[devicemodder] wrote in to let us know they managed to install Linux Mint on their FRP-locked Panasonic Toughpad FZ-A2.
Android devices such as the FZ-A2 can be locked with Factory Reset Protection (FRP). The FRP limits what you can do with a device, tying it to a user account. On the surface that’s a good thing for consumers as it disincentivizes stealing. Unfortunately, when combined with SecureBoot, it also means you can’t just install whatever software you want on your hardware. [devicemodder] managed to get Linux Mint running on their FZ-A2, which is a notable achievement by itself, but even more remarkable is how it was done.
So how did [devicemodder] get around this limitation? The first step was to dump the BIOS using a CH341A-based programmer. From there, the image was uploaded to ChatGPT along with a request to disable SecureBoot. The resulting file was flashed back onto the FZ-A2, and all available fingers were crossed.
And… it worked! ChatGPT modified the BIOS enough that the Linux Mint installer could be booted from a flash drive. There are a bunch of bugs and issues to work through but in principle we have just seen AI capable enough to successfully patch a binary dump of BIOS code, which, for the record, is kind of hard to do. We’re not sure what all of this might portend.
So is uploading binaries to ChatGPT with requests for mods vibe coding? Or should we invent a new term for this type of hack?
6 thoughts on “ChatGPT Patched A BIOS Binary, And It Worked”
I did this on a Sony Vaio to enable VTD, and it was scary. But it worked. Then I could run ESXi under Vmware Workstation.
I feel like the people who say AI can’t really write software have their heads in the sand. This is real.
Like many great tools, his has tremendous potential for abuse.
Maybe we need a new term for that sort of wrongdoing – eBuse? iBuse? :)
I’m reminded of the “Journal of the ACM” article “Reflections on Trusting Trust” that Ken Thompson wrote in 1984 (https://dl.acm.org/doi/pdf/10.1145/358198.358210).
Can you trust that ChatGPT didn’t backdoor that bios that it patched and assembled without oversight or supervision?
I could trust it as much as I do the OEM. Which is to say not a lot, putting that extra risk lower on my list compared to all the other problems that come along with this.
