Logitech R-400

[Fairy Dawdy]

Ihave a logitech R400 presenter. It's a remote with forward and back buttons as well as a "presentation start" and a "blank screen" button. The forward and back buttons work great out of the box. Xev shows they are mapped to "Next" and "Prev" and they behave accordingly in evince presentation mode.

The presentation start and blank screen buttons don't do anything. Xev does not register any event when they are pressed. I don't mind so much about the blank screen, but it would be nice if I could just bind the "play" button to F5.

Warning: The R400, R600 and R700 series of presenters are attack vectors and considered harmful. While Heise made an article that detailed that Logitech would exchange the receivers, it did actually not. They sent out a pair of incompatible C-U0014 receivers which could not be paired with R-R0004 presenters and then stopped their program, claiming only to exchange the presenter if it was under warranty, which is a security nightmare (I just tried to get the correct receiver, but Maven M. from Logitech wanted to have the receipt for the module which I obviously do not have anymore). In other words: The hardware is extremely vulnerable, Logitech accepts that it is like that but does not want to get this fixed, so I can only recommend to dispose of the presenter line and do not buy from Logitech anymore. Here is the security write up with the proof of concept to that attack:

Then, connect your dongle, find the logitech_presenter_connection.exe and start it. After that, the software will ask you to power up your presenter while holding down the to the left and to the right keys of the presenter. 3+ seconds after powering up and holding down the keys, you can release the keys, turn off the presenter again and click Ok in the software. Power on your presenter again and see if it works, if not - try the procedure again.

Update (2021): Had to update the download link again, thanks Christopher for asking. But I guess you need to start the software with admin rights (maybe even Win XP, Win 7 "emulation"?), I could not pair my second dongle right now, but the battery is also nearly flat, so that should be an issue.... the software as what I had back then... Maybe it helps some one ?

Looks like Logitech has removed the software altogether now. There are a number of sketchy looking sites that seem to have it, but I hesitate to download it from a site clearly pretending to be Logitech support...

There under Downloads you will see nothing. But you should change the Windows Version to Windows 8. You will see the program for Presenter. If you choose "Show all downloads" there will be "Pairing-Funktion fr Prsentationsgert" Program (Don't know how it is in english). This you can run on Windows 10 and pair your presenter and receiver.

Direct link for the program: _1.0.38.exe

I have several remote controls and receivers - I tried to pair them but without success. I read somewhere that pairing is only possible if the receiver is new (replacement) and has never been paired with any remote control before. Is it true?

Other than that, I only got two pairs of these logitech presenters and I discontinued them - the receivers are basically backdoors, without much hardware you can easily use them to attack a computer that has such a receiver plugged in, I can only recommend to throw them away.

However since it probably closed source you will not know if the program driver supplied is safe. Does it use RSA or AES encryption ? Even if they use these protocols, might they be extracted from either remote or receiver ?

Turns out the Logitech R400, R700 and (apparently) the R800 are vulnerable to remote keypress injection attacks; meaning that an attacker can send any keypress to the device where the presentation dongle is plugged in.

Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, for example in order to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of a Logitech R700 wireless presenter.

Darber hinaus brachte Logitech erstmals eine Austauschmglichkeit ins Spiel: "Sie [die Kunden, Anm. der Redaktion] knnen sich auch an den Logitech-Kundendienst wenden, um einen Ersatzempfnger zu erhalten: www.logitech.com/contact".

In addition, for the first time, Logitech has introduced an exchange opportunity: "You [the customer, editor's note] may also contact Logitech Customer Support for a replacement receiver: www.logitech.com/contact".

It is possible that the USB device plugged in the host computer is seen by the host computer as a kind of mouse or keyboard. As such, this would make the computer ready to accept mouse-like or keyboard-like events (as if someone was clicking or typing text).

It is conceivable that the USB device is itself ready to receive and process keyboard-like event. The clicker will not send those, of course; but Logitech also manufactures wireless keyboards and it would make sense that they reuse components between products, to save on development and production costs.

Hopefully, the clicker and the receiver have some sort of automatic cryptographic pairing procedure which reduces the possibilities of an hostile hijack (a man-in-the-middle could still be possible, since avoiding it may entail substantial computing effort from the involved devices). However, since this communication is between a Logitech device and another Logitech device, and the two of them are sold together, then there is no incentive for this protocol to be standard or at least documented. So you cannot be sure that things were done properly.

Also, any wireless receiver implies that there must be some driver software which analyzes data obtain from "the outside". Any bug in such a driver could be exploited (and yield kernel-level access to the host computer).

3a8082e126