Remember the original NES controller? With a bit of hackery, you can use it to control someone else’s wireless mouse! (If this happened to you at DEF CON, my sincere apologies.) I will show that it is possible to wirelessly compromise a computer that utilizes a Logitech Unifying mouse or keyboard/mouse combo. The transceiver chip supports AES-128 encryption, but this is only enabled for a subset of keyboard transmissions. Mouse packets, keyboard multimedia key press packets, and ACKs are transmitted in cleartext. I reversed engineered the Logitech frame format and constructed a Teensy-based NES controller which functions as a portable attack platform. The controller identifies nearby devices, allowing it to record movement/click data as well as inject malicious frames. Utilizing the controller’s d-pad and buttons as input, it can control arbitrary Logitech mice in the vicinity. In this talk, I will show how it is possible to infer operating system type and display configuration from a passively collected heatmap of mouse movement data. I will then demonstrate applying that information to an active attack. Once the OS type and display configuration are known, it is possible to bring up an on screen keyboard, and inject mouse frames to simulate key presses and download/execute a malicious payload.