logitech-usb-restore writes the bootloader as well as the firmware

Question

logitech-usb-restore writes the bootloader as well as the firmware

Opened this issue 8 years ago · 7 comments

The vendor flash tool stops before 0x7000 to avoid writing the bootloader (which could fail) but logitech-usb-restore seems to write the entire hex file.

Answer 1 · 2017-04-09T12:07:51.000Z

FWIW it looks like on my logitech dongles the main bootloader is write-protected, but part of the bootloader extends into the datapage area and can be overwritten, so it might very well be brickable. The infopage configuration has the start of the protected area as page 0x3a and enables infopages (pages 0x3e and 0x3f).
Also the last 16 bytes of the datapage area have an uneven bit count and so execution always starts in the protected area at the bootloader. On startup you can force the bootloader to not start the payload by shorting P0.4 and P0.5.

Answer 2 · 2023-06-21T05:40:23.000Z

FWIW it looks like on my logitech dongles the main bootloader is write-protected, but part of the bootloader extends into the datapage area and can be overwritten, so it might very well be brickable. The infopage configuration has the start of the protected area as page 0x3a and enables infopages (pages 0x3e and 0x3f).

Also the last 16 bytes of the datapage area have an uneven bit count and so execution always starts in the protected area at the bootloader. On startup you can force the bootloader to not start the payload by shorting P0.4 and P0.5.

hi,

i have signed bootloader of nrf24lu1p logitech cu-0007 and can't flash custom fw, do i need short P0.4 and P0.5 to bypass bootloader to flash custom firmware?

Answer 3 · 2023-06-21T06:50:42.000Z

i have signed bootloader of nrf24lu1p

I thought the signed bootloader only accepts signed firmware regardless of GPIO?

Answer 4 · 2023-06-21T19:00:15.000Z

i have signed bootloader of nrf24lu1p

I thought the signed bootloader only accepts signed firmware regardless of GPIO?

I think i solved all issue in here of signed bootloader:

https://twitter.com/drcrecovery/status/1671590705238781953?s=46

Answer 5 · 2023-06-22T10:54:38.000Z

I think MouseJack was pretty powerful as you didn't need to disassemble the receiver :) Have you told Logitech about this?

Answer 6 · 2024-03-23T13:49:20.000Z

i have signed bootloader of nrf24lu1p

I thought the signed bootloader only accepts signed firmware regardless of GPIO?

I think i solved all issue in here of signed bootloader:

https://twitter.com/drcrecovery/status/1671590705238781953?s=46

may we see a tutorial how to do it? I would appreciate help. thank you :)

Answer 7 · 2024-03-24T06:25:49.000Z

i have signed bootloader of nrf24lu1p

I thought the signed bootloader only accepts signed firmware regardless of GPIO?

I think i solved all issue in here of signed bootloader:

https://twitter.com/drcrecovery/status/1671590705238781953?s=46

may we see a tutorial how to do it? I would appreciate help. thank you :)

you can contact me via gmail or other social network:

hanaloginstruments@gmail.com