Hardware RE

Disclaimer

I am not an expert on this subject. I have simply gathered information from a variety of sources (linked at the end) in order to present this information in a digestible way

 

Hopefully we can walk around the really complicated stuff like needing a degree and all...

Embedded Linux

Internet of Things

"The interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data." -Oxford Dictionary

 

We all have them, probably in places we shouldn't...

Embedded Systems

Embedded systems come in a variety of shapes and sizes, but usually in small packages. The firmware can be flat in house created for particular hardware. This becomes difficult to maintain and update when hardware changes so frequently. 

 

This is where embedded linux comes in...

Embedded Linux

Embedded Linux Primer is an excellent resource for learning all the details of embedded linux systems. Of course this is a broad approach and you will have to identify the mechanisms used in your particular case.

 

This is meant as a high level overview, not an everything there is to know about embedded linux. 

Things to know

Storage: There is no need for a HDD or SSD since the operation of a device has isolated use cases. Instead everything that needs to persist is stored on Flash memory.

 

Flash memory is made a variety of ways (block sizes, NAND, NOR, etc.) but the benefit is that its fast reads, and small design. Since the filesystem hardly has to chance the write disadvantage isn't a concern. 

Memory: It is the bootloaders(Uboot) job to load the linux kernel and unpack the file system. Then the filesystem will be mapped on RAM with the kernel and user space. The firmwares can usually be binwalk'ed unpack the filesystem. Then you have to collect shared objects and the busybox/ash binary which is a common shell for these systems for customized interactions with the device.

Basics on IC

Skipping basic Circuit stuff

For the purposes of the material covered here we will not cover basic electrical circuit information, since we will not run into details low enough to require that foundation.

Integrated Circuits

Usually black chips that pin out for interaction with other IC. They vary in size and functionality. Made up of transistors that make gates that we leverage for higher order logic. 

Simple IC example

What do you thing this chip is for?

 

 

What is VCC and GND?

This chip is 4 AND-gates, each with 2 inputs and 1 output.

Voltage common collector, basically power for the chip.

Ground, all circuits need to be grounded. When connecting electrically to any device, you should be grounded on the device first (more in this later)

Identifying Chips

IoT or Embedded systems do not have mass storage devices and ten to be small single board systems. You will often find flash memory used instead of external drives since they are fast and devices do not need to store large amounts of data

Identifying Chips (cont.)

Knowing the devices features should help identify what chips are on a board. Usually Wifi or other broadcasting abilities require dedicated processors for fast digital signals processing (DSP). 

Logic Analysis

The Process

  • First we need to connect to the device in question. This usually means probing connections that we care about

 

  • Second we need to collect data. Perform some test repeatedly until we get good looking data

 

  • Last we need to analyze the results. This may be decoding, verifying, etc.  

saleae logic sofware

Types of Analyzers

  • General Purpose - leads with some probing method, can be used on a variety of devices

 

  • Target Oriented - Usually made to fit to debug ports

 

  • Application specific - This becomes very niche and usually only works on a certain model

Not an Oscilloscope 

Oscilloscopes are used to measure the voltage and waveform of a signal, we only care about how to signal is interpreted. 

 

A 1 or 0 is simply the voltage above or below a threshold at any given sample. Resulting in interpret-able square wave(s).

Serial Interfaces

Async Serial

Simplest communication method, with Tx Rx method of communication. Devices have to agree on certain parameters of the conversation before comm. can be achieved. Framing, Baud Rate, etc.

This is easily implemented and used in communications like UART. This also limits us to one-to-one or one-to-many (with limitations) models. 

I2C

This model allows for more devices to be connected at the same time (1008 slave devices, masters have to take turns). 

More complex than Async Serial, SCL stands for signal clock and SDA is signal data

SPI

Similar to I2C but we have a way to select a slave now, and we can't talk over each other anymore.

 

SCK - Signal clock

MOSI - Master Out Slave In

MISO - Master In Slave Out

SS - Slave select

 

More flexibility in the protocol design over I2C.

Sources

Hardware RE

By Drake P

Made with Slides.com

Hardware RE

Basics and things to know when reversing hardware

  • 268

More from Drake P