Jump to content
Have You Played Atari Today?
2600|5200|7800|Lynx|Jaguar|Forums|Store
IGNORED

VCS BIOS Related Discussions

andymanone

By andymanone
in VCS PC-Mode Discussion

 Share

Recommended Posts

leech Quadrunner

leech

Posted
Posted
1 minute ago, Angrymoleratsbaggle said:

It was posted to Reddit a little bit ago.

https://old.reddit.com/r/AtariVCS/comments/l1miv3/atari_vcs_bios_exposed/

 

Piano18482

 

I was able to use it to remove the password on my VCS.

Ha, cat is out of the bag.  Though doesn't mean an AtariOS update won't change it, and I don't know if they are required by any laws that they have to keep it locked.  For PCI compliance or something (since they have a store).  One would think that all goes over the web though and they should allow purchases over the web.

Link to comment
Share on other sites
leech Quadrunner

leech

Posted
Posted
8 minutes ago, Angrymoleratsbaggle said:

It was posted to Reddit a little bit ago.

https://old.reddit.com/r/AtariVCS/comments/l1miv3/atari_vcs_bios_exposed/

 

Piano18482

 

I was able to use it to remove the password on my VCS.

Good, means I didn't have to reveal it.  :)

Secure boot is a dumb thing anyhow and is more about control than it is security.  Mind you on the VCS it isn't something that most people will mess with.  Maybe?  Hard to tell at this stage how many will use it as a Mini-PC vs a game console.  Only time will tell.

  • Like 1
Link to comment
Share on other sites
andymanone Moonsweeper

andymanone

Posted
  • Author
Posted
7 minutes ago, Charles Darwin said:

Funny password...so now Atari really has a problem....because every user can do it.

Yet, I am glad that I do not have to open the VCS anymore...thanks! ;-)

 

Yes, but it´s a Hare and Tortoise game ?.

I´m afraid, ATARI will change the password with the next update....

  • Like 1
Link to comment
Share on other sites
leech Quadrunner

leech

Posted
Posted
19 minutes ago, andymanone said:

Yes, but it´s a Hare and Tortoise game ?.

I´m afraid, ATARI will change the password with the next update....

Let's be fair to them, this was going to get hacked anyhow as they posed it as the 'unconsole' in the first place.  Don't know why they bothered with the secure boot in the first place, beyond it being a requirement from a partner or something.

 

Now someone install GamerOS on it.  :)

  • Like 2
Link to comment
Share on other sites
Charles Darwin Star Raider

Charles Darwin

Posted
Posted

During every boot of the AtariOS it checks for updates and automatically installs them. AtariOS updates AND firmware (Bios) updates. You can be sure that a firmware update will come soon...with a new pw ;-)

Does anyone know, where the password was stored? On the emmc or eeprom?

The AtariOS also (automatically) removes any changes you made to the EFI partitions of the emmc. So they clearly thought about security...and yes, I think it is relevant for the future of the VCS.

  • Like 1
Link to comment
Share on other sites
andymanone Moonsweeper

andymanone

Posted
  • Author
Posted (edited)
34 minutes ago, Charles Darwin said:

Does anyone know, where the password was stored? On the emmc or eeprom?

As far as I know, on one of the EFI partitions...

I´ve also access to all partitions now from Windows, but I´m not an linux expert,

so I´m not sure, which folder or file I should be looking for it...

 

Any suggestions?

 

Folders01.JPG

Edited by andymanone
Screenshot added
Link to comment
Share on other sites
Angrymoleratsbaggle Space Invader

Angrymoleratsbaggle

Posted
Posted
8 hours ago, leech said:

Ha, cat is out of the bag.  Though doesn't mean an AtariOS update won't change it, and I don't know if they are required by any laws that they have to keep it locked.  For PCI compliance or something (since they have a store).  One would think that all goes over the web though and they should allow purchases over the web.

 

Yeah, I figure it was already getting posted around anyways.

 

I wouldn't think that it would be required for PCI compliance, otherwise stores like Steam and Origin wouldn't be allowed to run.

 

Link to comment
Share on other sites
Angrymoleratsbaggle Space Invader

Angrymoleratsbaggle

Posted
Posted

An interesting tidbit, the RetroAxisTV script uses efivar to read it from SystemSupervisorPW from the UEFI well the system is running.

 

The password can also be found in the firmware files, in plain text.

The files are located /usr/share/fwupd/remotes.d/vendor/firmware

 

If you run UEFITool you can do a string search for defsetuppswd and find the password there in plain text as well.

 

  • Like 1
  • Thanks 1
  • Haha 2
Link to comment
Share on other sites
Charles Darwin Star Raider

Charles Darwin

Posted
Posted

@andymanone

I think this is the main partition of the emmc, you are looking at. The EFI partitions are EFI-A, EFI-B and EFI-recovery. There are some other strange partitions...verity-A, verity-B, rootfs-A, rootfs-B...which look more promising. Thanks to your boot-from-emmc-disable thing, I dont need any other BIOS setting changes right now. I can use VirtualBox and my VCS boots from the m.2 drive, despite having an original emmc (AtariOS). I am happy with my VCS...life is good ?

 

 

 

 

  • Thanks 2
Link to comment
Share on other sites
leech Quadrunner

leech

Posted
Posted
1 hour ago, Angrymoleratsbaggle said:

 

Yeah, I figure it was already getting posted around anyways.

 

I wouldn't think that it would be required for PCI compliance, otherwise stores like Steam and Origin wouldn't be allowed to run.

 

What it comes down to is secure boot is just another method of control to try to make us not 'own' our own hardware.

  • Like 1
Link to comment
Share on other sites
x=usr(1536) Quadrunner

+x=usr(1536)

Posted
Posted (edited)
47 minutes ago, leech said:

What it comes down to is secure boot is just another method of control to try to make us not 'own' our own hardware.

 

On the unconsole?  With its open Linux and suchlike?  Say it ain't so!

 

Realistically, the reason for enabling secure boot was probably so that people would keep their grubby little fingers out of the BIOS.  Fingers in BIOS == bricked systems == greater support load == denied warranty claims == (another) PR nightmare waiting to happen.

 

Think of it this way: by locking it down, any responsibility for screwing up the system is now moved onto the user who bypasses Secure Boot.  If Fauxtari didn't do that, the press would have a field day with them for releasing a device which people had broken without effort and who were now being told to go pound sand when requesting a replacement.

 

I'm 100% positive that this had nothing to do with controlling the hardware and everything to do with trying to not look completely incompetent.  Unfortunately, storing EFI passwords in cleartext in user-accessible parts of the filesystem pretty much negates that philosophy.

Edited by x=usr(1536)
  • Like 2
Link to comment
Share on other sites
leech Quadrunner

leech

Posted
Posted
6 hours ago, andymanone said:

As far as I know, on one of the EFI partitions...

I´ve also access to all partitions now from Windows, but I´m not an linux expert,

so I´m not sure, which folder or file I should be looking for it...

 

Any suggestions?

 

Folders01.JPG

Huh, did you install an ext4 driver?  or are the partitions actually NTFS?  (I didn't think they were...)

Link to comment
Share on other sites
leech Quadrunner

leech

Posted
Posted
1 hour ago, x=usr(1536) said:

 

On the unconsole?  With its open Linux and suchlike?  Say it ain't so!

 

Realistically, the reason for enabling secure boot was probably so that people would keep their grubby little fingers out of the BIOS.  Fingers in BIOS == bricked systems == greater support load == denied warranty claims == (another) PR nightmare waiting to happen.

 

Think of it this way: by locking it down, any responsibility for screwing up the system is now moved onto the user who bypasses Secure Boot.  If Fauxtari didn't do that, the press would have a field day with them for releasing a device which people had broken without effort and who were now being told to go pound sand when requesting a replacement.

 

I'm 100% positive that this had nothing to do with controlling the hardware and everything to do with trying to not look completely incompetent.  Unfortunately, storing EFI passwords in cleartext in user-accessible parts of the filesystem pretty much negates that philosophy.

Ha, I wasn't referring specifically to the AtariVCS as yes this is meant as a console type system which 'just works' and your average person isn't going to be digging around the bios for settings or really should they be.  So it's fine that us that know more can hack around it and play, kind of the intention I think of the VCS.  I'm talking in general, the whole spec around Secure Boot on the PCs are for locking people out from being able to run their own choice in operating system.  This is why some Linux distributions, despite now having the ability to get signed keys to support it, simply refuse to because it doesn't give any security and only limits on what kernels you can boot.

  • Like 1
Link to comment
Share on other sites
RetroAxis Combat Commando

RetroAxis

Posted
Posted

The password was not actually stored on the filesystem, as I checked /dev/mmcblk0p1 p2 and p3, which are the 3 EFI partitions from the factory. I received a tip that it was stored within the EFI Bios itself.  I remembered from SPARC and PPC they had a command line interface to the OpenFirmware that let you perform get and set operations on the parameters.  There are EFI Tools available for Linux and using these, I was able to locate the password. In theory, this would still work even if Atari changes the PW in a future update unless they start to encrypt the string in the BIOS. So for now, no need to fry your motherboards.

  • Like 7
  • Thanks 1
Link to comment
Share on other sites
andymanone Moonsweeper

andymanone

Posted
  • Author
Posted (edited)
19 minutes ago, leech said:

Huh, did you install an ext4 driver?  or are the partitions actually NTFS?  (I didn't think they were...)

To mount ext4 partitions and similars, I use  this little great tool with Win10 ?:

 

-> Diskinternals Linux-Reader

 

It works fine for me all the time, I use it since a couple of years...

Edited by andymanone
  • Like 2
Link to comment
Share on other sites
Angrymoleratsbaggle Space Invader

Angrymoleratsbaggle

Posted
Posted
6 minutes ago, RetroAxis said:

The password was not actually stored on the filesystem, as I checked /dev/mmcblk0p1 p2 and p3, which are the 3 EFI partitions from the factory. I received a tip that it was stored within the EFI Bios itself.  I remembered from SPARC and PPC they had a command line interface to the OpenFirmware that let you perform get and set operations on the parameters.  There are EFI Tools available for Linux and using these, I was able to locate the password. In theory, this would still work even if Atari changes the PW in a future update unless they start to encrypt the string in the BIOS. So for now, no need to fry your motherboards.

I searched through all the filesystems to see if it was stored in a script or database previously.

Was confused when people were claiming it was stored on the filesystem after your video came out, so went and looked again.

Then I looked at your script and saw you were pulling it with efivar, which made sense.

 

Only place close to on the filesystem it is stored is within the .bin firmware images in the fwupdmgr folders.

I was able to pull it from the images where its stored in plain text in defsetuppswd

 

  • Like 2
Link to comment
Share on other sites
leech Quadrunner

leech

Posted
Posted
32 minutes ago, andymanone said:

To mount ext4 partitions and similars, I use  this little great tool with Win10 ?:

 

-> Diskinternals Linux-Reader

 

It works fine for me all the time, I use it since a couple of years...

Cool, I knew there were various tools (I've used that myself) was just wondering if Win10 had silently added support without me knowing.  On the flip side, Paragon is trying to upstream their ntfs driver to the Linux kernel, so it should be a lot more performant and stable (though I have had good luck with NTFS-3G driver).

Link to comment
Share on other sites
Charles Darwin Star Raider

Charles Darwin

Posted
Posted
1 hour ago, RetroAxis said:

... In theory, this would still work even if Atari changes the PW in a future update unless they start to encrypt the string in the BIOS. So for now, no need to fry your motherboards.

The Macronix chip is very robust...believe me...I really tortured it with a paperclip...as long as you just connect CLK with the data output, it just blocks the communication...and you can safely enter the bios...although in a virgin state only...it does not show you the changed settings.

  • Like 1
Link to comment
Share on other sites
justclaws River Patroller

justclaws

Posted
Posted

I have a Lenovo business laptop, which has a similar chip for the security of the BIOS. (Fingerprint etc.)
There is also supposed to be a fix momentarily shorting 2 pins on the EEPROM, but uh...
Unfortunately, for that laptop, if there is a problem with the chip, the motherboard is bricked, totally.
Although I really want to alter an advanced setting (it's 2nd-hand) I daren't risk that. ?
I'm so glad that the password became available, for the VCS. I definitely can't afford to brick THAT.

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
AtariAge
Forums
Store
General
Follow AtariAge

Copyright ©1998-2023 AtariAge

×
×
  • Create New...