New project on CGRAN: Logitech27MHzTransceiver

Hi everybody,

I want to announce a new project on CGRAN dealing with analysis of
unencrypted and encrypted wireless keyboard transmissions using the
Logitech 27 MHz technology.

With the realized project, the air interface of wireless 27 MHz Logitech
keyboards can be captured and sensitive data can be processed and
interpreted in real time. Having realized a sender as well, an existing
receiver-keyboard-connection can be actively manipulated. The project
allows an user to send individual keystrokes which are accepted from the
receiver since the receiver recognizes the ID from the keyboard
connected to it.

The project was worked out in Master studies on the Hochschule Ulm -
University of Applied Sciences, Germany in the winter term 2010/2011 and
serves only for educational purposes and sensitization of wireless
keyboard users! Furthermore, there is no association between the project
founders and Logitech.

The project can be found at
https://www.cgran.org/wiki/Logitech27MHzTransceiver

Thanks!

Matthias

On Wed, Jun 01, 2011 at 07:08:20PM +0200, Matthias F?hnle wrote:

https://www.cgran.org/wiki/Logitech27MHzTransceiver

Thank you for sharing this, Matthias. It looks like excellent work!

I didn’t realize that Logitech had introduced AES-128 in any of the 2.4
GHz products. The non-Bluetooth 2.4 GHz keyboards I’ve seen from other
vendors (e.g. Microsoft) certainly don’t employ strong encryption. I’ll
have to pick up a Logitech. . .

I was surprised not to see a citation of the KeyKeriki project in your
report. Hopefully you have seen it:

http://www.remote-exploit.org/?page_id=187

Thank you for sharing this, Matthias. It looks like excellent work!

Thank you for your response! There was invested much time in the
project, so leaving it unpublished would be a pity…

I didn’t realize that Logitech had introduced AES-128 in any of the 2.4
GHz products.

It is (said to be) implemented in the Logitech Advanced 2,4 GHz
technology. Have a look at this whitepaper e.g.
http://www.logitech.com/images/pdf/roem/Logitech_Adv_24_Ghz_Whitepaper_BPG2009.pdf
But we have not validated this information explicitly.

remote-exploit.org
Yes, we have seen the project in our phase of literature research. But
since our intention was to introduce a SDR project based on the packet
building structure of GNU Radio, their uC implementation wasn’t really
assistant for us despite dealing with the same topic…

Cheers,

Matthias