Debugging UCSI firmware failures

( Original text by Rajib Dutta ) Background The UCSI driver in Windows communicates with the firmware UCSI component (called PPM or Platform Policy Manager) through the spec-defined command notification interfaces. While driver failures can be tracked using Windows Error Reporting or WER and driver traces, the firmware may run into failures as well which might […]

Read More

Brief reverse engineering work on FIMI A3

( Original text by Konrad Iturbe ) This is the start of a new series on reverse engineering consumer products, mainly to enhance their use but also to expose data leaks and vulnerabilities. Something caught my eye last week. Xiaomi-backed FIMI, a Shenzhen company, released a drone. I tend to avoid most cheap drones since they […]

Read More

Reversing ESP8266 Firmware (Part 6)

( original text by @boredpentester ) At this point we’re actually reversing ESP8266 firmware to understand the functionality, specifically, we’d like to understand what the loop function does, which is the main entry point once booted. Reversing the loop function I’ve analysed and commented the assembly below to detail guessed ports, functions and hostnames: 01 02 03 04 05 […]

Read More

Reversing ESP8266 Firmware (Part 4)

( original text by @boredpentester ) Writing an IDA loader So, why a loader? The main reason was that I wanted something I could re-use when reversing future ESP8266 firmware dumps. Our loader will be quite simple. IDA loaders typically define the following functions: 1 2 def accept_file(li, n): def load_file(li, neflags, format): The first […]

Read More

Reversing ESP8266 Firmware (Part 3)

( original text by @boredpentester ) What is it? So, what is the ESP8266? Wikipedia describes it as follows: The ESP8266 is a low-cost Wi-Fi microchip with full TCP/IP stack and microcontroller capability produced by Shanghai-based Chinese manufacturer, Espressif Systems. Moreover, Wikipedia alludes to the processor specifics: Processor: L106 32-bit RISC microprocessor core based on the Tensilica […]

Read More

Reversing ESP8266 Firmware (Part 2)

( original text by @boredpentester ) Initial analysis As with any unknown binary, our initial analysis will help to uncover any strings that may allude to what we’re looking at, as well as any signatures within the file that could present a point of further analysis. Lastly, we want to look at the hexadecimal representation […]

Read More

Reversing ESP8266 Firmware (Part 1)

( original text by @boredpentester ) During my time with Cisco Portcullis, I wanted to learn more about reverse engineering embedded device firmware. This six-part series was written both during my time with Cisco Portcullis, as well in my spare time (if the tagline of this blog didn’t give that away). This series intends to detail […]

Read More