My audio interface has SSH enabled by default

Posted by hhh 6 hours ago

My audio interface has SSH enabled by default(hhh.hn)

156 points | 39 comments

rikafurude21 4 hours ago|

Its still crazy to me that everyone has a pocket AI-hacker ready to inspect firmware and modify their devices now. You just put the agent on it and it gives you access in minutes. You would have to be a Hotz tier hacker if you wanted to do anything close to this only last year, or at the very least extremely patient for long hours.

throwaway89201 2 hours ago||

> You would have to be a Hotz tier hacker if you wanted to do anything close to this only last year

This isn't true at all. Yes, LLMs have made it dramatically easier to analyse, debug and circumvent. Both for people who didn't have the skill to do this, and for people who know how to but just cannot be bothered because it's often a grind. This specific device turned out to be barely protected against anything. No encrypted firmware, no signature checking, and built-in SSH access. This would be extremely doable for any medium skilled person without an LLM with good motivation and effort.

You're referring to George Hotz, which is known for releasing the first PS3 hypervisor exploit. The PS3 was / is fully secured against attackers, of which the mere existence of a hypervisor layer is proof of. Producing an exploit required voltage glitching on physical hardware using an FPGA [1]. Perhaps an LLM can assist with mounting such an attack, but as there's no complete feedback loop, it still would require a lot of human effort.

[1] https://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was...

BiraIgnacio 1 hour ago|||

The hacking aspect has been hit and miss for me. Just today I was trying to verify a fix for a CVE and even giving the agent the CVE description + details on how to exploit it and the code that fixed it, it couldn't write the exploit code correctly.

Not to say it's not super useful, as we can see in the article

dpark 1 hour ago||||

> fully secured against attackers, of which the mere existence of a hypervisor layer is proof of

https://en.wikipedia.org/wiki/Virtual_machine_escape

JCattheATM 1 hour ago||

The last one was 8 years ago. It's not a terribly common vuln anymore - not that it ever was.

mswphd 1 hour ago||||

didn't PS3 have a hardcoded nonce for their ECDSA impl that allowed full key recovery? I would agree that I doubt LLMs let people mount side-channel attacks easily on consumer electronics though.

throwaway89201 1 hour ago||

Yes indeed, that chain of exploits was all software and not hardware. Developed after the Hotz exploit and Sony subsequently shuttering OtherOS.

It didn't directly give access to anything however. IIRC they heavily relied on other complex exploits they developed themselves, as well as relying on earlier exploits they could access by rolling back the firmware by indeed abusing the ECDSA implementation. At least, that turned out to be the path of least resistance. Without earlier exploits, there would be less known about the system to work with.

Their presentation [1] [2] is still a very interesting watch.

[1] https://www.youtube.com/watch?v=5E0DkoQjCmI

[2] https://fahrplan.events.ccc.de/congress/2010/Fahrplan/attach...

hrimfaxi 1 hour ago|||

> Perhaps an LLM can assist with mounting such an attack, but as there's no complete feedback loop, it still would require a lot of human effort.

LLMs have had no problem modifying software on an attached android phone. It's only a matter of time.

hhh 4 hours ago|||

its really nice to not have to spend hours looking thru packet captures and stuff, i enjoy digging but as i'm getting older I have less time to spend 16 hour days looking at random firmware blobs

buildbot 4 hours ago|||

This 1000% - I’ve used AI to enable SSH in one Phase One digital back I own, and to reverse engineer and patch the firmware on another to make the back think it’s a different back - Credo 50 to IQ250! The internals are literally the Sam.

Almondsetat 3 hours ago|||

I'm sorry, are you trusting an LLM to touch a camera that costs like a new car?

buildbot 1 hour ago||

Only a little bit of touching for the really expensive one. The Credo 50 was less than 1K though.

Also Phase One Support/Repair is absolutely phenomenal and unless you toast the sensor; repairs are “fairly” economical.

magenta4 1 hour ago|||

[dead]

Thaxll 2 hours ago|||

LLM are not capable of doing that for most things. Having an open ssh device does not require any special "skill".

strbean 4 hours ago||

Damn, maybe I can throw an agent at trying to unlock IMEI spoofing on my Unifi LTE modem. That one guy on twitter who does all the LTE modem unlocking never replied to my tweet :(

yonatan8070 5 hours ago||

Having the firmware image just be a boring old tarball + hash sounds super nice. I wish more devices were this open, and I hope Rode won't see this and decide to lock the firmware upgrades down.

EvanAnderson 4 hours ago||

In the off chance anybody from Rode sees this: This makes me want to purchase your gear. Don't change it.

It's funny this comes up now. Tomorrow I'm dragging my Zoom R20 recorder on-site to use as an overly-featured USB audio interface for a single-mic live stream. If I'd know this about Rode a week ago I'd have purchased one of these and could have left my R20 hooked-up in the home studio!

QuantumNomad_ 1 hour ago||

I’m guilty of using my Zoom R16 in a similar fashion; as USB audio interface most of the time for a couple of inputs.

The only thing that is a little sad about it is that for example the faders do nothing when the R16 is in USB audio interface mode.

It does however like to randomly turn on reverb and one other effect after power cycling. Which I sometimes forget and then wonder for half a second why the audio is sounding weird :P So there is some extra functionality that is available even in USB audio interface mode, although in this case not desirable for me to have enabled within it. If I want to add reverb or other effects when using the R16 as USB audio interface, I prefer to do so in the DAW. I would have liked to be able to use the faders though.

EvanAnderson 34 minutes ago||

Interesting.

I'm running my R20 in USB interface / stereo mix mode and the faders do work. I didn't think about trying to apply any effects. I'll play with that, for fun, but I'd definitely add them in the DAW as well. (I really only use my R20 for multitrack recording and do all my effects in the DAW. I like it, and it can do a ton standalone, but my workflow really just needed a multitrack recorder and I could have probably spent a lot less. It just looked like fun...)

tombert 2 hours ago||

I had to upgrade the firmware in my HP printer a couple years ago.

It’s a printer that I think was released in ~2009 (I am not able to check right now), and in order to upgrade the RAM to 256MB I needed to do a firmware update.

I dreaded this, but then I found out that all you do to update the firmware was FTP a tarball to the printer over the network. I dropped it in with FileZilla, it spent a few minutes whirring, and my firmware was updated.

Then I got mad that firmware updates are ever more complicated than that. Let me FTP or SCP or SFTP a blob there, do a checksum or something for security reasons, and then do nothing else.

thwarted 23 minutes ago||

I think my favorite is wifi access points that support tftp to load a firmware image (with some kind of hardware switch to enable this state). These can be made effective unbrickable and it's really nice for experimenting.

coldcity_again 4 hours ago||

Nice writeup and great domain. I don't know Zola and don't know if this is a common template or a custom jobbie but it's lovely.

bewuethr 1 hour ago|

Looks like the https://www.getzola.org/themes/radion/ theme

montecarl 4 hours ago||

I really want to know how he solved this problem, which I also face:

>last year i bought a Rodecaster Duo to solve some audio woes to allow myself and my girlfriend to have microphones to our respective computers when gaming together and talking on discord in the same room without any echo

hhh 4 hours ago||

the rodecaster can connect to two computers, and we are both generally in the same discord call. so we have both microphones routed into one input for a computer, and the other person joins with their mic muted and the audio just comes from one client. since the mixing is local there's no echo. email me if you have more questions :)

montecarl 30 minutes ago|||

I get it! Thank you that is genius.

donatj 1 hour ago||||

Why connect it to both computers?

kQq9oHeAz6wLLS 1 hour ago|||

Not in the same league or form factor, but I have an old Jabra 65 headset, and the noise canceling is amazing. I can be playing my cello while unmuted on a call, and nobody can hear it.

I know headsets aren't everyone's cup of tea, but a mic close to the source (your mouth) with good noise canceling is a solid solution.

NikolaNovak 3 hours ago||

Doesn't a headset with directional boom microphone do the trick? I may be misinterpreting the problem statement though :-).

9p 5 hours ago||

why was disclosure the objective? wouldn't you want to keep this interface open?

hhh 5 hours ago|

not really an objective, I hope RODE continues to keep it open

vablings 4 hours ago||

https://github.com/ThomasStolt/Copy-Recordings-Off-Rodecaste...

It used to be completely open lol

EvanAnderson 4 hours ago||

That's sad.

realo 4 hours ago||

I understand the hacker rationale to have fun owning the device, and i would like it to stay that way.

But... please do not forget that the CRA will put a heavy blanket on that fire.

cwillu 3 hours ago|

TLA syndrome strikes again, I have no idea what CRA refers to here.

throwaway89201 2 hours ago||

Cyber Resilience Act [1], which is well-intentioned, and doesn't outright forbid user access to firmware, but most vendors will take the easy road and outright block user-modifiable software (if they didn't already), so that their completely closed source, obfuscated and vulnerable version is the only version allowed on their devices.

[1] https://en.wikipedia.org/wiki/Cyber_Resilience_Act

kQq9oHeAz6wLLS 1 hour ago||

Ah, EU-only. That explains why I've never heard of it, among other things.

realo 22 seconds ago||

Well... if you look behind anything that plugs into a wall socket you will see that it has ( among many other things) a CE mark. Even things in the USofA have a CE mark.

If your new product cannot have its CE mark for whatever reason, you will not have the approbations to sell in the USA either.

What the CRA will do, is if you do not have a "CRA" compliant product, you will not have the CE mark. Which means you will not (with very high probability) have the other marks needed to sell outside Europe.

Maybe then you can just sell to your close family members who like you, but good luck if you get caught and it can be proven that your shitty device caused a fire ...

serious_angel 5 hours ago|

[flagged]

hhh 5 hours ago|

because its fun to tear stuff apart and poke at it, and I am writing to share with people and for fun, not as a business.

serious_angel 5 hours ago||

[flagged]

JadeNB 4 hours ago||

You expressed your opinion once. I think that there's no need to shit on the post again.

serious_angel 3 hours ago||

[flagged]