Difference between revisions of "Hardware Reverse-Engineering"

From YobiWiki
Jump to navigation Jump to search
(Created page with "Some resources... =JTAG= ==tutos/posts== * [http://blog.senr.io/blog/jtag-explained JTAG Explained (finally!): Why "IoT", Software Security Engineers, and Manufacturers Shoul...")
 
m
 
(7 intermediate revisions by the same user not shown)
Line 13: Line 13:
 
* [http://www.grandideastudio.com/jtagulator/ JTAGulator] open source hardware tool that assists in identifying OCD connections from test points, vias, or component pads on a target device
 
* [http://www.grandideastudio.com/jtagulator/ JTAGulator] open source hardware tool that assists in identifying OCD connections from test points, vias, or component pads on a target device
 
* [http://www.zoobab.com/jtag-finder jtag-finder] mirror
 
* [http://www.zoobab.com/jtag-finder jtag-finder] mirror
  +
* [https://github.com/blacksphere/blackmagic/wiki Black Magic Probe] in-application debugging tool using a JTAG or Serial Wire Debugging (SWD) port. Targets ARM Cortex-M and Cortex-A based microcontrollers.
=Firmware extraction=
 
  +
** [http://hydrabus.com/2016/04/19/hydrabus-jtagswd-native-debugger-supported-officially-in-blackmagic-github/ HydraBus JTAG/SWD native debugger supported officially in blackmagic github]
 
=EEPROM extraction=
  +
* Demystifying Hardware Security [https://www.optiv.com/blog/demystifying-hardware-security-part-i Part I], [https://www.optiv.com/blog/demystifying-hardware-security-part-ii Part II], [https://www.optiv.com/blog/demystifying-hardware-security-part-iii Part III]
  +
* Practical Reverse Engineering (Huawei HG533 router)
  +
** [http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/ Part I Hunting for Debug Ports]
  +
** [http://jcjc-dev.com/2016/04/29/reversing-huawei-router-2-scouting-firmware/ Part II Scouting the Firmware]
  +
** [http://jcjc-dev.com/2016/05/23/reversing-huawei-3-sniffing/ Part III Following the Data]
  +
** [http://jcjc-dev.com/2016/06/08/reversing-huawei-4-dumping-flash/ Part IV Dumping the Flash]
  +
 
=Firmware extraction, glitch way=
 
=Firmware extraction, glitch way=
 
* [https://www.youtube.com/watch?v=TeCQatNcF20 scanlime:015 / Glitchy Descriptor Firmware Grab] (video) using chipwhisperer
 
* [https://www.youtube.com/watch?v=TeCQatNcF20 scanlime:015 / Glitchy Descriptor Firmware Grab] (video) using chipwhisperer
  +
=After firmware extraction=
  +
* Reversing and Exploiting Embedded Devices: The Software Stack [https://www.praetorian.com/blog/reversing-and-exploiting-embedded-devices-part-1-the-software-stack Part I]
 
=SCA/FI=
 
=SCA/FI=
 
* [https://newae.com/tools/chipwhisperer/ ChipWhisperer]
 
* [https://newae.com/tools/chipwhisperer/ ChipWhisperer]
** [https://wiki.newae.com/Main_Page wiki]
+
** [https://wiki.newae.com/Main_Page wiki] & tutos
  +
  +
=Don't's=
  +
* https://www.reddit.com/r/funny/comments/49dayl/shortly_after_these_stock_photos_were_taken_all/
  +
  +
=Shopping=
  +
* http://pcbshopper.com/

Latest revision as of 09:21, 13 October 2016

Some resources...

JTAG

tutos/posts

projects

EEPROM extraction

Firmware extraction, glitch way

After firmware extraction

  • Reversing and Exploiting Embedded Devices: The Software Stack Part I

SCA/FI

Don't's

Shopping