Welcome

Conclusion

While the default firmware in the Rapid-I isn't half bad by itself, there are more things you can do with the keyboard than what Coolermaster thought of. With this hack, apart from playing Snake, any programmer can theoretically think up effects to run on the keyboard. I hope I even made it a bit safer to use too: the requirement to physically press a combination of keys should make it harder for anyone malicious targeting this keyboard.

As usual, the code I used to write this is open-source: the firmware dissection and update tool is licensed under the GPLv3 license, the Snake hack and other code that's running on the keyboard itself is under a Beer-Ware license. I had to clean all the Coolermaster-owned code and binaries out of it for legal reasons, but you can pretty much rebuild that by downloading the 1.1.7 firmware update for this keyboard and letting the code dissect and rebuild that. The hack, at this moment, only is tested for US keyboards, because that's the one I have. You can grab all the sources here.

« Prev 7 

30 comments

Ju wrote at 28 Nov 2016, 20.36:

P.S. The link is for the US layout, 87 keys (I don't have the old EU layout with 88 keys firmware)

Ju wrote at 28 Nov 2016, 20.34:

You can move from 1.17 to 1.22 and back. If you need the old (stock) version 1.17: http://s000.tinyupload.com/index.php?file_id=03547530064817213720 Don't forget you need to press FN+f once you are on the modified 1.17 version and want to go back to the stock. It is amazing that the stock version doesn't feature any protection as offered by Sprite_tm. It is a shame that the 1.17 version features some boot problems and Sprite_tm doesn't port the hack back to 1.22 which is so much more stable, but lack any protection of firmware/malware update :(

hex wrote at 21 Jun 2016, 20.14:

Does anyone know if this works on the 1.2.2 firmware? I got into this a bit late, and the CoolerMaster website no longer offers the 1.1.7 firmware. I can't find a download for the 1.1.7 firmware anywhere so I can't even test this out.

JsT wrote at 8 Apr 2016, 23.33:

One hint: I was able to upgrade from the hacked version 1.1.7 to the latest 1.2.2 and then back to the modified 1.1.7 So, for now, moving from the hacked to stock and back is possible! :)

JsT wrote at 8 Apr 2016, 23.16:

Thank you for the source and instructions! My stock version was 1.18 but I was able to downgrade to 1.17 simply by using your hack without issues! What I'm much more interested than playing snake is actually getting full control of the keyboard's LED. Just image the editor like Vim which has different modes and plugin that will highlight only those keys that are available for specific mode and disable the LEDs for those that are not used. Or if you use IDE like Intellij, so once you press Ctrl key then you see highlighted only the possible keys for combination. Further reduced once you press both Ctrl+Shif and so on. A lot of fun you might have with contextual enable/disable of the LEDs. The current version of the firmware is 1.22 and I'm patiently waiting to find some time to update the hack to the latest version and probably share more info about LED management via USB! Thanks!

Andrew wrote at 9 Feb 2016, 6.43:

Well seems like somebody from CM has been reading this :) latest official FW upgrade has the game too, You sir are awesome, that's some pretty neat hacking!

anonymous wrote at 18 Jan 2016, 14.24:

Well, seems like it got a snake mode by default: http://community.coolermaster.com/index.php/topic/14176-quickfire-rapid-i-firmware-update-notes/

neutronscott wrote at 11 Sep 2015, 21.28:

This is motivation to try the same on Ducky Mini. I don't have the keyboard yet but already looked at differences of the US and EU firmware updaters. It's very similar. Lots of nulls at end of exe followed by version, XOR enc likely the same (many A5's) ... Glad you paved the way or I'd not know how to start. I just want CAPSLOCK to be ESC, dammit! :)

jessestr wrote at 26 Aug 2015, 3.16:

Would it be possible to create integration with games? Like setting the FN key row on how many health you have left? 1 key per 10% for example...

Kempniu wrote at 8 Jul 2015, 15.12:

This is absolutely awe-inspiring. I salute you for your skills, sir. I would never have the guts to risk bricking a $150 piece of hardware just for teh lulz.

Dave wrote at 10 Jun 2015, 12.53:

Very cool hack, and I was wondering whether it would therefore be possible to change the key light setting macros into actual macro keys? I was a bit disappointed to learn that the macro keys only set a custom light pattern, rather than playing back a stored set of keystrokes.

Hitechcomputergeek wrote at 11 Apr 2015, 8.47:

I say that, if you do end up porting this to fw 1.20, you should change the firmware upgrade sequence to be pressing and holding [fn]+[f1-f5] for five seconds. Then, have those six keys light up while it is in firmware update mode. Awesome job, by the way! Out of curiosity, how did your co-worker react?

Sprite_tm wrote at 7 Jan 2015, 17.54:

Izaq: Yeah, it's pretty visible indeed. It's probably possible to disable it; there are also other tricks to make it way less obvious (eg different phasing of the LEDs). If I have time, I'll see if I can do something like that.

Izaq wrote at 6 Jan 2015, 11.10:

The Rapid-I uses a 200Hz PWM to control the lights. It can be quite disturbing to the eye, imo. Does anyone know if the software can be hacked to increase the PWM (or disable it)?

Sprite_tm wrote at 5 Jan 2015, 10.56:

Yes, afaik the firmware is freely up- and downgradable. I may end up porting the hack to 1.20 if I have the time.

Shoes wrote at 3 Jan 2015, 20.07:

So, you're mod's awesome. I've been looking into doing this but I'm running the 1.20 firmware, you think it would be safe to switch this over from that?

Oguz wrote at 12 Dec 2014, 1.11:

Hey Sprite, could you please elaborate on how you got SWD working with your TIAO board? I have the same board and I'm using openocd 0.8 on linux, but so far I'm not able to get it to talk SWD instead of JTAG. Also, awesome hack! Definately going to do this if I get this keyboard :)

Sprite_tm wrote at 1 Dec 2014, 9.25:

George: It's there, but you may have to fuzz with the name a bit or just search for "rapid i". For example, the T.net pricewatch has them under the name 'CM Storm QuickFire Rapid-i'. Also, yes, there probably are ways around my flash protection; I've never said it's perfect though.

george wrote at 30 Nov 2014, 8.06:

One more question :) Where did you order the keyboard ? Is not listed on Pricewatch on tweakers. net on amazon.co. uk is not availalbe anymore and when I check "Where to buy" on CoolerMaster website for NL I get a number of resellers and webshop none of which having actually this keyboard.

george wrote at 29 Nov 2014, 17.36:

Great hack as always, Jeroen. But I wonder if I understood correctly the way you prevent firmware upgrade by a malicious hacker and if is a watertight method. What if the malicious hacker having control of your Linux workstation places a resident program which watches for Fn-f1 to be pressed (which the owner might eventually press for other legitimate reasons) and then trigger the upgrade ? Maybe a much more complex key sequence which really have zero chance to be pressed for other reasons would be more appropriate ?

Antonio wrote at 27 Nov 2014, 1.00:

Tetris next?

Kaj wrote at 25 Nov 2014, 14.02:

For the next update, you could try and put two games of Snake in there. Samuel L. Jackson would buy it instantly without reading the script. ;)

Sprite_tm wrote at 24 Nov 2014, 20.18:

Dave: Not really. In total, I think it took me about two full days and a couple of evenings to get it done. Without the obfuscation stuff, maybe I could actually do it in 24hours.

Dave wrote at 24 Nov 2014, 18.47:

Nice work! Your colleague joked about 24 hours being plenty of time for you to hack in snake. How long did it really take? From your writeup it sounds like although there were some minor obstacles (security bit, encryption by xor and block swapping) they didn't block your work. Was there any time when you had to stop while you figured out what to do next?

steve wrote at 24 Nov 2014, 15.50:

I picked up this same keyboard a few months ago; it is amazing on its own, but its made even more amazing now by its hackability. Lighting effects aside, being able to hotkey some passwords or adding a keypress counter would be sweet.

Martin wrote at 24 Nov 2014, 14.52:

Great hack. Hope Coolermaster hires you to introduce features to the next firmware updates.

vvvvvv wrote at 24 Nov 2014, 11.36:

Nice! I tried exactly this two weeks ago, but after I had no luck dumping with SWD, I gave up. I never thought to check the manufacturer's website LOL! Let the hacking begin...

Rena Kunisaki wrote at 24 Nov 2014, 7.18:

Wow. Neat hack. It really bugs me that they'd put all this security bit and XOR nonsense into a damned keyboard. I wanted to give the benefit of the doubt that maybe it was to prevent the kind of malicious keylogger update you mentioned, but it seems like it wouldn't prevent that at all (and your hack does a much better job).

fxmy wrote at 24 Nov 2014, 4.16:

Amazing, just amazing!!!;D

ed wrote at 23 Nov 2014, 18.59:

Reading the title of this post, I didn't even want to read it, because it sounded so boring. Snake on a Keyboard? Well duh, how else you want to play it? But now seeing what you meant by that, I laughed my ass off. This is fantastic, man! This should be linked as an example of 'hack value'. Keep up the good work! I've been a fan of your work for a few years now. Hope to read more of you soon!

Leave a comment:

Your name:

What does this picture say?
Sorry, this is a captcha

Your comment:


© 2006-2016 Sprite_tm - Contact