dsg/aten-ipmi-tools
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
91 commits 1 branch 0 tags 578 KiB
Find a file
Davíð Steinn Geirsson 1e32f656a0 RE: ikvmserver authentication, sessions, and permissions 
Document the complete authentication flow, session lifecycle,
message queue IPC, and permission system. Key findings:

- Authentication: VNC type 0x10, ATEN-modified challenge/response
  with plaintext username/password, web SSO via /tmp/sess_* files,
  fallback to IPMI UtilAuthUser
- ServerInit: standard RFB fields + ATEN extension with session_id
  and 4 permission bytes mapped from IPMI privilege levels
- Session lifecycle: accept loop, per-session thread with Stream/
  RFBProtocol construction, max session enforcement, peer notification
- POSIX message queues: /<thread_id_hex>, 0x104-byte messages with
  7 known command codes for inter-session communication
- Permission filter: message type to permission byte mapping,
  GetFilterLen payload size table for all 20 message types
- SessionContext (0x50 bytes) and PrivilegeInfo (0x164 bytes) layouts
- 25 new functions mapped, 12 existing entries updated

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 12:35:44 +00:00
crates fix(aten-kvm): send USB HID keycodes instead of X11 keysyms 2026-03-12 10:46:15 +00:00
.gitignore Add initial server RE, RE doc restructuring 2026-03-12 11:36:40 +00:00
Cargo.lock feat(aten-kvm): add debug logging to protocol and decoder 2026-03-12 09:37:14 +00:00
Cargo.toml feat: scaffold aten-kvm crate with public types 2026-03-11 21:35:34 +00:00
CLAUDE.md Add initial server RE, RE doc restructuring 2026-03-12 11:36:40 +00:00
flake.lock refactor: extract mount library package, add flake.nix 2026-03-11 14:28:22 +00:00
flake.nix fix(nix): update cargoHash for new log dependency 2026-03-12 09:40:02 +00:00
ghidramcp_client.sh Add initial server RE, RE doc restructuring 2026-03-12 11:36:40 +00:00
ghidramcp_server.sh Add initial server RE, RE doc restructuring 2026-03-12 11:36:40 +00:00
KVM_PROTOCOL.md Update KVM_PROTOCOL.md with initial findings from BMC server RE 2026-03-12 10:52:36 +00:00
MOUNT_PROTOCOL.md docs: fill protocol gaps - error handling, HTTP upload, multi-device, SetEP 2026-03-11 14:03:47 +00:00
README.md Add initial server RE, RE doc restructuring 2026-03-12 11:36:40 +00:00
REVERSING_CLIENT.md Add initial server RE, RE doc restructuring 2026-03-12 11:36:40 +00:00
REVERSING_SERVER.md RE: ikvmserver authentication, sessions, and permissions 2026-03-12 12:35:44 +00:00

README.md

aten-ipmi-tools

Open-source replacements for the ancient, insecure bundled management app shipped with old IPMI interfaces. Protocols were reverse engineered from the original Java client and native libraries as well as the server BMC firmware — see KVM_PROTOCOL.md, MOUNT_PROTOCOL.md, REVERSING_CLIENT.md and REVERSING_SERVER.md.

The target is Supermicro X9 boards with Nuvoton WPCM450 IPMI (aka "hermon"), but this likely works with other ATEN/ASpeed/Nuvoton IPMI implementations too.

Tools

aten-mount-cli

Mounts a local ISO image as a virtual CD-ROM on the BMC. Works by emulating a USB Mass Storage device over the ATEN virtual media TCP protocol.

aten-mount-cli [OPTIONS] <HOST> <ISO>

Options:
  -u, --user <USERNAME>   BMC username [default: admin]
  -p, --pass <PASSWORD>   BMC password [default: admin]
      --port <PORT>       BMC virtual media port [default: 623]

Press Ctrl+C to cleanly unmount.

aten-gui

KVM console viewer (Slint + winit). Connects to the BMC via the ATEN RFB protocol, decodes Hermon video frames, and displays the remote console with keyboard input.

aten-gui [OPTIONS] <HOST>

Options:
  -u, --user <USERNAME>   BMC username [default: admin]
  -p, --pass <PASSWORD>   BMC password [default: admin]
      --port <PORT>       BMC KVM port [default: 5900]

Building

cargo build --release
# or
nix build .#aten-mount   # CLI tool
nix build .#aten-gui     # GUI app