Difference between revisions of "Hardware Reverse-Engineering"
Jump to navigation
Jump to search
m |
m |
||
(5 intermediate revisions by the same user not shown) | |||
Line 14: | Line 14: | ||
* [http://www.zoobab.com/jtag-finder jtag-finder] mirror |
* [http://www.zoobab.com/jtag-finder jtag-finder] mirror |
||
* [https://github.com/blacksphere/blackmagic/wiki Black Magic Probe] in-application debugging tool using a JTAG or Serial Wire Debugging (SWD) port. Targets ARM Cortex-M and Cortex-A based microcontrollers. |
* [https://github.com/blacksphere/blackmagic/wiki Black Magic Probe] in-application debugging tool using a JTAG or Serial Wire Debugging (SWD) port. Targets ARM Cortex-M and Cortex-A based microcontrollers. |
||
+ | ** [http://hydrabus.com/2016/04/19/hydrabus-jtagswd-native-debugger-supported-officially-in-blackmagic-github/ HydraBus JTAG/SWD native debugger supported officially in blackmagic github] |
||
− | = |
+ | =EEPROM extraction= |
+ | * Demystifying Hardware Security [https://www.optiv.com/blog/demystifying-hardware-security-part-i Part I], [https://www.optiv.com/blog/demystifying-hardware-security-part-ii Part II], [https://www.optiv.com/blog/demystifying-hardware-security-part-iii Part III] |
||
+ | * Practical Reverse Engineering (Huawei HG533 router) |
||
+ | ** [http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/ Part I Hunting for Debug Ports] |
||
+ | ** [http://jcjc-dev.com/2016/04/29/reversing-huawei-router-2-scouting-firmware/ Part II Scouting the Firmware] |
||
+ | ** [http://jcjc-dev.com/2016/05/23/reversing-huawei-3-sniffing/ Part III Following the Data] |
||
+ | ** [http://jcjc-dev.com/2016/06/08/reversing-huawei-4-dumping-flash/ Part IV Dumping the Flash] |
||
+ | |||
=Firmware extraction, glitch way= |
=Firmware extraction, glitch way= |
||
* [https://www.youtube.com/watch?v=TeCQatNcF20 scanlime:015 / Glitchy Descriptor Firmware Grab] (video) using chipwhisperer |
* [https://www.youtube.com/watch?v=TeCQatNcF20 scanlime:015 / Glitchy Descriptor Firmware Grab] (video) using chipwhisperer |
||
+ | =After firmware extraction= |
||
+ | * Reversing and Exploiting Embedded Devices: The Software Stack [https://www.praetorian.com/blog/reversing-and-exploiting-embedded-devices-part-1-the-software-stack Part I] |
||
=SCA/FI= |
=SCA/FI= |
||
* [https://newae.com/tools/chipwhisperer/ ChipWhisperer] |
* [https://newae.com/tools/chipwhisperer/ ChipWhisperer] |
||
** [https://wiki.newae.com/Main_Page wiki] & tutos |
** [https://wiki.newae.com/Main_Page wiki] & tutos |
||
+ | |||
+ | =Don't's= |
||
+ | * https://www.reddit.com/r/funny/comments/49dayl/shortly_after_these_stock_photos_were_taken_all/ |
||
+ | |||
+ | =Shopping= |
||
+ | * http://pcbshopper.com/ |
Latest revision as of 09:21, 13 October 2016
Some resources...
JTAG
tutos/posts
- JTAG Explained (finally!): Why "IoT", Software Security Engineers, and Manufacturers Should Care
- ZooBaB page with several JTAG-related projects
projects
- Tjtag-arduino Use the arduino as a JTAG adaptor with Tjtag
- Arduiggler Arduino based JTAG cable with UrJTAG
- JTAGduino The JTAGduino project has the goal of using Arduino as a JTAG interface
- FUJI Free USB JTAG interface
- JTAGenum (Arduino-based) scans pins for basic JTAG functionality and can be used to enumerate the IR for undocumented opcodes
- JTAGulator open source hardware tool that assists in identifying OCD connections from test points, vias, or component pads on a target device
- jtag-finder mirror
- Black Magic Probe in-application debugging tool using a JTAG or Serial Wire Debugging (SWD) port. Targets ARM Cortex-M and Cortex-A based microcontrollers.
EEPROM extraction
- Demystifying Hardware Security Part I, Part II, Part III
- Practical Reverse Engineering (Huawei HG533 router)
Firmware extraction, glitch way
- scanlime:015 / Glitchy Descriptor Firmware Grab (video) using chipwhisperer
After firmware extraction
- Reversing and Exploiting Embedded Devices: The Software Stack Part I
SCA/FI
- ChipWhisperer
- wiki & tutos