<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> Reminding me of updating the BIOS on my 486 by receiving a physical DIP-40 in the mail 😆</p>

<p>see, this is really enjoyable because it involves interacting with neither (a) their hardware, as i don&#39;t have any and (b) their software, as i can&#39;t be arsed to install the apk even once</p><p>reading the decompiled sources is kinda fun</p>

<p>apparently they don&#39;t give you the firmware</p><p>they send you a dongle. like, by mail. by post. in a parcel or something</p><p>anyway they also let you upgrade it via their app so let&#39;s reverse-engineer their app i guess</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> kill it with fire.</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> Of course it is.</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> So, by looking at the other related vulns, I take it that administrators can&#39;t normally execute OS commands? What a world.</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@dramforever" class="u-url mention">@<span>dramforever</span></a></span> the squashfs has no entry in the FIT, i found it using binwalk</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@mhkohne" class="u-url mention">@<span>mhkohne</span></a></span> it seems to be built on jenkins</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> an entire partition of undefined behaviors!</p>