Hardware Reverse Engineering
Reverse engineering of circuitry hardware and firmware...
63 topics in this forum
-
Trying to understand my modem/router - Part 2
by Downloading...- 1 reply
- 24.9k views
Hey guys, I started my journey some time ago here: https://forum.tuts4you.com/topic/39557-getting-docsis-cable-modem-firmware/ My ultimate goal would be to find a remote code execution on the system. The reason you may ask, is twofold: 1. Learning 2. Being able to access the router without opening it up would be nice. But now I am much further in trying to understanding my cable modem / router but I still have so many questions unanswered... What I managed to find so far: *The router has 2 main microcontrollers (one Puma 5 chip and one Realtek chip), what I suppose is that the Puma 5 chip deals with the Modem part and the Realtek chip with th…
-
Reversing Industrial Firmware...
by Teddy Rogers- 8 replies
- 18.4k views
Reversing Industrial Firmware />http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 Ted.
-
Uefi Bios backdoor
by H1TC43R- 1 follower
- 24 replies
- 15k views
Has anyone been able to find any master passwords or backdoors for the newer UEFI bios? Let me give you an overview of what I'm doing below I have a windows 10 x64 based machine which works fine, but i want to get into the bios to change settings (Boot order etc) now the older machines used to give you a code on the 3 wrong password attempts which then lets you get a master code for it, but these newer machines have a locked password, which again you get 3 attempts then locks up until reboot no more codes, the bios is the American Megatrends v5.65 i don't want to open it up and remove the cmos at the moment for a few reasons plus I'm not sure that ol…
-
Getting Docsis Cable Modem Firmware
by Downloading...- 3 replies
- 14.7k views
Hello guys, I'm trying to get to know my cable modem with integrated router better but I can't seem to find any firmware online (it's a CBN 6643E) I read one guy was able to root it a few years ago and since then it has been updated, but I can't seem to find how he did it. I think he somehow managed to extract the firmware since he asked a binwalk question on devttys0's website. Now before I open up my modem (which is illegal I suppose since it is provided by my ISP) how would I be able to extract the firmware to analyse it? Would it be possible to somehow sniff the traffic from the coax cable to eventually grab an update file or something? There …
-
Firmware Reversing
by Frostbane- 8 replies
- 13.8k views
Found a nice site, good read for electronics enthusiasts and rc engs as well.. do check it out ☆~(ゝ。∂) http://www.devttys0.com/blog/
-
Motorola 68360 JTAG
by secursig- 0 replies
- 12.7k views
Anyone got any experience working with the CPU32 or CPU32+ architecture? I'm working on a target that runs its code out of flash and swaps some data in and out of SRAM, but usually not executable code...so I have no breakpoint abilities. I'm having to reflash the target ( lengthy process ) each time I want to try a change from static analysis and it's really frustrating only being able to single step the CPU and not have it stop anywhere. I'd kill for just a single breakpoint at this point. I tried hardcoding in some stops (bgnd opcode) just as a compiler would to force the CPU into background mode to break, but the changes of the executable code are causing checksum…
-
Analysis of PS4's Security...
by Teddy Rogers- 17 replies
- 12.3k views
Makes for a bit of an interesting read... http://cturt.github.io/ps4.html Ted.
-
Crack electromagnetic cards????
by r0mel- 1 follower
- 8 replies
- 11.9k views
helllo how are you/.? I am looking for a method for cracking electromagnetic cards. Do friends have any experience in this field? Electromagnetic cards like bank cards or subway cards...
-
- 4 replies
- 11.8k views
hi all anyone know about current high-end memories(HDD/SSD/RAM)? how they are designed, how they work and materials used to enhance speed or denseness or resistance. it does not have to be on market. prototypes and even hypotheses can help.
-
clue NFC logarithm
by khonel- 1 reply
- 11.7k views
helo all... im have some problem for calculation / logarithm key on NFC card, im have 3 type NFC card, Apathon, EDA and YGS. im try to find calculation key (i think like making keygen) connection between Key A, key B and UID i'm trying to unlock using MFOC and MFCUK and got conclusions, UID calculation with Key A = Key B but im can't find logarithm for get Value Key B (value UID constan). i hope im get answer, clue or reference about my problem... thanks hardware = Proxmark, acr122u, PN532, arduino uno software = Parrot OS, proxmarx tool, MFOC and MFCUK
-
dumping ram and rom
by perfum2020- 1 follower
- 1 reply
- 11.5k views
hi guys every plcs and hmis have ram and rom so how can read those ? how can to dumping?
-
PLC : S-7 1200 & FATEK
by perfum2020- 6 replies
- 11.2k views
hi guy how can crack a plc or hmi password? how can crack AVR or ARM IC? is there any real solution?
-
Help recovering telnet password from firmware
by david.lynch- 6 replies
- 10.5k views
I'm not sure if it is right to ask it here, if not please delete and forgive me. I would like to know the password for telnet access of an IP camera that we own. Firmware image is uImage_userland. Any information would be greatly appreciated!
-
Dumping the Sega Dreamcast VMU ROM (20 Years Later)
by Teddy Rogers- 2 replies
- 9.6k views
Dumping the Sega Dreamcast VMU ROM (20 Years Later) http://dmitry.gr/index.php?r=05.Projects&proj=25. VMU Hacking Ted.
-
GrayKey iPhone unlocker poses serious security concerns...
by Teddy Rogers- 1 reply
- 9.2k views
GrayKey iPhone unlocker poses serious security concerns https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/ Ted.
-
6 Websites with Downloadable Firmware Images
by whoknows- 1 follower
- 0 replies
- 8.9k views
https://www.tacnetsol.com/blogs/news/6-websites-with-downloadable-firmware-images
-
- 15 replies
- 8.6k views
Does anyone know how to detect and eliminate hypervisor style BIOS hacks which seems to be illegally being done by some shady criminals tied to private corporations and government agencies as well as microchips which are implantable and has been documented the NSA has done previously. Certainly there should be some flaw in this, and disabling hypervisor settings in the BCD or BIOS settings or even removing power and resetting the part of BIOS memory by doing an action along the lines of holding the power button for 15 seconds can have an effect. It would be nice to see some real solid information about this topic beyond hoping for more leaks about it in the media.
-
Hardware Reverse Engineering Learning Platform...
by Teddy Rogers- 5 replies
- 8.5k views
Hardware Reverse Engineering Learning Platform http://hackaday.io/project/1543-Hardware-Reverse-Engineering-Learning-Platform Ted.
-
Reverse Engineering LPC’s Device Firmware Upgrade Protocol...
by Teddy Rogers- 0 replies
- 8.4k views
Reverse Engineering LPC’s Device Firmware Upgrade Protocol http://blog.technical.io/post/66686276686/reverse-engineering-lpcs-device-firmware-upgrade Ted.
-
SCADA Trojans: Attacking the Grid...
by Teddy Rogers- 2 replies
- 8.3k views
/>http://www.reversemode.com/downloads/exploit_advantech.zip/>http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf Ted.
-
PIC COF file reversing
by Vivi- 0 replies
- 8k views
Anyone have idea how to start reversing COF file i think it was made by MPLab ide (dont know exact controller familly)
-
Hardware Reverse Engineering
by Loizos- 3 replies
- 8k views
I did a lot of research , found some useful information before creating this thread, but I am wondering if someone more experienced can provide me with further information on hardware reverse engineering and where to begin.Please keep in mind that I have no experience on hw reversing whatsoever. Best regards, Loizos
-
Sentinel hl Pro
by Zed- 2 replies
- 7.8k views
Hello all good friends of this great community need help on how to make copy of my dongle if anyone can help me I would appreciate very much my program is called RODSTAR already and registration but not what else to do ... RODSTAR.txt
-
Syncrosoft HID Dongle
by Dragon Team- 2 replies
- 7.7k views
How to dump and emulate Sincrosoft HID Dongle
-
few question about Embedded device
by kb432- 2 replies
- 7.5k views
#1 Is it possible to Extract Hardware firmware Remotely Via Software ? #2 How to extract hardware framework from a device such router and so on. Thanks