Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

logitech-usb-restore writes the bootloader as well as the firmware #3

Open
hughsie opened this issue Dec 8, 2016 · 7 comments
Open

Comments

@hughsie
Copy link

hughsie commented Dec 8, 2016

The vendor flash tool stops before 0x7000 to avoid writing the bootloader (which could fail) but logitech-usb-restore seems to write the entire hex file.

@ranma
Copy link

ranma commented Apr 9, 2017

FWIW it looks like on my logitech dongles the main bootloader is write-protected, but part of the bootloader extends into the datapage area and can be overwritten, so it might very well be brickable. The infopage configuration has the start of the protected area as page 0x3a and enables infopages (pages 0x3e and 0x3f).
Also the last 16 bytes of the datapage area have an uneven bit count and so execution always starts in the protected area at the bootloader. On startup you can force the bootloader to not start the payload by shorting P0.4 and P0.5.

@DRCRecoveryData
Copy link

FWIW it looks like on my logitech dongles the main bootloader is write-protected, but part of the bootloader extends into the datapage area and can be overwritten, so it might very well be brickable. The infopage configuration has the start of the protected area as page 0x3a and enables infopages (pages 0x3e and 0x3f).

Also the last 16 bytes of the datapage area have an uneven bit count and so execution always starts in the protected area at the bootloader. On startup you can force the bootloader to not start the payload by shorting P0.4 and P0.5.

hi,

i have signed bootloader of nrf24lu1p logitech cu-0007 and can't flash custom fw, do i need short P0.4 and P0.5 to bypass bootloader to flash custom firmware?

@hughsie
Copy link
Author

hughsie commented Jun 21, 2023

i have signed bootloader of nrf24lu1p

I thought the signed bootloader only accepts signed firmware regardless of GPIO?

@DRCRecoveryData
Copy link

i have signed bootloader of nrf24lu1p

I thought the signed bootloader only accepts signed firmware regardless of GPIO?

I think i solved all issue in here of signed bootloader:

https://twitter.com/drcrecovery/status/1671590705238781953?s=46

@hughsie
Copy link
Author

hughsie commented Jun 22, 2023

I think MouseJack was pretty powerful as you didn't need to disassemble the receiver :) Have you told Logitech about this?

@tracid1987
Copy link

i have signed bootloader of nrf24lu1p

I thought the signed bootloader only accepts signed firmware regardless of GPIO?

I think i solved all issue in here of signed bootloader:

https://twitter.com/drcrecovery/status/1671590705238781953?s=46

may we see a tutorial how to do it? I would appreciate help. thank you :)

@DRCRecoveryData
Copy link

i have signed bootloader of nrf24lu1p

I thought the signed bootloader only accepts signed firmware regardless of GPIO?

I think i solved all issue in here of signed bootloader:

https://twitter.com/drcrecovery/status/1671590705238781953?s=46

may we see a tutorial how to do it? I would appreciate help. thank you :)

you can contact me via gmail or other social network:

[email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants