mossmann
commented
2 months ago A similar bug exists in Apollo: https://github.com/greatscottgadgets/apollo/issues/69
Closed mossmann closed 2 months ago
mossmann
commented
2 months ago A similar bug exists in Apollo: https://github.com/greatscottgadgets/apollo/issues/69
The serial number in the USB device descriptor is meant to be a Base32 representation of the microcontroller's 128-bit serial number. The output should be 26 characters long, consisting of the letters 'A' through 'Z' and the numbers '2' through '7', following RFC 4648 section 6. Due to a bug, characters that should be numerals '2' through '7' are instead replaced by letters 'L' through 'Q'. For example, the serial number
LYFRB6CXJJKFCIBAEAZC2BYG74is incorrectly represented asLYFRBPCXJJKFCIBAEAZCLBYGQN.It is possible though unlikely for a serial number mangled in this way to collide with another mangled serial number or with a correct serial number. In every case observed so far, the mangled serial number ends in
QNwhich presumably should have been74. This suggests that it will be easy to identify mangled serial numbers in practice, although this is not guaranteed according to the microcontroller documentation.