#04 - How To Get The Firmware - Hardware Hacking Tutorial
Рет қаралды 156,685
4 жыл бұрынIf you are struggling to get the firmware out of your device, this is the video for you!
In this video I will explain the possible ways we can use to to get the firmware of our IoT device.
I will do a practical example, of one of these possible ways. I will connect the PC to the UART of our sample device, I will analyze the boot log, I will access the command line interface of the boot loader, and I will dump the firmware, exploiting the dump command available in the boot loader. I will use a couple of scripts, do dump the entire EEPROM in an hexadecimal ASCII text file, and, then, to convert back this file in binary form to get the exact image of the EEPROM.
********* Links with additional Information
Channel's Author: www.makemehack.com/2020/02/a-...
Channel's Web Site: www.makemehack.com/
The sample router (Gemtek WVRTM-127ACN) on techinfodepot: en.techinfodepot.shoutwiki.com...
The sample router (Gemtek WVRTM-127ACN) reverse engineered on GitHub, includes scripts to dump the EEPROM to a text file and to convert it back to binary file: github.com/digiampietro/hacki...
TTL Serial Adapter (affiliate link): amzn.to/2vvzCYB
PuTTY, the terminal emulator: www.putty.org/
Wireshark, Ethernet analyzer: www.wireshark.org/
Curl, command line tool for transferring data with URLs: curl.haxx.se/
Wget, retrieving files with URLs: www.gnu.org/software/wget/
Mitmproxy, a free and open source interactive HTTPS proxy: mitmproxy.org/
Bus Pirate: dangerousprototypes.com/docs/B...
OpenOcd, On Chip Debugger: openocd.org/
U-Boot, The Universal Boot Loader: www.denx.de/wiki/U-Boot
Buildroot, a simple, efficient and easy-to-use tool to generate embedded Linux systems through cross-compilation: buildroot.org/
Binwalk, a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images: github.com/ReFirmLabs/binwalk
SOIC8 SOP8 Flash Chip IC Test Clips Socket Adpter BIOS/24/25/93/95 Programmer (affiliate link): amzn.to/39A9JFd
@mihaifelseghi 3 жыл бұрын
You sir are a human university, the best tutorials ever made, the most comprehensive and clear, keep up the good work, I am waiting for the next video in the series.
@MakeMeHack 3 жыл бұрын
Hello Mihai Felseghi, thank you very much for your appreciation and support.
@Ravecat27 3 жыл бұрын
@@MakeMeHack Thank you for your Video, I need help! :( I think all my Devices have a malicous code, Smart TV, Monitor, Smartphone, Computer, Tablet, Xbox one, PS4...... They are all like radio controlled, they will be very fast hot, the sound will be quieter and quieter and the picture quality is worse, dark picture, even die Mini DAB Radio in the Kitchen have this malicous code, do you know about this malicous code?
@oscareriksson9414 2 ай бұрын
I am a programmer at a finance company, but was always interested in hardware, mostly from a software perspective. I started looking at this series about a year ago and it kick-started a burning interest in electronics and hardware hacking in general. Now my desk is overcrowded with bread boards, several chips and boards like raspberry pies, several arduinos of different types, standalone mc chips, avr and arm cortex and have started soldering stuff together with sensors etc etc. The wires are every where. Even spreding out to the living room! Now I have started looking into openocd and things to get to the bottom of the hardware communication things, saw this video series again and this time I understand wth you are explaining (in terms of technology) which makes me appreciate the video series even more. Grazie mille!
@celebris3 3 жыл бұрын
Valerio, I really like the way you explain - detailed, clear and comprehensive, no shortcuts, no hiding details. Thank you for sharing your experience to us. I just discovered your channel, already subscribed and can't wait to watch from the beginning. Keep up the good work, I am sure this channel will grow up quick. (Y)
@TheMadMagician87 3 жыл бұрын
Fantastic video's, the density of information is incredible to me! Absolutely loving this series, and particularly this video so far, there are so many things I always wondered about in boot logs that you have addressed, it's inspiring me to learn more about all the other bits in there as well!
@MattSimmonsSysAdmin 3 жыл бұрын
I am totally loving this channel. Thank you for spending the time and effort sharing your knowledge. I have so many of your videos to watch!
@taterfpv Жыл бұрын
This showed up in my feed today. I have no need to do any of this but I watched the entire video. You explain everything so well I just kept watching. Good job man.
@louieearle Жыл бұрын
This was a fantastic video - you have clear depth of knowledge, and you present better than almost every other hardware reversing video. I particularly like the context you give. So often presenters just show a wall of cryptic commands and output. You do a fantastic job in explaining.
@lindsay5985 Жыл бұрын
Valerio, a genuinely informative video, packed with useful, advanced information that will inspire and spark the interest of tinkerers, young and old, everywhere. We all thank you for sharing so generously. For the feedback you asked for, I would encourage more use of text to display names and acronyms, because you naturally have an endearing strong accent and this could improve the clarity for a wider audience. I will definitely be learning from more of your videos. Subscribed.
@murrij 4 жыл бұрын
like i said in my tweet earlier today, this whole series is awesome. you fill in the blanks on a lot of information that is all over on KZfaq but not i none place. thank you.
@MakeMeHack 4 жыл бұрын
Hi murrij, thank you very much for your continued appreciation and support.
@gtpsic 2 жыл бұрын
Fantastic video production. So fascinating. You did a great job. This was easy to follow and packed with so much info. Just fascinating
@bysectrademark6729 Жыл бұрын
This is perfect channel for all beginers in reverse firmware education and understanding what firmware works...Great job! Maybe in future we can send you some firmwares and you can make video from firmware analys this firmware.
@ronwellman 3 жыл бұрын
I was all smiles during this entire video. Your expertise shows through and this was the exact content I was looking for. I am excited to learn more. Thank you!
@baghdadiabdellatif1581 5 ай бұрын
😂 me too. God bless him
@GastoNet 3 жыл бұрын
Ciao Valerio! You have the most instresting channel I've subscribed in my whole life! Keep the good work and stay safe.
@anuradhapriyankara5226 3 жыл бұрын
I have watched most of your videos and what can I say is your videos are fantastic and very informative. I am too an electronic engineer and I'm trying to reverse engineer a set top box these days. Your tutorials were very much helpful for me. I'm currently trying to extract the firmware using JTAG since I have successfully identified JTAG port using your tutorial. Keep up the good work! P.s- you have a nice accent too ;-) I like it
@baghdadiabdellatif1581 5 ай бұрын
Good for you, i am too electronic engineer What JTAG did you use?
@arkinzoodsma1510 Жыл бұрын
Hello sir I would really want to thank you for your awesome content! It's a real wealth of high quality hands on information coming from experience which you dont see often. Most of the time people make 1 short tutorial and thats itl. Also your english is very understandable and I would dare to say that its easier to follow than some native speakers. You really make an effort to speak clearly and it helps! Have you maybe thought about doing a patreon or something like that? I really hope that you will contineau producing videos!
@callelewander6789 Жыл бұрын
Mr. Giampietro, thank you for sharing your knowledge! You have some serious skills! I will share your material with my colleagues!
@daanklem264 Жыл бұрын
I teach this content and really appreciate your detail and precision! Pure gold!
@garypaulson5202 Жыл бұрын
Am really enjoying this video series, thank you! I also am an old man who learned Perl :)
@mrsaizo0000 Жыл бұрын
Subscribed, things like this is not only good to know, but can help you "modify" certain hardware..
@longtran12345678 3 ай бұрын
your video is gold, it slowly teaches me so many valuable knowledge, thank you so much. I feel luck to see your video even for the first time.
@bosr Жыл бұрын
I agree with the comments here. Thank you so much for sharing such amount of knowledge, in such a structured and brilliant way. We are lucky to have you. Gracie mille, from France.
@GerardFuguet 4 жыл бұрын
You are simply awesome, I hadn’t any idea how to do this and luckily I found you (seems most OpenWRT based routers uses same bootloader structure), I’m very happy to see how you manage your videos/explanations, it denotes you have passion for you work. This is great sir! :) Hope you are safe under these rare days, take care good man!
@MakeMeHack 4 жыл бұрын
Hello Gerard Fuguet, thank you for your appreciation and support. And yes I and my family are safe, at home 🙂
@BreakinUpBuds 2 жыл бұрын
Man I wish you were still making videos you are awesome thanks for what you did make.
@papamidnightfpv 4 жыл бұрын
I have always wanted to get into hardware hacking. This video is great I hope you keep them coming.
@MakeMeHack 4 жыл бұрын
Hello Isaiah Newman, thank you for your appreciation and support. I plan to continue with this series and with this channel. My original ambition was to release a video each week, but in reality, I need more time, so, on average I will release a new video every 10/14 days.
@torftee2235 3 жыл бұрын
This is just GREAT stuff, Valerio! Grazie mille from Germany!
@micmacha Жыл бұрын
I already loved binwalk, and I had no idea it could tell you about the entropy too!
@ThatNiceDutchGuy Жыл бұрын
Grazie mille per aver menzionato Expect! Era esattamente la lingua di cui avevo bisogno. Ti auguro il meglio!
@StefanSonesson Жыл бұрын
Mille grazie! (did I get that right?) fantastic information that got me grabbing cables and stuff. Now for the rest of your videos 😎🙏
@baghdadiabdellatif1581 5 ай бұрын
this is the exact content I was looking for. Thank you. God bless you
@cralx2k 3 жыл бұрын
These series are gold... AMAZING
@BristlyBright Жыл бұрын
Thank you for this great video series! I really appreciate the knowledge you are sharing with others. Grazie mille!
@marialetiziadigiampietro8423 4 жыл бұрын
Very professional and inspiring video! Can't wait to see the next episode
@MakeMeHack 4 жыл бұрын
Hello Maria Letizia, thank you for your appreciation and support. Next episode should arrive next week!
@ramazanciftci1770 Жыл бұрын
Maestro mille grazie di Germania por cet seria di video informativo. It was very nice to see in practice things having thought about theoretically. As a thanks I will subscribe your channel for the first time after watching non stop 15 years KZfaq videos.
@HiHi-le3ev Ай бұрын
Плохо что я раньше не нашел вашь Ютуб канал . Мала кто расказывает и показывает так подробно как вы . Хорошего развития канала .
@WereCatf 2 жыл бұрын
Just in case someone stumbles upon here: uboot often has the commands to dump the contents of any connected SPI NOR or NAND flash disabled. Also, e.g. Xiaomi likes to disable UART-input entirely for uboot and the installed OS, so none of this will work in that case and you will need to either access the flash directly, use JTAG or find a vulnerability for the installed OS that lets you get root access that way.
@030H 2 жыл бұрын
This is amazing. Thank you so much, I'm subscribing to your channel 👍
@tamilelectronicsforbeggine1229 10 ай бұрын
thank you very much for your detailed video script series sir. very useful and im grateful to you
@krzsn5382 10 ай бұрын
Great job, you're the best explain this topics... thanks for sharing your knowledge...
@thealex7671 7 ай бұрын
Amazing! You are genius, my friend, i'm gonna watch every your video! ❤❤❤
@meowme7644 2 жыл бұрын
impressive! instantly subbed 😉 very nice thank you👍👍 have a nice Domenica
@stevecross9159 3 жыл бұрын
Valerio From the UK great teaching thank you.
@jacobwalters9660 4 жыл бұрын
Great video. I am inspired to try and dump the firmware of my electric skateboard
@MakeMeHack 4 жыл бұрын
Hello Jacob, thank you for your appreciation!
@murrij 4 жыл бұрын
dude that would be cool.
@matheuso86 2 жыл бұрын
Sir, please, continue this awesome work!!
@darkstareng 2 жыл бұрын
Holio molio this is such an amazing guide. Leave it to a real engineer to know exactly what they're doing!
@saurabhambulkar1 3 жыл бұрын
Great ,information in the video....keep it up make those wonderful videos..
@martinneff1681 3 жыл бұрын
Great Tutorial, pls keep it up. Your are a very good tutor.
@MarcioSantosMarcio-D-Santos Жыл бұрын
Thank you and you gained another subscriber, I would like to change the firmware of an Epson printer, but I don't know if it's possible, just looking to find out
@edgeeffect 3 жыл бұрын
I am also an old man.... I haven't seen Expect or TCL for many years.... Expect was ("was", no..... "IS") wonderful for this sort of thing. In the past I ran "end of day" on our mainframe using something very much like expect and my manager thought it was "black magic". I want to go back and look at my old TCL scripts now.
@johnSmith-mo5ne 4 ай бұрын
A lot of thank for this useful guide. You are great!
@TheRealKitWalker 3 жыл бұрын
So very very useful. Thanks for sharing 👏👏👍👍✌️✌️
@annag5458 2 жыл бұрын
Fabulous video on first principles
@MiguelGuatemala Жыл бұрын
Excelentemente EXPLICADO,!! gracias
@markp5726 Жыл бұрын
Re: TSOP (at 7:31) - there are clips for chips like this available. They can be found by searching for something like "nand tsop clip" or "360 clip". Security researchers use them to find TOCTOU (etc) firmware security flaws.
@ImranAli-rp4kd Жыл бұрын
You can get tsop 48 clips, people used them before for Xbox 360 and ps3 etc but it’s not hard to remove one to read it and solder it back on the board
@EvilSapphireR 7 ай бұрын
@@ImranAli-rp4kdcan you please provide any tutorial/video showing how it is done?
@ImranAli-rp4kd 7 ай бұрын
@@EvilSapphireR I’ll try to do that
@EvilSapphireR 7 ай бұрын
@@ImranAli-rp4kd thanks man!
@mohelm97 3 жыл бұрын
Thanks a lot, this is pure gold
@rupioe582 Жыл бұрын
Very nice video you might have started a passion for hardware hacking ❤
@vieiracastro82 3 жыл бұрын
Thank you for share the World so much knowledge, is impressive you domain, congratulations!!!
@BlensonPaul 4 ай бұрын
great explanation, love you man. .
@pablolopezcorona Жыл бұрын
Muy interesante la forma de codificar la informacion el los ruters desde el firware.
@riskydissonance 2 жыл бұрын
Loving the content, thank you!!!
@cybergen2K 3 жыл бұрын
Definitely deserves more subs! Grazi!
@Kingsize001100 2 жыл бұрын
You are a genius. Keep making videos!
@qbitsday3438 Жыл бұрын
Sono indiano e adoro il tuo tutorial.Grazie mille!Mi iscrivo immediatamente! google helped me!
@serggorod1423 Жыл бұрын
Отличный ролик! Время обновить инструменты!
@GianlucaRoccaGian 3 жыл бұрын
Grandeee esattamente cosa voglio imparare ❤️❤️
@gcm4312 3 жыл бұрын
very good content! thank you for sharing
@bajwakamran5791 Жыл бұрын
Very interesting and detailed information
@adriancoanda9227 Жыл бұрын
The dump is easy to reverse engineering intro would be awesome 👌
@klairm9097 3 жыл бұрын
Awesome, are your videos are very useful thanks for everything!
@MakeMeHack 3 жыл бұрын
Hello Klairm, thank you for your appreciation and support.
@9h0s71n1gh7 Жыл бұрын
great explanation! Thank"s
@mostafaarabi4793 2 жыл бұрын
You are a young excellent man.thanks.
@mmfix3851 2 жыл бұрын
wow that is amazing, i have question is it possible to read not only eeprom but the whole BOOTloader and for example if we change the MCU to be available to reprogram and the device to work fine. (i mean to transplant new Microcontroler which is empty )
@drigogt 3 жыл бұрын
May I ask you a question: where is stored the UUID in a board? In the EEPROM? Is this usually a hash?
@xEnergyShootx 2 жыл бұрын
questo video è un tesoro, complimenti
@rhodyrhckthaladro7840 Жыл бұрын
A very helpful video...
@90daner Жыл бұрын
bellissimo video mister!
@ImranAli-rp4kd Жыл бұрын
I understand lots of people can’t solder a TSOP 48 but it’s not near impossible like you say, I’ve done lots of them for tv boards
@westernvibes1267 3 жыл бұрын
Instantly subscribed. 🖤 ^_^
@oleksandrb1708 4 жыл бұрын
Amazing video. Thank you.
@MakeMeHack 4 жыл бұрын
Hello Oleksandr B, thank you for your appreciation!
@McKaktus259 3 жыл бұрын
Thanks for the video. I am currently trying to gain access to a system through UART. However, when I connect my UART-USB bridge, I can only see the output of the device (so baud rate seems to be correct) but cannot send any commands. I have checked the wiring and settings. Both TX and RX are connected to the MCU (I checked the traces). Do you have any idea other idea?
@TheRazgr1z1 2 жыл бұрын
10/10 please dont stop CIAO !!!!
@biganguria 10 ай бұрын
zio fai prima a parlare in italiano che capisco meglio hahah sei il migliore grazie per sti video
@mauricioribas999 2 жыл бұрын
Great stuff thank you
@fahemabdelmalek5655 Жыл бұрын
thank you ,too mach information for me
@ombudsman3821 Жыл бұрын
Bravo. Molto interessante
@wilwad Жыл бұрын
You sir know what you are talking about thus I have subscribed
@oscardowning9507 Жыл бұрын
This man is a true legend
@MedicalStudentChannel Жыл бұрын
You are a perfect teacher !!!!!!!!!!!!!!!!!
@IdoSamuelson 2 жыл бұрын
Thank you. What are the options when there is not much data in uart boot beside "ERROR" , will appriciate help
@alexanderzhang3972 2 жыл бұрын
赞👍, awesome, From China.
@angryman9333 Жыл бұрын
Thank you much love ❤
@davidmc971 3 жыл бұрын
Great video!
@markusschnepf Жыл бұрын
Right after Super Mario, this is gonna be my 2nd favourite Italian
@pierreleclercq7729 3 ай бұрын
The video is 3 years old, but have you tried extracting the firmware of ssd drives, in order to access nand values, after a trim, which only clears the sector mapping table?
@hafo821 Жыл бұрын
great video sir!
@elcondor7627 Жыл бұрын
This is just hacking ASMR :)
@stephanonyambo66 11 ай бұрын
IM IN LOVE WITH HARDARE ENGENEETIND AND REVERSE MODIFICATION with hacking enterferance
@juannunez952 2 жыл бұрын
You can't sniff the router's WAN interface? What about creating a subnet using the target router connecting it's WAN interface to any LAN port on the primary router.
@J01220 3 жыл бұрын
Great Tutorial
@bosr Жыл бұрын
Thanks!
@tamiriiiii Жыл бұрын
Very professional video, how can we get in contact with you ? and can you do a video about a UBIFS file, i find it hard to extract data out of it, Thanks
Matt Brown
Рет қаралды 21 М.
Linux.conf.au 2012 -- Ballarat, Australia
Рет қаралды 798 М.
stacksmashing
Рет қаралды 137 М.
OWASP Foundation
Рет қаралды 1,6 МЛН
ProTech
Рет қаралды 101 М.
Павел Хмурчик
Рет қаралды 62 М.