Debug UEFI code by single-stepping your Coffee Lake-S hardware CPU
Read More
Метка: firmware
Debugging UCSI firmware failures
( Original text by Rajib Dutta ) Background The UCSI driver in Windows communicates with the firmware UCSI component (called PPM or Platform Policy Manager) through the spec-defined command notification interfaces. While driver failures can be tracked using Windows Error Reporting or WER and driver traces, the firmware may run into failures as well which might […]
Read MoreInsecure Firmware Updates in Server Management Systems
( Original text by Eclypsium ) Supermicro BMC Case Study Baseboard Management Controllers (BMCs) are high-value targets to attackers, who can use the out-of-band management features of the BMC to compromise servers even below the level of the host OS and system firmware. BMCs are currently an area of active research for both attackers and defenders. […]
Read MoreBrief reverse engineering work on FIMI A3
( Original text by Konrad Iturbe ) This is the start of a new series on reverse engineering consumer products, mainly to enhance their use but also to expose data leaks and vulnerabilities. Something caught my eye last week. Xiaomi-backed FIMI, a Shenzhen company, released a drone. I tend to avoid most cheap drones since they […]
Read MoreReversing ESP8266 Firmware (Part 6)
( original text by @boredpentester ) At this point we’re actually reversing ESP8266 firmware to understand the functionality, specifically, we’d like to understand what the loop function does, which is the main entry point once booted. Reversing the loop function I’ve analysed and commented the assembly below to detail guessed ports, functions and hostnames: 01 02 03 04 05 […]
Read MoreReversing ESP8266 Firmware (Part 5)
( original text by @boredpentester ) Recognising VTABLE’s After analysing our firmware image to some degree, it becomes clear that vtables are in use. 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 […]
Read MoreReversing ESP8266 Firmware (Part 4)
( original text by @boredpentester ) Writing an IDA loader So, why a loader? The main reason was that I wanted something I could re-use when reversing future ESP8266 firmware dumps. Our loader will be quite simple. IDA loaders typically define the following functions: 1 2 def accept_file(li, n): def load_file(li, neflags, format): The first […]
Read MoreReversing ESP8266 Firmware (Part 3)
( original text by @boredpentester ) What is it? So, what is the ESP8266? Wikipedia describes it as follows: The ESP8266 is a low-cost Wi-Fi microchip with full TCP/IP stack and microcontroller capability produced by Shanghai-based Chinese manufacturer, Espressif Systems. Moreover, Wikipedia alludes to the processor specifics: Processor: L106 32-bit RISC microprocessor core based on the Tensilica […]
Read MoreReversing ESP8266 Firmware (Part 2)
( original text by @boredpentester ) Initial analysis As with any unknown binary, our initial analysis will help to uncover any strings that may allude to what we’re looking at, as well as any signatures within the file that could present a point of further analysis. Lastly, we want to look at the hexadecimal representation […]
Read MoreReversing ESP8266 Firmware (Part 1)
( original text by @boredpentester ) During my time with Cisco Portcullis, I wanted to learn more about reverse engineering embedded device firmware. This six-part series was written both during my time with Cisco Portcullis, as well in my spare time (if the tagline of this blog didn’t give that away). This series intends to detail […]
Read More
Для отправки комментария необходимо войти на сайт.