Supermicro/IPMI

IPMI
Default login: Login: ADMIN Password: ADMIN

apt-get install ipmitool

modprobe ipmi_devintf

ipmitool lan print

ipmitool
See Linux/ipmitool

Hostname for DHCP
Hostname for DHCP can be set in the web interface.

sh SMCIPMITool myhost.oeey.com ADMIN ADMIN ipmi oem gethostname

sh SMCIPMITool myhost.oeey.com ADMIN ADMIN ipmi oem sethostname i-myhost.oeey.com

Reboot BMC
sh SMCIPMITool myhost.oeey.com ADMIN ADMIN ipmi reset

SMCIPMITool
Download - https://www.supermicro.com/solutions/SMS_IPMI.cfm

SMCIPMITool README - https://www.supermicro.com/wftp/utility/SuperBladeTool/SMCIPMITool.txt

SMCIPMITool Guide - https://www.supermicro.com/wftp/utility/SMCIPMITool/SMCIPMITool_User_Guide.pdf

java -jar SMCIPMITool.jar  [commands ... ] # or sh ./SMCIPMITool  [commands ... ]

SSH Power Control
Start server: start /system1/pwrmgtsvc1

Stop server: stop /system1/pwrmgtsvc1

License Key
---


 * Supermicro IPMI License Key (for updating BIOS) = HMAC-SHA1-96(INPUT: MAC address of BMC, SECRET KEY: 85 44 E3 B4 7E CA 58 F9 58 30 43 F8)

https://pbs.twimg.com/media/DdXliGRXcAESVzv.jpg

Peter Kleissner on Twitter: "Supermicro IPMI License Key (for updating BIOS) = HMAC-SHA1-96(INPUT: MAC address of BMC, SECRET KEY: 85 44 E3 B4 7E CA 58 F9 58 30 43 F8)… https://t.co/L5jjPh8oMP" - https://twitter.com/kleissner/status/996955400787423232?lang=en

---

Supermicro enforces a vendor-lock in on BIOS updates via IPMI, even though they publish the update files for free here. The only free alternative is to time-travel to 1995 and boot from a DOS disk to supply the update. All other options (including the Supermicro Server Manager) require a license.

They published BIOS updates to address Spectre and Meltdown vulnerabilities, yet make it almost impossible to actually perform the update. Even if you go their suggested way, buying a key from an authorized Supermicro reseller people on the internet report it’s difficult and time consuming getting them. I was quoted 25 EUR and an estimated 2 weeks delivery time.

You buy a brand new product, it has a known vulnerability and you should pay for the update?! This is simply NOT acceptable. As the owner of my device I shall be free to update it. Therefore, I spent exactly 1 night reverse engineering this thing to figure out the license key algorithm. tl;dr here is the algorithm to generate those license keys:

MAC-SHA1-96(INPUT: MAC address of BMC, SECRET KEY: 85 44 E3 B4 7E CA 58 F9 58 30 43 F8)

Anybody can create the license key on https://cryptii.com (Bytes - HMAC - 2 Bytes) by typing on the left side (select Bytes) the MAC address of the IPMI (the BMC), select in the middle HMAC and SHA-1, enter the secret key and on the right side the License Key will appear!

This was successfully tested with Supermicro mainboards from 2013-2018. It appears they have not changed the algorithm and use the same “secret”. The first 6 groups go in here:

Update 1/14/2019: The Twitter user @astraleureka posted this code perl code which is generating the license key:

license.pl: use strict; use Digest::HMAC_SHA1 'hmac_sha1'; my $key = "\x85\x44\xe3\xb4\x7e\xca\x58\xf9\x58\x30\x43\xf8"; my $mac = shift || die 'args: mac-addr (i.e. 00:25:90:cd:26:da)'; my $data = join '', map { chr hex $_ } split ':', $mac; my $raw = hmac_sha1($data, $key); printf "%02lX%02lX-%02lX%02lX-%02lX%02lX-%02lX%02lX-%02lX%02lX-%02lX%02lX\n", (map { ord $_ } split '', $raw);
 * 1) !/usr/bin/perl
 * 2) perl -MCPAN -e "install Digest::HMAC_SHA1"

license.sh: echo -n 'bmc-mac' | xxd -r -p | openssl dgst -sha1 -mac HMAC -macopt hexkey:8544E3B47ECA58F9583043F8 | awk '{print $2}' | cut -c 1-24

Reverse Engineering Supermicro IPMI – peterkleissner.com - https://peterkleissner.com/2018/05/27/reverse-engineering-supermicro-ipmi/

---

Bash script:

license.sh: function hash_mac { mac="$1" key="8544e3b47eca58f9583043f8" sub="\x" #convert mac to hex hexmac="\x${mac//:/$sub}" #create hash code=$(printf "$hexmac" | openssl dgst -sha1 -mac HMAC -macopt hexkey:"$key") #echo "$mac" #echo "$hexmac" #echo "$code" echo "${code:9:4}-${code:13:4}-${code:17:4}-${code:21:4}-${code:25:4}-${code:29:4}" } hash_mac "$1"
 * 1) !/bin/bash
 * 1) hex output with input

activate.sh:
 * 1) !/bin/bash


 * 1) perl -MCPAN -e "install Digest::HMAC_SHA1"

MAC=`ipmitool lan print | grep "MAC Address" | awk '{print $4}'` KEY=`./license.sh $MAC` ./sum -c ActivateProductKey --key $KEY
 * 1) KEY=`./license.pl $MAC`

ref: https://www.virtuallifestyle.nl/2016/08/better-way-update-supermicro-bios-via-ipmi/

---

Or all in one:

activate.sh: function hash_mac { mac="$1" key="8544e3b47eca58f9583043f8" sub="\x" #convert mac to hex hexmac="\x${mac//:/$sub}" #create hash code=$(printf "$hexmac" | openssl dgst -sha1 -mac HMAC -macopt hexkey:"$key") #DEBUG #echo "$mac" #echo "$hexmac" #echo "$code" echo "${code:9:4}-${code:13:4}-${code:17:4}-${code:21:4}-${code:25:4}-${code:29:4}" }
 * 1) !/bin/bash

MAC=$( ipmitool lan print | grep "MAC Address" | awk '{print $4}' )

KEY=$(hash_mac "$MAC")
 * 1) hex output with input

./sum -c ActivateProductKey --key $KEY

Change Serial Number or Asset Tag
The best way to update Supermicro BIOS is via Supermicro Update Manager - VirtualLifestyle.nl - https://www.virtuallifestyle.nl/2016/08/the-best-way-to-update-supermicro-bios-is-via-supermicro-update-manager/

Have to have license activated :-(

./sum -c GetDmiInfo --file dmi.txt

Edit serial number, asset tag, etc...

./sum -c ChangeDmiInfo --file dmi.txt

Reboot for the change.

https://www.virtuallifestyle.nl/wp-content/uploads/2016/08/Screen-Shot-2016-08-09-at-21.44.21.png