Extracting Firmware from Embedded Devices (SPI NOR Flash) ⚡
562,567
Published 2022-09-09
flashback.sh/training
One of the first things you have to do when hacking and breaking embedded device security is to obtain the firmware. If you're lucky, you can download it from the manufacturer's website or, if you have a shell, you can just copy it over to your computer.
But what if none of these options are available?
In this video, we will show you how you can connect directly to a NOR flash chip with the SPI protocol to dump the firmware and find your vulns, even if off the shelf tools don't work!
00:00 Intro
00:40 Technical Introduction
01:55 Flash Memory Types
03:51 NOR Flash
06:25 SPI Protocol
07:55 Our Training
09:27 Logic Analyzer
12:04 How SPI Works
13:53 Firmware Extraction
Did you enjoy this video? Then follow us on Twitter, and subscribe to our channel for more awesome hacking videos.
~ Flashback Team
flashback.sh/
twitter.com/FlashbackPwn
All Comments (21)
-
Really informative video, thank you! Sadly I see there will be fewer and fewer devices "hackable" in the near future as more and more manufacturers (especially of routers / e.g. DOCSIS 3.1) start using hardware based encryption technology for their ROM. With little to no possibility to ever read extracted data. What do you think about this?
-
Everything is explained clearly without wasting time or over-explaining. Well done.
-
Please never delete this video, it's very helpful.
-
Very helpful for someone like myself just beginning to understand this stuff. Explaining the function and description of terminology is something i would normally have to do significant research for.
-
Damn this channel is so underrated.. just stumbled upon this while scrolling but definitely gonna stay for more .. Thanks for explaining this so well!
-
I will use this information to fix my kitchen stove as it had a rom checksum error. $400 is way to much for a control board. HACK THE PLANET. RIGHT TO REPAIR.
-
So dope that you guys put this out for free. If it was near me I would totally attend your in-person training. A paid virtual event would also be awesome.
-
FYI: most routers are linux-based (e.g. Huawei created their own distro called "Dopra"), which means if you lucky then the flash isn't encrypted and you can mount EXT filesystem from it
-
I'd propose that while getting firmware images from a manufacturer's website is the easiest path, it still leaves the question of whether the firmware on the device is the same that is currently flashed to the device. While higher risk, and effort, pulling the firmware from the device is the most deterministic way to get the current firmware.
-
Thank you for explaining this for those who are trying to get into this line of work but find it difficult to do so. Keep up the great work!!!
-
More information than from my technical degree in a few minutes
-
Your videos are the best! Please don't stop making the tutorials! Thank you.
-
impressive stuff guys. I'm just getting started with electrical engineering. I've been seeing that a lot of intelligence agencies like to play games with each other at this level. It's all really fascinating.
-
WOW mind blow stunmbled on this channel and glued to the screen...
-
I'll be promoting you guys in all the forums I'm in ... STARTING with this video!!
-
You should consider offering a recorded ‘on demand’ version of the course. I would buy it!
-
Please regularly upload such a knowledgeable videos. After long time I am watching your videos. Love from India 🙏
-
I applaud your patience. My method of IoT “hacking” involves only two steps. Search, then destroy. I may start posting my handywork on another platform.
-
Damn this channel is a hidden gem
-
wow.... this is one of the most fascinating videos I've ever seen on YT....
