. Get-devices works but update shows “No devices can be updated: Nothing to do”, tried both URIs testing and the one that comes from the repo. I’m using: fwupd-0.9.3-1.fc26.x86_64
You need 0.9.3-2 or later — the first build had a bug.
Hm, I’ve updated today to 0.9.4-1.fc26.x86_64 and some things started to work, but now “main feature” does not work with same error: https://pastebin.com/C7Q3t19F
You need 0.9.4-2 to avoid a common problem.
It’s always the next version :)