TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚑ Community Insights

Discussion Sentiment

64% Positive

Analyzed from 721 words in the discussion.

Trending Topics

#firmware#open#hacker#llm#rode#devices#access#hotz#anything#last

Discussion (23 Comments)Read Original on HackerNews

rikafurude21β€’about 3 hours ago
Its still crazy to me that everyone has a pocket AI-hacker ready to inspect firmware and modify their devices now. You just put the agent on it and it gives you access in minutes. You would have to be a Hotz tier hacker if you wanted to do anything close to this only last year, or at the very least extremely patient for long hours.
throwaway89201β€’33 minutes ago
> You would have to be a Hotz tier hacker if you wanted to do anything close to this only last year

This isn't true at all. Yes, LLMs have made it dramatically easier to analyse, debug and circumvent. Both for people who didn't have the skill to do this, and for people who know how to but just cannot be bothered because it's often a grind. This specific device turned out to be barely protected against anything. No encrypted firmware, no signature checking, and built-in SSH access. This would be extremely doable for any medium skilled person without an LLM with good motivation and effort.

You're referring to George Hotz, which is known for releasing the first PS3 hypervisor exploit. The PS3 was / is fully secured against attackers, of which the mere existence of a hypervisor layer is proof of. Producing an exploit required voltage glitching on physical hardware using an FPGA [1]. Perhaps an LLM can assist with mounting such an attack, but as there's no complete feedback loop, it still would require a lot of human effort.

[1] https://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was...

Thaxllβ€’12 minutes ago
LLM are not capable of doing that for most things. Having an open ssh device does not require any special "skill".
buildbotβ€’about 2 hours ago
This 1000% - I’ve used AI to enable SSH in one Phase One digital back I own, and to reverse engineer and patch the firmware on another to make the back think it’s a different back - Credo 50 to IQ250! The internals are literally the Sam.
Almondsetatβ€’about 2 hours ago
I'm sorry, are you trusting an LLM to touch a camera that costs like a new car?
hhhβ€’about 2 hours ago
its really nice to not have to spend hours looking thru packet captures and stuff, i enjoy digging but as i'm getting older I have less time to spend 16 hour days looking at random firmware blobs
strbeanβ€’about 2 hours ago
Damn, maybe I can throw an agent at trying to unlock IMEI spoofing on my Unifi LTE modem. That one guy on twitter who does all the LTE modem unlocking never replied to my tweet :(
yonatan8070β€’about 3 hours ago
Having the firmware image just be a boring old tarball + hash sounds super nice. I wish more devices were this open, and I hope Rode won't see this and decide to lock the firmware upgrades down.
EvanAndersonβ€’about 2 hours ago
In the off chance anybody from Rode sees this: This makes me want to purchase your gear. Don't change it.

It's funny this comes up now. Tomorrow I'm dragging my Zoom R20 recorder on-site to use as an overly-featured USB audio interface for a single-mic live stream. If I'd know this about Rode a week ago I'd have purchased one of these and could have left my R20 hooked-up in the home studio!

tombertβ€’20 minutes ago
I had to upgrade the firmware in my HP printer a couple years ago.

It’s a printer that I think was released in ~2009 (I am not able to check right now), and in order to upgrade the RAM to 256MB I needed to do a firmware update.

I dreaded this, but then I found out that all you do to update the firmware was FTP a tarball to the printer over the network. I dropped it in with FileZilla, it spent a few minutes whirring, and my firmware was updated.

Then I got mad that firmware updates are ever more complicated than that. Let me FTP or SCP or SFTP a blob there, do a checksum or something for security reasons, and then do nothing else.

montecarlβ€’about 2 hours ago
I really want to know how he solved this problem, which I also face:

>last year i bought a Rodecaster Duo to solve some audio woes to allow myself and my girlfriend to have microphones to our respective computers when gaming together and talking on discord in the same room without any echo

NikolaNovakβ€’about 2 hours ago
Doesn't a headset with directional boom microphone do the trick? I may be misinterpreting the problem statement though :-).
hhhβ€’about 2 hours ago
the rodecaster can connect to two computers, and we are both generally in the same discord call. so we have both microphones routed into one input for a computer, and the other person joins with their mic muted and the audio just comes from one client. since the mixing is local there's no echo. email me if you have more questions :)
coldcity_againβ€’about 2 hours ago
Nice writeup and great domain. I don't know Zola and don't know if this is a common template or a custom jobbie but it's lovely.
9pβ€’about 3 hours ago
why was disclosure the objective? wouldn't you want to keep this interface open?
hhhβ€’about 3 hours ago
not really an objective, I hope RODE continues to keep it open
vablingsβ€’about 3 hours ago
https://github.com/ThomasStolt/Copy-Recordings-Off-Rodecaste...

It used to be completely open lol

EvanAndersonβ€’about 2 hours ago
That's sad.
realoβ€’about 3 hours ago
I understand the hacker rationale to have fun owning the device, and i would like it to stay that way.

But... please do not forget that the CRA will put a heavy blanket on that fire.

cwilluβ€’about 1 hour ago
TLA syndrome strikes again, I have no idea what CRA refers to here.
throwaway89201β€’25 minutes ago
Cyber Resilience Act [1], which is well-intentioned, and doesn't outright forbid user access to firmware, but most vendors will take the easy road and outright block user-modifiable software (if they didn't already), so that their completely closed source, obfuscated and vulnerable version is the only version allowed on their devices.

[1] https://en.wikipedia.org/wiki/Cyber_Resilience_Act