Hardware Reverse Engineering

Hello everyone, I am looking for help or advice regarding backup/emulation of a Sentinel SuperPro LPT dongle that protects my industrial software (PPI). My setup is quite old, but the software is still in daily use for important production tasks. My configuration: Software: PPI (industrial/printing workflow, works with .ppf files) Dongle: Sentinel SuperPro, 25-pin LPT (parallel port), not USB OS: Windows XP (I also have a backup XP system with native LPT1) Dongle drivers: Sentinel Protection Installer 7.5.0 What I've tried so far: sprodump.exe – dump stops at ~60%, produces a small, incomplete .dmp file pva-dmp.exe / other clas…

How to dump and emulate Sincrosoft HID Dongle

Hi there, I bought NEWSKILL Gungnyr Pro keyboard and was lied by the brand, they claim we can customize the ring of color around the keyboard on the software but there is no such thing... Spoiler In their software there's a updating app and likely firmware separated from it, is it ok to ask if someone here could maybe do it for me?? All I wanted was to have more pre-defined colors added and the addition of dimming the ring of light with like FN+PageDown. The checksum's of all files also seem to be in the config file of the updater app: [PRODUCT] ic_type = MWV602 program_type =multi_file [BOOTLOAD…

Hi everyone! I've been reverse-engineering an Android app for a set of Bluetooth headphones, and my goal is to find the keys to decrypt the firmware. I obtained the firmware by intercepting the traffic between the device and the server. In the code, I've found some parts that look like they should handle decryption, but it doesn't seem like these methods are actually being used in the application. I'm having difficulty tracking down the keys or identifying where and how they are applied to decrypt the firmware. Here is the code I found that seems to handle the decryption process, but it doesn't appear to be utilized within the app. public final long k(k6.…

I'm attempting to reverse engineer a USB HID device with a display on it. It has 4 endpoints (two interfaces), with two endpoints as IN and two endpoints as OUT. I'm duplicating some of the commands that I've captured and I'm having trouble doing so one of them using PyUSB on Linux. The following two screenshots contain the packet I'm trying to duplicate. The first screenshot is from the Windows host that supports the device, the second is from the Linux machine I am attempting to duplicate the packet on: Wireshark USB Packet Capture Windows Host Wireshark USB Packet Capture Linux Host (PyUSB) Hopefully you can see the difference i…

dn 8mb @: https://www.upload.ee/files/16843500/NikeUnlocker.rar.html https://nitroflare.com/view/09FBAD06E1DF2D7/NikeUnlocker.rar device info https://www.gsmarena.com/htc_touch_diamond-2368.php

I have this code from a tricore processor and I am trying to reverse engineer it in order to rebuild it using c. It is a seed -> key algorithm, that get's a 4byte seed passed (d4 register) does some algorithm to it and returns a 4byte key (d2). In the calculation the d1 register gets used as well. First the extracted assembly: movh d0,#0x7777 d0 now 0x7777'0000 sha d15,a4,#-0x1f d15 = a4 >> 0x1f addi d0,d0,#0x123 +0x123 d0 now 0x77770123 mul e0,a4,d0 e0 = a4 * d0 sha d0,d1,#-0xd …

A greeting to all, I have a firmware dump of a older satellite receiver and out of production for some years. This dump has xom protection (ARM CPU) inside, it is loaded in Ida pro and I can't even debug it step by step as it is all read-only. Execute-only memory (XOM) allows only instruction fetches but Read and write accesses are not allowed from protection. With ida pro, ghidra and radare2, I can see the code but it does not allow debugging. Some times ida pro and ghidra get blocked. when loaded by these software, radare2 no has problems opening the file but I can't debug it. Are there solutions to bypass this protection? https://community.a…

So I have an old hardware device that was built for windows 2000 / xp - it still is almost as new. Akai MPD16 however the device doesn't work via USB only through its midi 5 din cables. I've looked at the .inf and .sys, and the .inf seems easy enough to modify from win32 xp to windows 11 as not much has changed for driver install locations as far as I am aware. I've taken a look at the .sys in CFF explorer and Hex Editor Neo, and chatted with chatgpt and provided data on it. My understanding is that the .sys file is split into different sections and involves sending midi instructions part of the mpd16 midi sysex instructions that seem more or less standard ak…

I have seen many people patching firmware and selling it on the internet, like this website: Chipless firmware for printers Epson I tried to download some original firmware and some patched ones with the same firmware version to compare them, but I couldn’t find any pattern. I created this topic because I think there are smart people here who can help me learn how to do this, at least in the beginning. Thank you.

Deleted

Has anyone been able to find any master passwords or backdoors for the newer UEFI bios? Let me give you an overview of what I'm doing below I have a windows 10 x64 based machine which works fine, but i want to get into the bios to change settings (Boot order etc) now the older machines used to give you a code on the 3 wrong password attempts which then lets you get a master code for it, but these newer machines have a locked password, which again you get 3 attempts then locks up until reboot no more codes, the bios is the American Megatrends v5.65 i don't want to open it up and remove the cmos at the moment for a few reasons plus I'm not sure that ol…

hi i am need help to check version.dll is packed with ElecKey

This is the firmware of my home satellite receiver, I am trying to unpack it to hide or remove some installed apps but I couldn't access the targeted files. I have tried different scenarios with Binwalk, radare2 & Ghidra but I didn't make any success because I am still a newbie so I thought to consult the professionals. https://drive.google.com/file/d/1G3J72xMT-Btjl_0-5RCZ00jOSkYujKIM/view?usp=sharing

Good day everyone, first of all, feel free to delete the post whether its content is not fully pleasant. What I'm sharing with you is a demonstration video on how you can easily re-adapt an electronical device which requires an activation button with an adaptative button, that is the sensitive micro-light switch specifically. It is necessary to take out the circuit board, figure out where the contacts are located and just replace them with those from a 3.5mm audio jack female-to-male adapter cable as any adaptative switch is provided with a generic jack plug, that you can notice in the video below. That's essentially what it is. Feel free to reach me out for any part…

Hello, I am trying to reverse engineer a RT85 Retevis handheld radio in order to produce a custom firmware. The main problem I have is to figure out the microcontroller they are using. They went through the effort of grinding the top of the chip to make it harder for people to guess what it is. The remains of a logo is still distinguishable on the bottom of the chip. Does anyone recognize a brand logo? I doubt it is an obscure Chinese manufacturer otherwise they would have tried to mask it. Also, the programming port has only 4 pins so I guess VDD, VSS, Data and Reset. That already excludes some brands like Microchip which uses at least 5 pins. …

Hello guys, I'm trying to get to know my cable modem with integrated router better but I can't seem to find any firmware online (it's a CBN 6643E) I read one guy was able to root it a few years ago and since then it has been updated, but I can't seem to find how he did it. I think he somehow managed to extract the firmware since he asked a binwalk question on devttys0's website. Now before I open up my modem (which is illegal I suppose since it is provided by my ISP) how would I be able to extract the firmware to analyse it? Would it be possible to somehow sniff the traffic from the coax cable to eventually grab an update file or something? There …

Hello friend, could someone tell me how to get around nprotect for weeks searching the tricks forum and I had no results I'll go into details, because I want to get around the protection I have a project here written in C # the bot performs image recognition and sends the command via sandkeys the image reading is working perfectly the problem is in the key simulation already changed the name of the calls, class name and nothing even if the bot does not make any changes to the game memory nprotect does not allow any high click applications that I noticed the gameguard version is 2631 game name Lovebeat

Hello, I have a device (MITEL 3300) that it can't boot at "0x6857c8" address. When I plugged an SSD Drive into that device, then it can't boot at "0x6857c8" address: MITEL SYSTEM ROM R3.1/10 Aug 5 2011 (83 - POWER_ON_RESET) CCA Number : 36879572 Ra.4 System Model : 00620001 F2500 CPU Model : 8360 R80480021 Reset Config Low : 0804008c Reset Config High : b4500006 Coherent System Bus Clock (MHz) : 266 CPM Clock (MHz) : 399 Core Clock (MHz) : 533 DDR Clock (MHz) : 133 Local Bus Clock (MHz) : 66 Input Clock (MHz) : 33 Internal Memory Map : f0000000 Main Memory (MB) : 512 Local Memory (MB) : 0 Flash Memory (MB) : 4 MAC Address : 08000f640a40 POST Bypass : 0 Watchdog …

Hello, I have an ADATA SSD Drive and its DCO locked. I tried to unlock it with "OSForensics" tool, but failed! https://pasteboard.co/JGslBt9.png Other tools? Thank you.

Part 1 Part 2 Part

helllo how are you/.? I am looking for a method for cracking electromagnetic cards. Do friends have any experience in this field? Electromagnetic cards like bank cards or subway cards...

Reversing Industrial Firmware />http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 Ted.

hi guys every plcs and hmis have ram and rom so how can read those ? how can to dumping?

hi guy how can crack a plc or hmi password? how can crack AVR or ARM IC? is there any real solution?