Hardware Reverse Engineering
Reverse engineering of circuitry hardware and firmware...
66 topics in this forum
-
Trying to understand my modem/router - Part 2
by Downloading...- 1 reply
- 25.5k views
Hey guys, I started my journey some time ago here: https://forum.tuts4you.com/topic/39557-getting-docsis-cable-modem-firmware/ My ultimate goal would be to find a remote code execution on the system. The reason you may ask, is twofold: 1. Learning 2. Being able to access the router without opening it up would be nice. But now I am much further in trying to understanding my cable modem / router but I still have so many questions unanswered... What I managed to find so far: *The router has 2 main microcontrollers (one Puma 5 chip and one Realtek chip), what I suppose is that the Puma 5 chip deals with the Modem part and the Realtek chip with th…
-
GrayKey iPhone unlocker poses serious security concerns...
by Teddy Rogers- 1 reply
- 9.6k views
GrayKey iPhone unlocker poses serious security concerns https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/ Ted.
-
- 4 replies
- 12.2k views
hi all anyone know about current high-end memories(HDD/SSD/RAM)? how they are designed, how they work and materials used to enhance speed or denseness or resistance. it does not have to be on market. prototypes and even hypotheses can help.
-
PIC COF file reversing
by Vivi- 0 replies
- 8.4k views
Anyone have idea how to start reversing COF file i think it was made by MPLab ide (dont know exact controller familly)
-
Motorola 68360 JTAG
by secursig- 0 replies
- 13k views
Anyone got any experience working with the CPU32 or CPU32+ architecture? I'm working on a target that runs its code out of flash and swaps some data in and out of SRAM, but usually not executable code...so I have no breakpoint abilities. I'm having to reflash the target ( lengthy process ) each time I want to try a change from static analysis and it's really frustrating only being able to single step the CPU and not have it stop anywhere. I'd kill for just a single breakpoint at this point. I tried hardcoding in some stops (bgnd opcode) just as a compiler would to force the CPU into background mode to break, but the changes of the executable code are causing checksum…
-
Dumping the Sega Dreamcast VMU ROM (20 Years Later)
by Teddy Rogers- 2 replies
- 10.3k views
Dumping the Sega Dreamcast VMU ROM (20 Years Later) http://dmitry.gr/index.php?r=05.Projects&proj=25. VMU Hacking Ted.
-
- 0 replies
- 7.8k views
As ARM these days is becoming ever so popular on embedded devices..static analysis always doesn't get it done. Here's a couple of useful tools to allow you to run some code in an IDA database if you want to emulate simple subroutines as if you were debugging them with a JTAG...without any debugging hardware. https://github.com/cseagle/sk3wldbg support: x86 x86-64 ARM ARM64 MIPS MIPS64 SPARC SPARC64 M68K This one allows you to bind python style variables to the arm assembly and run it https://github.com/36hours/idaemu Example1 This is easy function for add. .text:000000000040052D public myadd .text:000000000040052D myadd …
-
Firmware Reversing
by Frostbane- 8 replies
- 14.4k views
Found a nice site, good read for electronics enthusiasts and rc engs as well.. do check it out ☆~(ゝ。∂) http://www.devttys0.com/blog/
-
Help recovering telnet password from firmware
by david.lynch- 6 replies
- 11.3k views
I'm not sure if it is right to ask it here, if not please delete and forgive me. I would like to know the password for telnet access of an IP camera that we own. Firmware image is uImage_userland. Any information would be greatly appreciated!
-
dumping serial SPI and I2C chips
by secursig- 0 replies
- 7.3k views
thought I would post this since it's extremely useful for working on some embedded targets. the basic principle is you use a cheap logic analyzer to intercept read requests to the chip ( usually from the microprocessor of your target ) since some designs they store special information in small chips on PCB, like serial number, password, settings, etc. after the CPU reads all the addresses its interested in over the SPI or I2C bus your logic analyzer sees the waveforms and captures the data. then this utility will convert the logic analyzer file to a binary dump of the chip by reconstructing the flash memory contents so you can see what's inside and load into IDA. very use…
-
CPU32 Embedded Reversing JTAG
by secursig- 0 replies
- 6.8k views
Anyone have any experience working with ABATRON BDI2000 or BDI3000 on 683XX based architecture targets? These are the ones that use the CPU32 instruction set. I also have other JTAG pods that support CPU32, but the support for it is kind of dead these days since over thing has gone the way of ARM. The ABATRON I could never do much with except use the single hardware breakpoint, dump registers and memory. Still pretty useful, but it sucks having to clear the breakpoint and re-add it every time you want to step over any call in code. Soft breakpoints are not an option usually because the target devices usually boot from a rom or bootloader in flash which of course is not di…
-
Reversing MD380 Firmware with IDA Pro
by whoknows- 1 reply
- 14.9k views
https://github.com/travisgoodspeed/md380tools/wiki/IDAPro
-
6 Websites with Downloadable Firmware Images
by whoknows- 1 follower
- 0 replies
- 11k views
https://www.tacnetsol.com/blogs/news/6-websites-with-downloadable-firmware-images
-
clue NFC logarithm
by khonel- 1 reply
- 12.2k views
helo all... im have some problem for calculation / logarithm key on NFC card, im have 3 type NFC card, Apathon, EDA and YGS. im try to find calculation key (i think like making keygen) connection between Key A, key B and UID i'm trying to unlock using MFOC and MFCUK and got conclusions, UID calculation with Key A = Key B but im can't find logarithm for get Value Key B (value UID constan). i hope im get answer, clue or reference about my problem... thanks hardware = Proxmark, acr122u, PN532, arduino uno software = Parrot OS, proxmarx tool, MFOC and MFCUK
-
few question about Embedded device
by kb432- 2 replies
- 8.3k views
#1 Is it possible to Extract Hardware firmware Remotely Via Software ? #2 How to extract hardware framework from a device such router and so on. Thanks
-
- 0 replies
- 6.5k views
Read the FULL ARTICLE HERE . Full SOURCES and set of tools can be DOWNLOADED FROM HERE . A PDF created from the website article is attached for the convenience of the readers. PRACTICAL uses : The principles discussed can be used for reversing the firmware of Routers, Dongles etc etc. Please note that while the author has focussed on firmware which is Open Source, the same principles can also be used for Closed-Source Firmware. Firmware Hooking - Using Capstone and Keystone.pdf
-
Sega Saturn CD - Cracked After 20 Years
by Teddy Rogers- 4 replies
- 12.4k views
Ted.
-
Analysis of PS4's Security...
by Teddy Rogers- 17 replies
- 13.2k views
Makes for a bit of an interesting read... http://cturt.github.io/ps4.html Ted.
-
Hardware Reverse Engineering
by Loizos- 3 replies
- 8.4k views
I did a lot of research , found some useful information before creating this thread, but I am wondering if someone more experienced can provide me with further information on hardware reverse engineering and where to begin.Please keep in mind that I have no experience on hw reversing whatsoever. Best regards, Loizos
-
Counterfeit Macbook Charger Teardown...
by Teddy Rogers- 0 replies
- 8k views
Ken Sherriff has done a couple of charger teardowns, this one is just as interesting. He explains why you should be careful when purchasing cheap counterfeit chargers, it could save your life... http://www.righto.com/2016/03/counterfeit-macbook-charger-teardown.html Ted.
-
TMX 1795: the first, forgotten microprocessor...
by Teddy Rogers- 4 replies
- 8.6k views
TMX 1795: the first, forgotten microprocessor http://www.righto.com/2015/05/the-texas-instruments-tmx-1795-first.html Ted.
-
Sentinel hl Pro
by Zed- 2 replies
- 8.4k views
Hello all good friends of this great community need help on how to make copy of my dongle if anyone can help me I would appreciate very much my program is called RODSTAR already and registration but not what else to do ... RODSTAR.txt
-
Infineon MCUs reverse help
by samcool- 0 replies
- 5.8k views
Hi Have some job for reverse Infineon MCUs with IDAPro If U have an exp - PM or write s.korchagin@gmail.com
-
Syncrosoft HID Dongle
by Dragon Team- 2 replies
- 8.1k views
How to dump and emulate Sincrosoft HID Dongle
-
- 15 replies
- 9.1k views
Does anyone know how to detect and eliminate hypervisor style BIOS hacks which seems to be illegally being done by some shady criminals tied to private corporations and government agencies as well as microchips which are implantable and has been documented the NSA has done previously. Certainly there should be some flaw in this, and disabling hypervisor settings in the BCD or BIOS settings or even removing power and resetting the part of BIOS memory by doing an action along the lines of holding the power button for 15 seconds can have an effect. It would be nice to see some real solid information about this topic beyond hoping for more leaks about it in the media.
