Exetools  

Go Back   Exetools > General > Electric Section

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-08-2023, 02:45
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 163
Rept. Given: 5
Rept. Rcvd 9 Times in 8 Posts
Thanks Given: 4
Thanks Rcvd at 24 Times in 20 Posts
rcer Reputation: 9
Reversing embedded systems

Hi, this is a little bit off topic/forum, but I didn't know exactly to post this.

Does anybody know any good reversing forums specialized in hacking/reverse engineering embedded systems.

Reason for asking is that I have a controller board, containing an Atmega 1280 MCU, which is bricked. I would like to extract the firmware from the MCU flash, but the LB1 or LB2 lock-bits are set, which prevents programming/reading/verifying flash & EEPROM contents.
Apparently the only way to reset the lock-bits is to completely erase the chip, which of course is not a viable option for me. Would be interesting to see if somebody managed to rest the 2 bits without erasing the flash & EEPROM

Last edited by rcer; 11-08-2023 at 02:51.
Reply With Quote
  #2  
Old 11-08-2023, 14:52
blue_devil's Avatar
blue_devil blue_devil is offline
Family
 
Join Date: Dec 2011
Location: Observable Universe
Posts: 348
Rept. Given: 79
Rept. Rcvd 51 Times in 24 Posts
Thanks Given: 343
Thanks Rcvd at 501 Times in 171 Posts
blue_devil Reputation: 52
I cannot help you on this specific situation; unfortunately!

What about the famous "chip-off" way? Is it possible for you?
Reply With Quote
  #3  
Old 11-08-2023, 18:46
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 163
Rept. Given: 5
Rept. Rcvd 9 Times in 8 Posts
Thanks Given: 4
Thanks Rcvd at 24 Times in 20 Posts
rcer Reputation: 9
Smile

Quote:
Originally Posted by blue_devil View Post
I cannot help you on this specific situation; unfortunately!

What about the famous "chip-off" way? Is it possible for you?
Unfortunately that is not possible, because I don't own the million dollar equipment required to perform this type of operations
Reply With Quote
  #4  
Old 11-08-2023, 19:00
blue_devil's Avatar
blue_devil blue_devil is offline
Family
 
Join Date: Dec 2011
Location: Observable Universe
Posts: 348
Rept. Given: 79
Rept. Rcvd 51 Times in 24 Posts
Thanks Given: 343
Thanks Rcvd at 501 Times in 171 Posts
blue_devil Reputation: 52
Quote:
Originally Posted by rcer View Post
Unfortunately that is not possible, because I don't own the million dollar equipment required to perform this type of operations
I feel you bro Don't you have any debug or JTAG pins to move on?
Reply With Quote
  #5  
Old 11-08-2023, 20:35
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 163
Rept. Given: 5
Rept. Rcvd 9 Times in 8 Posts
Thanks Given: 4
Thanks Rcvd at 24 Times in 20 Posts
rcer Reputation: 9
Yes the board has a 6pin SPI header & 10 pin JTAG header, and I can read the chip with SPI, but JTAG access, debugging, and verifying memory contents has been disabled, and the the LB1 and LB2 lock-bits have been set, so its not possible anymore to change any fuse settings, unless you completly erase the chip first. Reading the flash & eeprom contents with the current settings returns garbage (i.e FFFF FFFF )for the complete memory contents
Reply With Quote
  #6  
Old 11-08-2023, 22:51
Dr.FarFar's Avatar
Dr.FarFar Dr.FarFar is offline
Family
 
Join Date: Oct 2021
Location: Egypt ( ❤️ Palestine ❤️ )
Posts: 162
Rept. Given: 16
Rept. Rcvd 39 Times in 29 Posts
Thanks Given: 205
Thanks Rcvd at 539 Times in 145 Posts
Dr.FarFar Reputation: 39
Lightbulb Introduction to Embedded Systems Security and Reverse Engineering (Chinese)

Introduction to Embedded Systems Security and Reverse Engineering (Chinese)
Quote:
hxxps://zhuanlan.zhihu.com/p/49831082
Reply With Quote
The Following 3 Users Say Thank You to Dr.FarFar For This Useful Post:
ahmadmansoor (11-10-2023), mk9992 (09-08-2024), tonyweb (11-11-2023)
  #7  
Old 11-08-2023, 22:53
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 163
Rept. Given: 5
Rept. Rcvd 9 Times in 8 Posts
Thanks Given: 4
Thanks Rcvd at 24 Times in 20 Posts
rcer Reputation: 9
Smile

O.K. I will check this out
Reply With Quote
  #8  
Old 11-09-2023, 04:26
Trit0n Trit0n is offline
Family
 
Join Date: Sep 2011
Location: +47.xxxx / +8.xxxx
Posts: 232
Rept. Given: 57
Rept. Rcvd 89 Times in 49 Posts
Thanks Given: 87
Thanks Rcvd at 135 Times in 56 Posts
Trit0n Reputation: 89
This is generally a very, very interesting topic!
But the page hxxps://zhuanlan.zhihu.com/p/49831082 is a bit too *Chinese" for me (purely linguistically).
Can someone translate it into English?
(I have problems with the translation and probably not only me)
Would be worth a new entry in the "General" category of Exetools ?
Example: "Reversing embedded systems" (Little hint for the admins)
Would surely enrich the forum ?
(Maybe we could vote on it, if the topic would be desired)
Reply With Quote
The Following 2 Users Say Thank You to Trit0n For This Useful Post:
ahmadmansoor (11-10-2023), binarylaw (11-14-2023)
  #9  
Old 11-09-2023, 22:51
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 163
Rept. Given: 5
Rept. Rcvd 9 Times in 8 Posts
Thanks Given: 4
Thanks Rcvd at 24 Times in 20 Posts
rcer Reputation: 9
Quote:
Originally Posted by Trit0n View Post
This is generally a very, very interesting topic!
But the page hxxps://zhuanlan.zhihu.com/p/49831082 is a bit too *Chinese" for me (purely linguistically).
Can someone translate it into English?
(I have problems with the translation and probably not only me)
Would be worth a new entry in the "General" category of Exetools ?
Example: "Reversing embedded systems" (Little hint for the admins)
Would surely enrich the forum ?
(Maybe we could vote on it, if the topic would be desired)
I have the same problem with translation, also without registering it seems that you cannot query anything.

I know that exetools is the lead forum for software hacking/reversing, and in general not geared towards hardware hacking/reversing, but it would be nice if this could be added/implemented, because there are a lot of very knowledgeable members on this forum who could assist/help less skilled members
Reply With Quote
The Following User Says Thank You to rcer For This Useful Post:
binarylaw (11-14-2023)
  #10  
Old 11-10-2023, 19:02
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Coder
 
Join Date: Feb 2006
Location: Syria
Posts: 1,047
Rept. Given: 514
Rept. Rcvd 374 Times in 142 Posts
Thanks Given: 375
Thanks Rcvd at 410 Times in 119 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Thumbs up

Quote:
Originally Posted by Trit0n View Post
This is generally a very, very interesting topic!
But the page hxxps://zhuanlan.zhihu.com/p/49831082 is a bit too *Chinese" for me (purely linguistically).
Can someone translate it into English?
(I have problems with the translation and probably not only me)
Would be worth a new entry in the "General" category of Exetools ?
Example: "Reversing embedded systems" (Little hint for the admins)
Would surely enrich the forum ?
(Maybe we could vote on it, if the topic would be desired)
to be honest, I am thinking about this too, but we need to know how many people are interest in this topic so we can open it.
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
The Following 3 Users Say Thank You to ahmadmansoor For This Useful Post:
binarylaw (11-14-2023), Dr.FarFar (11-13-2023), Trit0n (11-15-2023)
  #11  
Old 11-14-2023, 14:13
binarylaw binarylaw is offline
Friend
 
Join Date: Jul 2019
Posts: 42
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 430
Thanks Rcvd at 10 Times in 7 Posts
binarylaw Reputation: 0
Quote:
Originally Posted by ahmadmansoor View Post
to be honest, I am thinking about this too, but we need to know how many people are interest in this topic so we can open it.
I would love this, as well.

Quote:
Originally Posted by rcer View Post
That is a really interesting and amazing story.
Poor Thomas must have nightmares about his locked-away fortune
What's odd is how he ignores the very ones who have cracked it. I suspect this motivation may be financial: if they can do it, surely others out there can do it too ...and for cheaper cost.
Reply With Quote
  #12  
Old 11-11-2023, 20:33
tonyweb tonyweb is offline
Family
 
Join Date: Jan 2009
Posts: 190
Rept. Given: 193
Rept. Rcvd 95 Times in 36 Posts
Thanks Given: 1,996
Thanks Rcvd at 299 Times in 122 Posts
tonyweb Reputation: 95
Quote:
Originally Posted by Trit0n View Post
But the page hxxps://zhuanlan.zhihu.com/p/49831082 is a bit too *Chinese" for me (purely linguistically).
Can someone translate it into English?
Attached you can find an english-translated version (google).
Hope this helps.

P.S. Apologies if you weren't meaning you need a translated page.
__________________
Want to learn unpacking ... but I'm too stupid
Reply With Quote
The Following 5 Users Say Thank You to tonyweb For This Useful Post:
ahmadmansoor (11-12-2023), Antonio (11-12-2023), binarylaw (11-14-2023), chants (11-12-2023), Trit0n (11-15-2023)
  #13  
Old 11-12-2023, 00:38
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 648
Rept. Given: 111
Rept. Rcvd 14 Times in 13 Posts
Thanks Given: 237
Thanks Rcvd at 246 Times in 158 Posts
bolo2002 Reputation: 14
Quote:
Originally Posted by tonyweb View Post
Attached you can find an english-translated version (google).
Hope this helps.

P.S. Apologies if you weren't meaning you need a translated page.
pdf converted in case...
__________________
I like this forum!
Reply With Quote
The Following 4 Users Say Thank You to bolo2002 For This Useful Post:
ahmadmansoor (11-12-2023), chants (11-12-2023), tonyweb (11-12-2023), Trit0n (11-15-2023)
  #14  
Old 11-10-2023, 19:42
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 805
Rept. Given: 42
Rept. Rcvd 50 Times in 31 Posts
Thanks Given: 715
Thanks Rcvd at 1,113 Times in 514 Posts
chants Reputation: 51
Interesting article on a real world example:

Quote:
https://www.wired.com/story/unciphered-ironkey-password-cracking-bitcoin/
Quote:
To fully reverse engineer the device, Unciphered scanned an IronKey with a CT scanner, then began the elaborate surgery necessary to deconstruct it. Using a precise laser cutting tool, they carved out the Atmel chip that serves as the USB stick's “secure enclave” holding its cryptographic secrets. They bathed that chip in nitric acid to “decap” it, removing the layers of epoxy designed to prevent tampering. They then began to polish down the chip, layer by layer, with an abrasive silica solution and a tiny spinning felt pad, removing a fraction of a micron of material from its surface at a time, taking photos of each layer with either optical microscopes or scanning electron microscopes, and repeating the process until they could build a full 3D model of the processor.

Because the chip's read-only memory, or ROM, is built into the layout of its physical wiring for better efficiency, Unciphered's visual model gave it a head start toward deciphering much of the logic of the IronKey's cryptographic algorithm. But the team went much further, attaching tenth-of-a-millimeter gauge wires to the secure element’s connections to “wiretap” the communications going into and out of it. They even tracked down engineers who had worked on the Atmel chip and another microcontroller in the IronKey that dated back to the 1990s to quiz them for details about the hardware. ...

That cracking process culminated in July, when Unciphered's team gathered at an Airbnb in San Francisco. They describe standing around a table covered with millions of dollars’ worth of lab equipment when a member of the team read out the contents of a decrypted IronKey for the first time.
Reply With Quote
The Following 3 Users Say Thank You to chants For This Useful Post:
ahmadmansoor (11-12-2023), binarylaw (11-14-2023), tonyweb (11-11-2023)
  #15  
Old 11-10-2023, 20:21
dion dion is offline
game tech
 
Join Date: Jan 2002
Posts: 173
Rept. Given: 16
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 9
Thanks Rcvd at 13 Times in 8 Posts
dion Reputation: 2
i guess, maybe the most recent tech i know is decap. there is also glitch based exploit, but that is very rare information.
Reply With Quote
The Following 3 Users Say Thank You to dion For This Useful Post:
binarylaw (11-14-2023), chants (11-12-2023), tonyweb (11-11-2023)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 07:41.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )