Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update spi.md with images and information about firmware dumping

Browse source
This commit is contained in:
Aditya Patil 2024-04-08 18:53:31 +05:30 committed by GitHub
parent 3f0e9abcd0
commit f61f29d88d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 14 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
todo/hardware-hacking/spi.md
View file

@ -34,17 +34,27 @@ Also, during red reaming and getting physical access to devices, dumping the fir
This device is an inexpensive tool for dumping firmwares from EEPROMs and also reflashing them with firmware files. This has been a popular choice for working with computer BIOS chips (which are just EEPROMs). This device connects over USB and needs minimal tools to get started. Also, it usually gets the task done quickly, so can be helpful in physical device access too.
![](<../../.gitbook/assets/board_image_ch341a.jpg>)
<img src="../../.gitbook/assets/board_image_ch341a.jpg" alt="drawing" width="400" align="center"/>
Connect the EEPROM memory with the CH341a Programmer and plug the device into the computer. Incase the device is not getting detected, try installing drivers into the computer. Also, make sure that the EEPROM is connected in proper orientation (usually, place the VCC Pin in reverse orientation to the USB connector) or else, the software would not be able to detect the chip. Refer to the diagram if required:
![](<../../.gitbook/assets/connect_wires_ch341a.jpg>)
<img src="../../.gitbook/assets/connect_wires_ch341a.jpg" alt="drawing" width="350"/>
![](<../../.gitbook/assets/eeprom_plugged_ch341a.jpg>)
<img src="../../.gitbook/assets/eeprom_plugged_ch341a.jpg" alt="drawing" width="350"/>
Finally, use softwares like flashrom, G-Flash (GUI), etc. for dumping the firmware. G-Flash is a minimal GUI tool is fast and detects the EEPROM automatically. This can be helpful in the firmware needs to be extracted quickly, without much tinkering with the documentation.
![](<../../.gitbook/assets/connected_status_ch341a.jpg>)
<img src="../../.gitbook/assets/connected_status_ch341a.jpg" alt="drawing" width="350"/>
After dumping the firmware, the analysis can be done on the binary files. Tools like strings, hexdump, xxd, binwalk, etc. can be used to extract a lot of information about the firmware as well as the whole file system too.
To extract the contents from the firmware, binwalk can be used. Binwalk analyses for hex signatures and identifies the files in the binary file and is capabale of extracting them.
```
binwalk -e <filename>
```
The <filename> can be .bin or .rom as per the tools and configurations used.
{% hint style="danger" %} Note that firmware extraction is a delicate process and requires a lot of patience. Any mishandling can potentially corrupt the firmware or even erase it completely and make the device unusable. It is recommended to study the specific device before attempting to extract the firmware. {% endhint %}