This Week In Security: MegaOWNed, Store Danger, And FileFix

June 27, 2025 by 7 Comments

Earlier this year, I was required to move my server to a different datacenter. The tech that helped handle the logistics suggested I assign one of my public IPs to the server’s Baseboard Management Controller (BMC) port, so I could access the controls there if something went sideways. I passed on the offer, and not only because IPv4 addresses are a scarce commodity these days. No, I’ve never trusted a server’s built-in BMC. For reasons like this MegaOWN of MegaRAC, courtesy of a CVSS 10.0 CVE, under active exploitation in the wild.

This vulnerability was discovered by Eclypsium back in March and it’s a pretty simple authentication bypass, exploited by setting an X-Server-Addr header to the device IP address and adding an extra colon symbol to that string. Send this along inside an HTTP request, and it’s automatically allowed without authentication. This was assigned CVE-2024-54085, and for servers with the BMC accessible from the Internet, it scores that scorching 10.0 CVSS.

We’re talking about this now, because CISA has added this CVE to the official list of vulnerabilities known to be exploited in the wild. And it’s hardly surprising, as this is a near-trivial vulnerability to exploit, and it’s not particularly challenging to find web interfaces for the MegaRAC devices using tools like Shodan and others.

There’s a particularly ugly scenario that’s likely to play out here: Embedded malware. This vulnerability could be chained with others, and the OS running on the BMC itself could be permanently modified. It would be very difficult to disinfect and then verify the integrity of one of these embedded systems, short of physically removing and replacing the flash chip. And malware running from this very advantageous position very nearly have the keys to the kingdom, particularly if the architecture connects the BMC controller over the PCIe bus, which includes Direct Memory Access.

This brings us to the really bad news. These devices are everywhere. The list of hardware that ships with the MegaRAC Redfish UI includes select units from “AMD, Ampere Computing, ASRock, ARM, Fujitsu, Gigabyte, Huawei, Nvidia, Supermicro, and Qualcomm”. Some of these vendors have released patches. But at this point, any of the vulnerable devices on the Internet, still unpatched, should probably be considered compromised. Continue reading “This Week In Security: MegaOWNed, Store Danger, And FileFix”

The Tao Of Bespoke Electronics

June 25, 2025 by 60 Comments

If you ever look at projects in an old magazine and compare them to today’s electronic projects, there’s at least one thing that will stand out. Most projects in “the old days” looked like something you built in your garage. Today, if you want to make something that rivals a commercial product, it isn’t nearly as big of a problem.

Dynamic diode tester from Popular Electronics (July 1970)

For example, consider the picture of this project from Popular Electronics in 1970. It actually looks pretty nice for a hobby project, but you’d never expect to see it on a store shelf.

Even worse, the amount of effort required to make it look even this good was probably more than you’d expect. The box was a standard case, and drilling holes in a panel would be about the same as it is today, but you were probably less likely to have a drill press in 1970.

But check out the lettering! This is a time before inkjet and laser printers. I’d guess these are probably “rub on” letters, although there are other options. Most projects that didn’t show up in magazines probably had Dymo embossed lettering tape or handwritten labels.

Continue reading “The Tao Of Bespoke Electronics”

The Most Satisfying Way To Commit

June 20, 2025 by 8 Comments

Have you ever finished up a bit of code and thought that typing “git push” in a terminal is just not a satisfying finish? So did [penumbriel], so he built a big red button he could smash instead.

This is a very simple hack: an Arduino sits inside a 3D-printed case that holds a big, red button. The case itself is very sturdily made to withstand a good satisfying smack: it has thick walls, brass insets, and rubber feet to protect the de The code for the Arduino is very, very simple: it spoofs a USB HID using the standard keyboard library, and automatically types out “git push” whenever the button is pressed. Or smashed, because you know you’re going to want to slam that thing. So far, so good– very innovative for 2006, right?

The detail that made this project stand out in 2025 was the technique [penumbriel] used for lettering– we’re always looking

With a simple soap-and-water mask, the cured silicone peels right off, leaving a clean label.

for new ways to make a good front panel. In this case, the letters were printed as a valley and filled with silicone adhesive. To protect the top surface of the print, soapy water was used as a mask. The silicone would not adhere to the wet plastic, so all [penumbriel] had to do was peel it off after it had cured, leaving solid white inside. It’s a neat trick, and a great way to use up an old tube of silicone before it goes hard. You could also use it for injection molding, but this is a great use for the dregs.

This might go well next to the programmer’s macro pad we featured a while back, but it really needs to stay as a big red button for maximum satisfaction.

 

Wood bent into a spiral

Make Magical-Looking Furniture With Kerf Bend Wizard

June 14, 2025 by 26 Comments

The intersection between “woodworkers” and “programmers” is not a densely populated part of the Venn diagram, but [Michael Schiebler] is there with his Kerf Bend Wizard to help us make wood twist and bend like magic.

Kerf bending is a fine technique we have covered before: by cutting away material on the inside face of a piece of wood, you create an area weak enough to allow for bending. The question becomes: how much wood do I remove? And where? That’s where Kerf Bend Wizard comes to the rescue.

More after the break…

Continue reading “Make Magical-Looking Furniture With Kerf Bend Wizard”

ChatGPT Patched A BIOS Binary, And It Worked

June 7, 2025 by 107 Comments

[devicemodder] wrote in to let us know they managed to install Linux Mint on their FRP-locked Panasonic Toughpad FZ-A2.

Android devices such as the FZ-A2 can be locked with Factory Reset Protection (FRP). The FRP limits what you can do with a device, tying it to a user account. On the surface that’s a good thing for consumers as it disincentivizes stealing. Unfortunately, when combined with SecureBoot, it also means you can’t just install whatever software you want on your hardware. [devicemodder] managed to get Linux Mint running on their FZ-A2, which is a notable achievement by itself, but even more remarkable is how it was done.

So how did [devicemodder] get around this limitation? The first step was to dump the BIOS using a CH341A-based programmer. From there, the image was uploaded to ChatGPT along with a request to disable SecureBoot. The resulting file was flashed back onto the FZ-A2, and all available fingers were crossed.

And… it worked! ChatGPT modified the BIOS enough that the Linux Mint installer could be booted from a flash drive. There are a bunch of bugs and issues to work through but in principle we have just seen AI capable enough to successfully patch a binary dump of BIOS code, which, for the record, is kind of hard to do. We’re not sure what all of this might portend.

So is uploading binaries to ChatGPT with requests for mods vibe coding? Or should we invent a new term for this type of hack?

Running FreeDOS And 8086tiny On The Game Boy Advance Because You Can

June 5, 2025 by 21 Comments

How many people haven’t looked at their Game Boy Advance (GBA) handheld gaming device and wondered how much better it might be if it could run FreeDOS. Inside an 8086 emulator. If you’re like [ZZAZZ] and similarly suffer intrusive project-related thoughts, then this might be a moment of clear recognition, somewhat like sharing one’s story at a Programmers Anonymous meeting, but we digress.

In the video, the basic premise of making even the 8086tiny emulator work on the GBA seemed improbable on the outset – courtesy of the rather limited memory environment provided by the GBA – before even daring to look at things like disk access.

However, letting silly things like segmented memory and mismatched memory addresses deter us from pleasing said intrusive thoughts would be beyond the pale. Ergo we get a shining example of how days of rewriting code, stripping code, debugging code, fixing alignment issues in code and writing work-arounds for newly discovered issues in code can ultimately lead to the proud moment where FreeDOS boots on the GBA.

Granted it takes over an hour to do so, and has to be started from a butchered Pokémon Emerald save file, courtesy of a well-known exploit in that game, thankfully preserved in counterfeit cartridges.

Admittedly we’re not sure what practical applications there are for FreeDOS on the GBA, but that’s never stopped hackers from taking on impossible projects before, so there’s no sense letting it get in the way now.

Continue reading “Running FreeDOS And 8086tiny On The Game Boy Advance Because You Can”

Tune In To “Higher Lower”, The Minimal Handheld Electronic Game

June 4, 2025 by 8 Comments

[Tommy] has a great write-up about designing and building a minimalistic handheld electronic game called “Higher Lower”. It’s an audio-driven game in which the unit plays two tones and asks the player to choose whether the second tone was higher in pitch, or lower. The game relies on 3D printed components and minimal electronics, limiting player input to two buttons and output to whatever a speaker stuck to an output pin from an ATtiny85 can generate.

Fastener-free enclosure means fewer parts, and on the inside are pots for volume and difficulty. We love the thoughtful little tabs that hold the rocker switch in place during assembly.

Gameplay may be straightforward, but working with so little raises a number of design challenges. How does one best communicate game state (and things like scoring) with audio tones only? What’s the optimal way to generate a random seed when the best source of meaningful, zero-extra-components entropy (timing of player input) happens after the game has already started? What’s the most efficient way to turn a clear glue stick into a bunch of identical little light pipes? [Tommy] goes into great detail for each of these, and more.

In addition to the hardware and enclosure design, [Tommy] has tried new things on the software end of things. He found that using tools intended to develop for the Arduboy DIY handheld console along with a hardware emulator made for a very tight feedback loop during development. Being able to work on the software side without actually needing the hardware and chip programmer at hand was also flexible and convenient.

We’ve seen [Tommy]’s work before about his synth kits, and as usual his observations and shared insights about bringing an idea from concept to kit-worthy product are absolutely worth a read.

You can find all the design files on the GitHub repository, but Higher Lower is also available as a reasonably-priced kit with great documentation suitable for anyone with an interest. Watch it in action in the video below.

Continue reading “Tune In To “Higher Lower”, The Minimal Handheld Electronic Game”