Questions tagged [firmware-analysis]
The firmware-analysis tag has no summary.
519 questions
0
votes
0
answers
27
views
Annotating I/O address space addresses and bits
I'm trying to reverse engineer an old embedded system that has a NEC v40 on it, which is very similar to an 80186 (more like 80188) I guess. As a member of the x86 family, it has a separate I/O memory ...
- 101
0
votes
0
answers
69
views
Reverse engineering of firmware update files for Crumar Mojo Classic
Hello all,
The Crumar Mojo Classic is a type of organ (the musical kind, not the body kind) that tries to emulate the old Hammond/B3 organ sounds that are well known from Rock, Jazz et cetera as ...
- 1
0
votes
0
answers
42
views
MCU processor name for MG5 instrument clustering
This MCU processor has 144 LQFP pins.
It is used in the MG5 instrument clustering (Automotive).
This MCU processor has the following label on the top and board is VIKEER:
1402
CFAK0132B
I checked pins ...
2
votes
1
answer
95
views
MC6809 disassemble problem related to reset vector. Appears to stop Ghidra finding code
I have a late 1980s item of test equipment Electro-Metrics EMC30 rf emc receiver running a MC6809 processor. I am trying to use Ghidra to reverse engineer the binary code to assembler but I have ...
- 31
2
votes
1
answer
79
views
Identify an unknown attached signature algorithm
I have a collection of both signed and unsigned firmware images for a device (of which the bootloader seems to require the signed images).
I also have what I think may be the signing key (a 256-bit EC ...
- 141
0
votes
0
answers
75
views
How do I find the decryption key of an android app using Frida?
I've been reverse-engineering an Android app for a set of Bluetooth headphones, and my goal is to find the keys to decrypt the firmware. I obtained the firmware by intercepting the traffic between the ...
- 1
0
votes
0
answers
69
views
How to find the code blocks in the firmware image
I have a very old PLC firmware. I also have a MAP file in which the addressing of program memory and data is painted, this file indicates the offset from the beginning for each variable and label, as ...
- 1
1
vote
0
answers
59
views
I can't access the admin page in my router, is there a way to install a new firmware? router model : ZTE ZXHM F6600P
I wanted to turn my router into an AP, but apparently the option to activate it has been locked by my ISP, since I can't access the 192.168.0.1 page, I can only log in 192.168.11.1 as a user. After I ...
- 11
0
votes
1
answer
65
views
RAM and Registers Analysis EMS3150 ECU TriCore TC1767
I extracted the firmware of an EMS3150 ECU, TC1767 chip.
I analysed the binary with the help of a hex editor and the TC1767 manual.
I managed to successfully load the binary in IDA Pro, with correct ...
- 128
0
votes
0
answers
55
views
Going from NAND dump to firmware update package
I.... Have no idea what I'm doing.
So, I did a full NAND dump of an Actions ATJ2257 based MP4 player (url: https://archive.org/details/eclipse-t-2810-c.-7z) and I want to recreate the ".fw" ...
- 179
0
votes
0
answers
42
views
Monopoly ultimate banking / Monopoly voice banking
I have considered buying these games but i've seen reviews about the monotony of them after a few games.
Is there any info about the technical details of these games like the microcontroller or ...
- 1
0
votes
0
answers
53
views
I extracted a file from inside the dump that contains the serial number and I need to analyze it
I extracted a file from inside the dump that contains the serial number and I need to analyze it
I want to unpack and compress this encrypted file after modifying it
2
votes
1
answer
212
views
Firmware extraction of U-boot : No filesystem found via binwalk + relation between MTD partitionning and NAND subsystem
I recently extracted the firmware (u-boot system) from an old Sagemcom router and analyzed it using the binwalk utility for a personal reverse engineering project.
Despite identifying a root ...
- 41
0
votes
0
answers
57
views
The dumb dvr performs factory settings automatically and does not save the settings
I have a DVR device from Hikvision that does not save any changes or settings, and when it is restarted, it returns to the factory state... I tried another dump, not from the same brand name, and it ...
0
votes
0
answers
54
views
NxP3143 Uboot encrypted image and roots help
I have an encrypted firmware based on 2 files uImage (kernel) and rootfs (filesystem) and I have got the encryption keys from someone who cracked it. However I don’t know where to start so I can mount ...
- 51
1
vote
0
answers
66
views
Finding JTAG/UART Connections on smart doorbell
Trying to dump firmware of this device. I can't find the UART/JTAG connections.
I've searched over it for awhile now; I feel like I must just be missing something.
- 11
1
vote
0
answers
190
views
Help Extracting a CramFS filesystem from .img binary
I'm trying to extract a CramFS filesystem from a firmware binary for the FVS318Gv2. It downloads as a .zip file that can be decompressed to reveal a firmware .img file and a readme.htm. Running ...
- 11
2
votes
2
answers
337
views
Firmware disassembler for c-sky processor (ck803s)
can you tell me why objdump does not correctly disassemble the firmware for the C-SKY (ck803s) processor? what is .long: between the lines, unknown instructions? or am I setting the parameters for ...
- 53
0
votes
0
answers
104
views
Extracting KIA care update firmware
I have a new KIA sportage NQ5 car. Now I want to enable wifi and turn on ADB so I can install custom app and use AA Wireless or Carplay wireless. Sadly, the old trick to access android setting app ...
1
vote
0
answers
154
views
Got access to SWD, but I need to identify the chip
I was able to connect to the chip via SWD/openocd, but I can't figure out what chip it is (says SM9PQ1 2322-52 on chip, googled but cant find anything). I'm hoping to download the firmware after I ...
- 11
1
vote
1
answer
732
views
How can I tell ghidra what structure an address register points to?
I am reversing a raw bare-metal binary firmware for a tricore processor (TC1762/TC1766).
In many functions i'm currently reversing there is access to offsets of the address stored in the a0 register. ...
- 11
0
votes
1
answer
176
views
Bluetooth speaker firmware modification
I don't know if this is the right community to ask this to but I have this speaker and I want to change the startup, shutdown sound effect of it. It is not a chinese BT speaker but a Hama soundbarrel. ...
- 1
2
votes
0
answers
369
views
ZTE F670 V1.1.10P3T21 encrypted config.bin
I want to decrypt config.bin
For this I found in cspd
following code
undefined4 CspDBInitPdtInterface(undefined4 *param_1)
{
dbAddCfgItem(0xffff,0,"/userconfig/cfg/db_user_cfg.xml");
...
- 21
4
votes
0
answers
336
views
remove the computrace by flashing the bios
Is there a way to remove the computrace by flashing the bios or deleting/altering the contents of it? Someone gave me a laptop and I found out that it was not usable because it was equipped with ...
- 81
4
votes
1
answer
175
views
💻 This code does not crash on ARM (qemu). Why?
I found a couple of interesting integer underflows leading to memcpy() wild copies in a TLV parser process of some random IoT firmware. It is 32-bit ARMv7.
I'm able to emulate the userspace process ...
- 61