Details in thread
The demo works on all available dongles and is a prototype for a talk (not public).
The client side agent is based on .NET and is about 12KB in size (debug version).
As current Logitech dongles are still affected by injection, even after KeyJack/MouseJack is patched (refer my PoC2) they could ...
The client agent needs no elevated user privileges.
The shell works even if no paired device is in range. And it works the otherway around: while the shell is running, one could still use paired wireless devices.
Important: This is not a security issue with the Unifying dongles, this "covert channel" utilizes techniques which behave as intended.
It was my initial intention to develop such a ...
On Linux end, a CrazyRadio with modified firmware is used. This radio works with 20dBm, so the shell could be ran from "long range"
s/reverse/remote/
(Distinguishing reverse/bind shell doesn't make sense here)