How to Reset SuperMicro IPMI Passwords with a Linux Live Environment (CD or USB)

Nov 2, 2017

Synopsis and Purpose

I got a great deal on a used SuperMicro server motherboard. Unfortunately there was some work to be done on it. I contacted the seller and they were unresponsive to my query. The motherboard had settings that were locked behind the IPMI login screen and I didn’t have the credentials. This presents a security risk as well as a big inconvenience. There could be VPN settings or other odd settings in the IPMI. So we’ll need to find a way to reset it to factory defaults and gain access to our system. Resetting the BIOS on the system doesn’t reset any IPMI settings, which are probably stored on the NVRAM in the system, which is persistent, even after power deprivation.

Our Resources

Documentation on this was sparse from what I could see but I did find a guide that talked about doing this process and some more stuff on the board with a DOS CD. However, I’ll have to compile my own to do this and I’m not really familiar with the process of building a FreeDOS project. The guide I found had a reference to a FTP server hosted by SuperMicro that had a utility called IPMIconfig. That sounds exactly like what we need. There is a user guide for the utility in the directory and in the zip archive as well.

Here is a link to the FTP resource ftp://ftp.supermicro.com/utility/IPMICFG/

So we’ll use a Live CD to use the utility and run the Linux version of IPMICFG to fix this problem. I have an abundance of Ubuntu Live CD’s lying around from all my distrohopping. In this case, I’m going to be using a Ubuntu 16.04 LTS x64 Live CD.

Setting up the peripherals and media

So get your monitor, keyboard, and maybe a mouse setup to your server. In my case I also had to add an external USB cd/dvd reader as well. Make sure its hooked up to the Internet so we can grab the IPMIConfig utility. If you don’t have net access, you can always just download it on a separate device and mount the media.

Reboot your server and select your boot option that has the Linux LiveCD media inserted.

Booting to the right device with a locked BIOS.

If you need to select your boot devices, but forgot or never had the BIOS password, you can reset the BIOS by removing the CMOS battery and unplugging the system and waiting it out, or you can use a jumper / switch on the BIOS.

I couldn’t select a boot option without a password (I had forgotten the one I setup, but then remembered). So we’ll have to either deprive the system of other preferred boot options or replace its preferred option with our LiveCD / USB / Hard Disk installation so we can get into a Linux environment.

Once I removed the typical USB that the system normally boots to, system booted to the LiveCD and external USB reader I had hooked up and started loading Ubuntu 16.04 x64.

Just in case someone is using a terminal only environment, I’ll use terminal instructions just for universality. You can do all these in Linux desktop environment as well. If you’re not familiar with the terminal, I’ll include a description of the commands we are executing as well.

Open terminal and type the following to download the IPMICFG utility.

wget ftp://ftp.supermicro.com/utility/IPMICFG/*.zip

Once its finished downloading, we’ll unzip the archive.

unzip IPMICFG*

Now, lets change our working directory to the folder we just unzipped.

cd IPMI*

We’re using Linux so we’ll change into utility folder for Linux.

cd Linux

I’m using a 64-bit system so we’ll change into the 64bit folder.

cd  64*

Now we’ll execute the command that will restore our IPMI to factory default settings. It needs superuser permissions so we’ll include sudo.

sudo ./IPMICFG-Linux.x86_64 -fd

In my case, this worked. I restarted the machine and the IPMI interface was accessible from the IP address that it was previously configured for. The interface credentials had been reset to their factory default of ADMIN/ADMIN.

A Note on other IPMICONFIG functions

IPMICFG-Linux.x86_64 (the utility we used) also has a lot of other options and functions it can do. You can use these to reset users credentials without resetting the whole IPMI to factory defaults. In my case, I didn’t need anything preserved. You can view other functions and reference their use in the terminal output or in the user manual for the utility. To print the functions, just execute the following in the working directory of the utility.

./IPMICFG-Linux.x86_64

A note on the CMOS / BIOS

This does not reset the CMOS BIOS in away. So any credentials stored on there will still be in place. If you need to reset that, you can simply remove the CMOS battery and unplug the device or use a jumper / switch on the motherboard. The BIOS will re-flash and go back to factory defaults. This could affect your boot devices and other settings so be prepared before doing this.

Conclusion

I hope this guide helped you reclaim control of your system! It was a smooth experience for me and I’m glad I don’t have to worry about my IPMI system anymore. I put this off for too long. Its so simple to do. Let me know if this helped of if you have any feedback. I always look forward to getting comments from people who used these guides. Take care!

Liberate Your Privacy and Sync your Personal Data with NextCloud and Android

If you are tired of giving your personal data like contacts, calendar events, and files to Google or Dropbox, you can easily connect your Android phone to your own hosted server to utilize syncing with free and open-source software.

NextCloud and OwnCloud are two software options that are available to self host on a web server and utilize for file syncing and DAV syncing options.

This guide will focus on the Android client side of this project. I hope to eventually do a guide on the server / host side of this.

(Note: I’ve since abandoned this configuration in favor of DecSync, a decentralized and much simpler solution.)

A note on telemetry and data collecting

To truly remove Google services and manufacturer telemetry from your Android device you will need a device that allows you to flash the recovery partition. On many devices, you can install an alternative Android distribution such as LineageOS to replace the stock operating system on your phone. This is usually the only option available to take control of your phone and remove apps like Google Play Store and other Google services from your phone. There are a few manufacturers and phones that all you to do this. This guide assumes you have such a phone and are running an Android distribution like this.

The Server Side of things

My server is running a web-server with a NextCloud installation. The NextCloud installation is setup with the following add-ons:

Files, Contacts, Calendar, Tasks, and News.

The Android Side of things

Operating System: LineageOS

I’m using LineageOS 14.1 on my Android phone.

Software Repository: F-Droid

The software repository I’ll be using is F-Droid which is a free and open-source repository available for download and installation to most Android devices.

The Applications:

Open F-Droid on your Android device and install the following applications: NextCloud, OpenTasks, DavDroid, and OCReader.

Files

Open the NextCloud App. Then enter your server address for your domain and Nextcloud installation. Then enter your credentials. Allow NextCloud access to your storage. The file syncing is now portion of your device is now setup. You can customize it further to your liking.

Contacts + Calendar + Tasks

Open the DavDroid application from your app drawer. Then select “Login with URL and user name”. Enter your server URL as follows:

https://$domain/remote.php/dav/addressbooks/users/$username/

Replace “$domain” with your cloud server’s domain name and path.
Replace “$username” with your NextCloud username.

Then enter your username, and password then press “Login”. DavDroid should detect your Dav services and give you the option to choose what you want to call the Account and then choose “Groups are per-contact categories”. Then continue.

Next, choose the section you just named and select your CardDAV contact groups, and CalDAV calendar groups that you want to add. Once you’ve selected them all press the refresh button at the top right of the screen (two arrows in a circle).

You may need to accept permissions to grant to the DavDroid application in the notification tray in Android.

Go to your Android Settings –> Accounts –> Then your DavDroid entry. In the top right, tell it to sync now. Your contacts, calendars, and tasks will begin to populate with the data from your server.

News

Open the installed OCReader application on your phone. Enter your server address, user-name, and password, then press the “Sign In” button. You RSS feeds will populate into your device.

There are many other applications and NextCloud apps you can sync to each other.

How to Install TWRP and Lineage OS on the OnePlus One with Ubuntu Linux

Most tutorials for installing recovery and Lineage OS (formerly known as CyanogenMod) onto the OnePlus One are for Windows. This is how to do it on Ubuntu Linux. The version I’m using for this tutorial is Ubuntu Linux x86-64 17.04.

Installing the required tools on Ubuntu Linux (17.04)

Open a terminal window if using a desktop environment.

First, lets update our repositories to make sure we have the latest software versions available.

sudo apt-get update

Now we’ll install some tools from the Android SDK Platform that we’ll need to access the partitions on our phone.

sudo apt-get install android-tools-adb android-tools-fastboot

Lets check to see if abd is installed and running by executing its version printing function.

adb version

The output should read something such as:

Android Debug Bridge version 1.0.32

Next we’ll need to enable developer options and USB debugging on the OnePlus One. To do this, unplug your phone from USB and go to your Android settings. Scroll to the bottom and find the menu option “About phone” or “About devices”. Tap the build number 7 times. This should unlock the Developer options.

Go to to the main settings list and locate the entry “Developer options”. Tap that entry to enter. Then, locate the “Update Cyanogen recovery” entry and disable it. Next, locate the “USB debugging” entry and enable it.

Now, connect yout phone to USB and check to see if adb can see the device by running

adb devices -l

On the phone, you should be prompted to accept the connection from the computer. Allow this connection on your phone.

The command in adb should now show your device and its unique ID. If you can see this, you are ready for the next section.

Flashing the Boot-loader / Recovery

Note: Some users have asked me to put a disclaimer here: The next steps will wipe your data and reset your phone. So backup any data you want to save now.

Reboot your device into the bootloader mode with the command

adb reboot bootloader

Now, we will unlock the bootloader and erase the stock firmware.

sudo fastboot oem unlock

The phone will reboot, erase the stock bootloader, and start back up into android. Let it load through the boot process and startup, this may take awhile. In the mean time, you can download more required files.

Download TWRP

Download the latest TWRP image from https://dl.twrp.me/bacon/

Download Lineage OS

Download the latest version of Lineage OS for bacon: https://download.lineageos.org/bacon

Lineage OS Extras

Download any extras you may need from Lineage OS:

superuser binary (use wisely and with discretion) (for OnePlus One get the arm version): https://download.lineageos.org/extras

OpenGapps (for Google services – YUCK!!): http://opengapps.org/?api=7.1&variant=nano

Note: Personally, I’d recommend against using Gapps if you can avoid it. Once it is flashed onto the device it is extremely hard to remove without completely re-wiping your device. If you need a app/software repository, I’d recommend trying F-Droid (I will show you how to install it at the end of the tutorial) which has a much safer set of applications that typically are more respectful of your personal data and privacy. Google Apps are known to collect and sell massive amount of personal data and telemetry such as location / usage data, and contains many apps that will do the same. Many of the free apps will contain malicious advertisements as well.

In most cases, these files will now be saved in the Downloads folder of your user.

Once your device is done setting up Android again, you can skip through the introduction menus. Then go back into the settings menu and re-enable the developer options in the menu, go into the developer options, disable “Update Cyanogen recovery” and enable “Android debugging”. Make sure the phone is still connected and when prompted by your phone, re-allow access from your computer via the onscreen prompt.

To avoid confusion with other downloaded files, rename the twrp image file to “recovery.img”.

In terminal change directory into your Downloads folder or where you saved the other files to. We will now upload the new recovery software onto the phone after putting it back into recovery mode.

cd

cd Downloads

adb reboot bootloader

sudo fastboot flash recovery recovery.img

fastboot will upload the TWRP image to the recovery partition. Allow it to finish. You know it has finished when it displays “finished. total time: ….”

Now, reboot the device.

sudo fastboot reboot

The phone will boot into android. Once it reaches Android, you can reboot into recovery by holding the power button + volume down buttons. Once the phone starts up, you can release the power button and only continue to hold down the volume down button on the device. This should bring you into TWRP. It’s OK if you miss telling it to launch into recovery at this point. Just let it boot into the OS, then reboot and try to launch it into recovery by holding the power + volume down buttons at boot.

Welcome to TWRP

Swipe to enable modifications. Do not keep your system partition in read-only. We will be writing to this partition.

Backup Cyanogen OS

First, lets make a backup of the stock Lineage OS that comes with the OnePlus One. I recommend you archive this somewhere on the device or on a hard drive just in case you ever need to restore the phone to stock.

Select the “Backup” menu entry. Select a name I prefer “$date – CyanogenOS Stock”. Select all the partitions to backup (cache is optional and probably unnecessary) then swipe to start the backup process. It should take a few minutes then vibrate when its completed. Then, go back to the main menu of TWRP.

Wipe the device

I’m not sure if this is necessary as flashing Lineage OS may overwrite the partitions but its safer to be sure and just wipe the partitions. The partitions we will wipe are: Dalvik, System, Data, and Cache. DO NOT wipe Internal Storage as that is what we have just used to store our backup. If you need to wipe the internal storage, make sure you copy the backup and other files over first. In my guide, I have my internal storage already cleaned up of any personal files.

Slide the slider to being the wipe process. It should complete quickly. Go back to the main menu.

Install Lineage OS

Once at the TWRP main menu, copy the main Lineage OS zip file to your internal storage on the device. You can use the USB connection or something like an SD card or OTG (on the go) USB cable + thumb-drive. Also, move any of the Lineage add-ons that you downloaded into this folder too. I have put my linage zip in my Download folder on the phone for now.

You can keep these in a folder on the device to have as a backup. You may come in handy in the future if you ever need to re-flash the system. so I’d recommend archiving them somewhere.

We will now install LineageOS and our add-ons. Select the “Install” entry in the main menu. Go to the “Download” folder (usually /sdcard/Download). The main “lineage” .zip file that you downloaded and moved. Verify that you have selected the right file. Then swipe to confirm the flash. The phone will begin to unpack and flash the system partition with Lineage OS.

If you did not wipe the Dalivk / ART cache before in the wiping section of this guide, you should do this now.

Note: this following setup of flashing the addonSU binary is optional.

If you want to apply the superuser / root function to your phone (only do this if you know what this does), you can do so now by going back to the main menu, selecting “Install” and doing the same process we just did except this time select the “addonsu” .zip file. You can follow this process to install “opengapps” as well.

You can now reboot the device from the menus (Reboot –> System) . TWRP will offer to install a TWRP App. You do not need this. It is optional. I’ve unchecked both options and then pressed the “Do Not Install” button. TWRP will offer this almost every time you use the TWRP menu. It’s obnoxious.

Your device will now reboot into Lineage OS. Congratulations you have completed the process!

Troubleshooting

If you encountered an error, its likely that the files that you downloaded were corrupt or did not download properly. Try downloading them again and retrying.

If you get stuck in a boot loop, try going back to TWRP and flashing an older version of Lineage OS.

Installing F-Droid

NOTE: You will need to have mobile data or a wifi connection to do this. Otherwise you will need to download the F-droid APK from your computer and transfer it via USB to your phone’s internal storage first.

To install the app repository, F-Droid, simply go through the intro Lineage OS menus on first boot. Once you reach the home-screen / desktop. You can open up your phone’s web browser and go to https://f-droid.org/

Then select the Download F-Droid button on their site. Allow the browser to access storage, then select the download option. Your phone will download the APK file.

Once it is downloaded, select it from the phone’s drop down menu / notification slide down menu. You will be prompted that you need to enable unknown sources before you can install this. Click the settings option and you will be taken to your settings menu. Find the “Unknown sources” option and enable it. You will be prompted about the risk in doing this, press OK. Unknown sources should be enabled now.

Press the home key, open your app drawer, and select “Files”. Then select “Downloads”, then Select the FDroid.apk. Press “Install”. Your phone will install F-droid. When its done, press “done”.

Press the home button and open the app drawer again. Open the “settings” app and go to the “Security” section. Locate “Unknown source” and disable this option.

Now, go back to your app drawer and locate F-Droid. It will open. You need to press the refresh button in the top right (looks like a circle arrow) and F-Droid will update its repositories and show the apps you can install.

Enjoy!

Thank you for reading! Hope this helped.

How to Import a Windows RAID Array in Ubuntu Linux

I was struggling to find a way to import my Windows software RAID0 partition into Ubuntu. I tried several different methods and I’m surprised this wasn’t easier to discover. However, there is a simple solution for this.

All you need to do is download a tool called ldmtool and have it import your partition!

First, Download the tool.

sudo apt-get install ldmtool

Then, have ldmtool import your software RAID partition.

sudo ldmtool create all

Your RAID0 partition should automatically be imported and available to use in your filesystem! It will be mounted in your /media/$username folder!

source: askubuntu.com

Hacking the Antec Three Hundred Case to Fit Larger GPUs

I got up to a interesting project this Tuesday. I recieved the new video card I ordered. I recieved it sooner than I expected too! I only ordered Sunday night. Anyways, the card, which is SAPPHIRE NITRO Radeon R9 Fury 100379NTOC+SR 4GB, was too big for my Antec Three Hundred case! I was shocked. Nothing I’ve thrown at this full sized tower has been too big for it. I was faced with a couple options in light of this discovery. I could buy a new case, buy a smaller graphics card, or mod my current case. The only guide I saw online for doing this was from a guy who decided to remove his entire hard drive bay from the Antec Three Hundred by drilling through the rivets and prying the hard drive bay from the 5.25 optical drive bay. It was not a very elegant solution and I kind of liked having the hard drive bay available for some drives I’m using. Another suggestion was to pull the entire hard drive and optical bay out of the case by drilling all the rivets out. Still not a great solution…

Well, what I decided to do was to use a edge grider to cut out a couple inches from the hard drive bay. This was just enough room for the video card to fit very comfortably.

It fit great! I had to remove all the components first to make sure nothing would get cut or shorted by metal filings or pieces. There were plenty of them flying around with this method! However, I still have my hard drive bays and I now have plenty of space for my new graphics card! This is a pretty old case. I think I got it in 2010 but its been fantastic and has had everything I’ve needed up to now. It retails for cheap these days so I wasn’t really losing out too much by modding it. Thanks for looking!

UPDATE: I later become dissatisfied with the approach of this project and wanted something slightly more elegant. I didn’t like the random cut and the mess inside the case so I decided to remove the drive bay completely by simply drilling into the rivets with a small drill bit. It wasn’t too bad. For the rivets underneath the 5.25 drive bay, I cut them with a tin snip and just worked them until they gave way. Be gentle with the metal as the 5.25 could bend or get ruined if you are too aggressive with it.

This result let me comfortably fit two Zotac GTX 980 Ti Extreme editions in the case at once.

How to Repair the Logitech G500 Mouse

This video demonstrates the process of replacing the USB cable for the Logitech G500 Mouse. Some YouTube users have also reported to me that this is also relevant to the G5 and G500S models as well. It displays the process of disassembling and re-assembling the mouse. I hope this helps you! Unfortunately, The video went much longer than I intended it to. However, I explained everything in depth.

<missing link> there is a mirrored copy somewhere on YouTube but I haven’t found it.

Follow Up

1 year later, I haven’t had any problems with the mouse since the repair process in this video. The glue has also worked well for the bottom pads.

Material List

  • Replacement G500 USB Cable (available from most online retailers)
  • A micro-screwdriver set (also used as a pry tool: spudgers/pry kit preferred)
  • cotton swab (applicator)
  • all purpose glue (adhesive)
  • rubbing alcohol (for cleaning off human gunk)

How to Secure Your Web Server

I’ve found two very powerful tools to help web administrators and system administrators set proper HTTPS/SSL parameters in their web-servers.

The first is a configuration generator maintained by Mozilla Corp simply called the “Mozilla SSL Configuration Generator“. This tool will allow you to select parameters to generate a configuration for. It has support for all mainstream web servers, selections for sets of browser generations (old, intermediate, latest), server versions, and SSL versions. It generates a simple text output that an administrator should use on their web-server for security. Using the output provided by Mozilla’s SSL configuration generator, I was very easily able use a very secure setup on my server without having to track and maintain documentation for every single compromised cipher and protocol versions.

mozilla-ssl-generator-screenshot

The second extremely helpful tool will help you verify your server and configurations are secure. Qualys SSL Labs offers a free service that scans your website and server to test for known exploits on SSL protocols and ciphers. The test will output a grade and tell you what needs to be changed on your server. The output from this test is very detailed and quite impressive for a free tool. I highly recommend testing your webserver in this tool. New exploits are always being discovered and security is an ever changing game. See if you can earn an A+ with a proper configuration.

https-tester

Using these two tools, I was able to earn a very satisfactory grade for my servers and more importantly, secure them against a plethora of known exploits that exist on the web. I implore you to do the same with your systems. Happy surfing!

ssl-tester-result

Freedom is Worth the Inconvenience: An Interview With Richard Stallman

I’ve followed a bit of Dr. Richard Stallman in the past. I occasionally check out interviews or articles he rights on software or digital rights. He tends to come off as a crazy radical to people who are just using their software happily and obliviously. However, to many of those are concerned about digital rights, privacy, or freedoms in the digital world, Dr. Richard Stallman is a revolutionary who has created some of the most powerful concepts in digital sharing. These concepts include the GNU Public License and the Free Software Foundation. I came across this interview a day or two ago. It is the best interview with Stallman I have seen. The interviewer is patient, asks great questions, and seems to really grasp the concepts behind the discussion. This is more than I can say for many of the previous interviews people and media outlets have done with Stallman.

You can view the interview here.

Thanks to Singularity for this great interview that discusses: the definition of Free Software, why freedom is worth the inconvenience, the GNU OS, the Linux kernel, freedom, technology, innovation and ethics, free software as a political movement with elements from capitalism, socialism and anarchism, AI and the technological singularity, Moore’s Law and the Law of Accelerating Returns; hacking and trans-humanism; security, privacy and surveillance, free software for mobiles.

source: singularityweblog@youtube