Hardware Reverse-Engineering: Difference between revisions
Jump to navigation
Jump to search
Content deleted Content added
mNo edit summary |
mNo edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 17: | Line 17: | ||
=EEPROM extraction= |
=EEPROM extraction= |
||
* Demystifying Hardware Security [https://www.optiv.com/blog/demystifying-hardware-security-part-i Part I], [https://www.optiv.com/blog/demystifying-hardware-security-part-ii Part II], [https://www.optiv.com/blog/demystifying-hardware-security-part-iii Part III] |
* Demystifying Hardware Security [https://www.optiv.com/blog/demystifying-hardware-security-part-i Part I], [https://www.optiv.com/blog/demystifying-hardware-security-part-ii Part II], [https://www.optiv.com/blog/demystifying-hardware-security-part-iii Part III] |
||
* Practical Reverse Engineering (Huawei HG533 router) |
|||
** [http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/ Part I Hunting for Debug Ports] |
|||
** [http://jcjc-dev.com/2016/04/29/reversing-huawei-router-2-scouting-firmware/ Part II Scouting the Firmware] |
|||
** [http://jcjc-dev.com/2016/05/23/reversing-huawei-3-sniffing/ Part III Following the Data] |
|||
** [http://jcjc-dev.com/2016/06/08/reversing-huawei-4-dumping-flash/ Part IV Dumping the Flash] |
|||
=Firmware extraction, glitch way= |
=Firmware extraction, glitch way= |
||
* [https://www.youtube.com/watch?v=TeCQatNcF20 scanlime:015 / Glitchy Descriptor Firmware Grab] (video) using chipwhisperer |
* [https://www.youtube.com/watch?v=TeCQatNcF20 scanlime:015 / Glitchy Descriptor Firmware Grab] (video) using chipwhisperer |
||
=After firmware extraction= |
|||
* Reversing and Exploiting Embedded Devices: The Software Stack [https://www.praetorian.com/blog/reversing-and-exploiting-embedded-devices-part-1-the-software-stack Part I] |
|||
=SCA/FI= |
=SCA/FI= |
||
* [https://newae.com/tools/chipwhisperer/ ChipWhisperer] |
* [https://newae.com/tools/chipwhisperer/ ChipWhisperer] |
||
** [https://wiki.newae.com/Main_Page wiki] & tutos |
** [https://wiki.newae.com/Main_Page wiki] & tutos |
||
=Don't's= |
|||
* https://www.reddit.com/r/funny/comments/49dayl/shortly_after_these_stock_photos_were_taken_all/ |
|||
=Shopping= |
|||
* http://pcbshopper.com/ |
|||
Latest revision as of 08:21, 13 October 2016
Some resources...
JTAG
tutos/posts
- JTAG Explained (finally!): Why "IoT", Software Security Engineers, and Manufacturers Should Care
- ZooBaB page with several JTAG-related projects
projects
- Tjtag-arduino Use the arduino as a JTAG adaptor with Tjtag
- Arduiggler Arduino based JTAG cable with UrJTAG
- JTAGduino The JTAGduino project has the goal of using Arduino as a JTAG interface
- FUJI Free USB JTAG interface
- JTAGenum (Arduino-based) scans pins for basic JTAG functionality and can be used to enumerate the IR for undocumented opcodes
- JTAGulator open source hardware tool that assists in identifying OCD connections from test points, vias, or component pads on a target device
- jtag-finder mirror
- Black Magic Probe in-application debugging tool using a JTAG or Serial Wire Debugging (SWD) port. Targets ARM Cortex-M and Cortex-A based microcontrollers.
EEPROM extraction
- Demystifying Hardware Security Part I, Part II, Part III
- Practical Reverse Engineering (Huawei HG533 router)
Firmware extraction, glitch way
- scanlime:015 / Glitchy Descriptor Firmware Grab (video) using chipwhisperer
After firmware extraction
- Reversing and Exploiting Embedded Devices: The Software Stack Part I
SCA/FI
- ChipWhisperer
- wiki & tutos