A serious issue has been identified with Tern and Tern TX v34 firmware
(mailchi.mp)
A serious issue has been identified with Tern and Tern TX v34 firmware.
A serious issue has been identified with Tern and Tern TX v34 firmware.
Coreboot 25.03 Released with Support for 22 More Motherboards
(phoronix.com)
For those looking to replace their proprietary BIOS with the open-source Coreboot on a supported platform or are already doing so, Coreboot 25.03 is out today to provide the newest capabilities for this open-source BIOS/firmware solution.
For those looking to replace their proprietary BIOS with the open-source Coreboot on a supported platform or are already doing so, Coreboot 25.03 is out today to provide the newest capabilities for this open-source BIOS/firmware solution.
Getting the Firmware of a VTech/LeapFrog LeapStart/Magibook
(prose.sh)
This is a very small blog post about my first reverse engineering project, in which I don't really reverse engineer anything yet, but I am just getting started!
This is a very small blog post about my first reverse engineering project, in which I don't really reverse engineer anything yet, but I am just getting started!
Rust on the Ferris Sweep
(gabevenberg.com)
The other day, I stumbled upon RMK, a keyboard firmware written in Rust. Given that my Ferris Sweep has a Ferris the crab logo on the silkscreen, it felt only fitting that I flash it with RMK.
The other day, I stumbled upon RMK, a keyboard firmware written in Rust. Given that my Ferris Sweep has a Ferris the crab logo on the silkscreen, it felt only fitting that I flash it with RMK.
QRP Labs QMX SSB beta firmware relased
(qrp-labs.com)
This is the beta release page for the SSB firmware for QMX/QMX+ transceivers. This is a very complex project. The beta release here is provided without warranty, for brave beta testers who wish to try out the firmware and report back on any issues found or suggested enhancements. The firmware runs on both QMX and QMX+; for convenience from now on, this page will state "QMX" but that means equivalently QMX or QMX+ unless otherwise stated.
This is the beta release page for the SSB firmware for QMX/QMX+ transceivers. This is a very complex project. The beta release here is provided without warranty, for brave beta testers who wish to try out the firmware and report back on any issues found or suggested enhancements. The firmware runs on both QMX and QMX+; for convenience from now on, this page will state "QMX" but that means equivalently QMX or QMX+ unless otherwise stated.
Breaking AES encrypted firmware using neural networks
(fromnothing.blog)
Firmware encryption is becoming a common feature in modern devices. From a security standpoint, that’s welcome news. However, for anyone reverse engineering or testing device security, dumping firmware is often one of the first tasks — and encryption makes that task extremely challenging, if not impossible. So, why are we seeing more encryption? There are several reasons.
Firmware encryption is becoming a common feature in modern devices. From a security standpoint, that’s welcome news. However, for anyone reverse engineering or testing device security, dumping firmware is often one of the first tasks — and encryption makes that task extremely challenging, if not impossible. So, why are we seeing more encryption? There are several reasons.
Reconsidering Debian's Inclusion of Non-Free Firmware – A Call for Discussion
(debian.org)
In 2022, the General Resolution to officially include non-free firmware in the installation images shocked me because it signified a move away from Debian’s conceptual roots.
In 2022, the General Resolution to officially include non-free firmware in the installation images shocked me because it signified a move away from Debian’s conceptual roots.
. – –. e s x d o s – o R g
(esxdos.org)
ESXDOS aims to be the ultimate firmware for the DivIDE/DivMMC interface.
ESXDOS aims to be the ultimate firmware for the DivIDE/DivMMC interface.
Patient Monitor Contec CMS8000 Contains a Backdoor
(cisa.gov)
This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health (HPH) sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address, CWE – 912: Hidden Functionality (CVE-2025-0626), and functionality that enables patient data spillage, CWE – 359: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2025-0683), exists in all versions analyzed.
This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health (HPH) sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address, CWE – 912: Hidden Functionality (CVE-2025-0626), and functionality that enables patient data spillage, CWE – 359: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2025-0683), exists in all versions analyzed.
Microsoft patches Windows to eliminate Secure Boot bypass threat
(arstechnica.com)
For the past seven months—and likely longer—an industry-wide standard that protects Windows devices from firmware infections could be bypassed using a simple technique. On Tuesday, Microsoft finally patched the vulnerability. The status of Linux systems is still unclear.
For the past seven months—and likely longer—an industry-wide standard that protects Windows devices from firmware infections could be bypassed using a simple technique. On Tuesday, Microsoft finally patched the vulnerability. The status of Linux systems is still unclear.
Autocorrect in Your Keyboard Firmware (2021)
(getreuer.info)
Autocorrect is now a core QMK feature! It was released on 2022-11-26. Update your QMK set up and see QMK Autocorrect. Or if you want, you may continue to use the userspace implementation described in this page.
Autocorrect is now a core QMK feature! It was released on 2022-11-26. Update your QMK set up and see QMK Autocorrect. Or if you want, you may continue to use the userspace implementation described in this page.
Intel ME Cleaner
(github.com/corna)
me_cleaner is a Python script able to modify an Intel ME firmware image with the final purpose of reducing its ability to interact with the system.
me_cleaner is a Python script able to modify an Intel ME firmware image with the final purpose of reducing its ability to interact with the system.
9elements Takes over Intel 1st Gen Xeon Scalable Skylake Support Within Coreboot
(phoronix.com)
For those still running a 1st Generation Xeon Scalable "Skylake" era server, support for it within the open-source Coreboot firmware may continue to improve all these years later thanks to firmware consulting firm 9elements.
For those still running a 1st Generation Xeon Scalable "Skylake" era server, support for it within the open-source Coreboot firmware may continue to improve all these years later thanks to firmware consulting firm 9elements.
YubiKey still selling old stock with vulnerable firmware
(ycombinator.com)
FYI, YubiKey is apparently still selling old stock with firmware vulnerable to the EUCLEAK attack instead of disposing of them, as a reader of Fefe's Blog reported:
FYI, YubiKey is apparently still selling old stock with firmware vulnerable to the EUCLEAK attack instead of disposing of them, as a reader of Fefe's Blog reported:
RMK, a keyboard firmware written in Rust, just released v0.4.0
(reddit.com)
RMK, a keyboard firmware written in Rust, just released v0.4.0 (self.rust)
RMK, a keyboard firmware written in Rust, just released v0.4.0 (self.rust)
A brief history of Mac firmware
(eclecticlight.co)
Firmware, software that’s intimately involved with hardware at a low level, has changed radically with each of the different processor architectures used in Macs.
Firmware, software that’s intimately involved with hardware at a low level, has changed radically with each of the different processor architectures used in Macs.
Securing Hardware and Firmware Supply Chains
(microsoft.com)
In the modern cloud data center, ensuring the authenticity, integrity, and security of hardware and firmware is paramount.
In the modern cloud data center, ensuring the authenticity, integrity, and security of hardware and firmware is paramount.
Laptop Vendor Malibal Suggests Not Supporting Coreboot
(phoronix.com)
In a rather surprising post this morning, laptop vendor MALIBAL that offers both Linux and Windows systems is suggesting to not support the Coreboot project for open-source system firmware.
In a rather surprising post this morning, laptop vendor MALIBAL that offers both Linux and Windows systems is suggesting to not support the Coreboot project for open-source system firmware.
Betaflight: Open-Source Firmware for Drone Flight Controllers
(github.com/betaflight)
Betaflight is flight controller software (firmware) used to fly multi-rotor craft and fixed wing craft.
Betaflight is flight controller software (firmware) used to fly multi-rotor craft and fixed wing craft.
Open-Source Flipper Zero Firmware: Unlock Your Device's Full Potential
(github.com/flipperdevices)
Flipper Zero Official Website. A simple way to explain to your friends what Flipper Zero can do.
Flipper Zero Official Website. A simple way to explain to your friends what Flipper Zero can do.
Hack GPON – how to access, change and edit fibre ONTs
(hack-gpon.org)
Most ONTs run customized firmware which implement vendor and ISP-specific integrations and are locked down in functionality to match service requirements.
Most ONTs run customized firmware which implement vendor and ISP-specific integrations and are locked down in functionality to match service requirements.
Fixing an Elgato HD60 S HDMI capture device with the help of Ghidra
(downtowndougbrown.com)
This post has a little bit of everything. Hardware diagnostics, some suspiciously similar datasheets from two separate Taiwan chip manufacturers, and firmware reverse engineering. Read on if that sounds like fun!
This post has a little bit of everything. Hardware diagnostics, some suspiciously similar datasheets from two separate Taiwan chip manufacturers, and firmware reverse engineering. Read on if that sounds like fun!
Fixing an Elgato HD60 S HDMI capture device with the help of Ghidra
(downtowndougbrown.com)
This post has a little bit of everything. Hardware diagnostics, some suspiciously similar datasheets from two separate Taiwan chip manufacturers, and firmware reverse engineering. Read on if that sounds like fun!
This post has a little bit of everything. Hardware diagnostics, some suspiciously similar datasheets from two separate Taiwan chip manufacturers, and firmware reverse engineering. Read on if that sounds like fun!
AMD Plans for Open-Source Firmware OpenSIL replacing AGESA blobs for Zen 6
(phoronix.com)
Last year to much excitement in our community was the new AMD project announcement of openSIL as an open-source CPU silicon initialization project that is an advancement for open-source firmware and to eventually replace AMD's AGESA across both client and server processors.
Last year to much excitement in our community was the new AMD project announcement of openSIL as an open-source CPU silicon initialization project that is an advancement for open-source firmware and to eventually replace AMD's AGESA across both client and server processors.
Deploying Rust in existing firmware codebases
(googleblog.com)
Deploying Rust in existing firmware codebases is a promising way to mitigate memory safety issues and enhance the reliability of embedded systems.
Deploying Rust in existing firmware codebases is a promising way to mitigate memory safety issues and enhance the reliability of embedded systems.