A Rodecaster Duo ships with SSH enabled, pubkey auth only, and a hardcoded RSA+ed25519 key pair added to authorized_keys by default.
Key Takeaways
Firmware update is an unsigned gzipped tarball; the RODECaster app sends two HID ASCII commands (‘M’ to enter update mode, ‘U’ to trigger flash) with no signature verification.
Dual-partition layout prevents bricking: if one partition fails to flash, the device boots from the other.
Custom firmware is straightforward: drop a modified archive.tar.gz and archive.md5 onto the exposed disk, send ‘U’, reboot into your own rootfs.
Author enabled password auth and injected their own pubkey via a container build, confirmed SSH access post-flash with no obstacles.
RODE was notified via support ticket; no response received; the hardcoded public keys remain undisclosed as to purpose.
Hacker News Comment Review
Consensus is that SSH-on-by-default is less surprising than it sounds: ARM SoC devices running stripped Linux often ship with sshd because the vendor BSP includes it and the audio team never audits the rootfs.
The key security question commenters raised is whether sshd binds only to the USB-side virtual network or to the actual LAN interface – USB-only is annoying, LAN exposure would be a real vulnerability.
Signed vs. open firmware debate surfaced: commenters note the two goals are not opposites, and nearly no vendor offers owner-enrollable keys as a middle path; Rode’s unsigned tarball approach at least lets owners actually own the hardware.
Notable Comments
@hoopla_ching: Argues signed and open firmware are not opposites – vendors should allow owner key enrollment rather than treating verification as a lock-out mechanism; almost nobody does this.
@rikafurude21: Notes that Claude Code handled pcap analysis and HID protocol discovery in ~10 minutes, a task that previously required Hotz-tier reversing skill or long manual hours.
