I'm always blown away by the ability some people have to disassemble black-box hardware and discover its inner workings. Like reverse-engineering the NAND dump. How would somebody even begin to...
I'm always blown away by the ability some people have to disassemble black-box hardware and discover its inner workings. Like reverse-engineering the NAND dump. How would somebody even begin to learn that skill? I have endless respect for anyone who can dive that deep into it without getting stumped by the stream of opaque data. I consider myself pretty technical but this is humbling.
Work in the embedded industry? :P Basically there is a limited number of popular flash chips that usually interface through spi or i2c. He's just using a tool that can connect to a motherboard...
Like reverse-engineering the NAND dump. How would somebody even begin to learn that skill?
Work in the embedded industry? :P
Basically there is a limited number of popular flash chips that usually interface through spi or i2c. He's just using a tool that can connect to a motherboard i2c/spi/jtag header and has already implemented the protocols for reading/writing these chips, which are all readily available in datasheets. Once you have the image the hard part is getting the correct offsets and then its also straightforward to use something like linux mount to mount the rootfs and start browsing around. (Although they had to switch the endianess of the data first). It also looks like they lucked out a bit and all the offsets where found in a system log.
Its definitely non-trivial, but its not exactly an arcane art either.
Edit: As hardware gets cheaper a lot of today's embedded stuff is running linux, particularily in high-end stuff like automotive displays/routers/cable boxes etc. This looks like it was the case for this router as well. In that case once you have the image you can usually just run fdisk on it, get the parition offsets, and mount without any detective work needed at all.
I'm always blown away by the ability some people have to disassemble black-box hardware and discover its inner workings. Like reverse-engineering the NAND dump. How would somebody even begin to learn that skill? I have endless respect for anyone who can dive that deep into it without getting stumped by the stream of opaque data. I consider myself pretty technical but this is humbling.
Work in the embedded industry? :P
Basically there is a limited number of popular flash chips that usually interface through spi or i2c. He's just using a tool that can connect to a motherboard i2c/spi/jtag header and has already implemented the protocols for reading/writing these chips, which are all readily available in datasheets. Once you have the image the hard part is getting the correct offsets and then its also straightforward to use something like linux
mountto mount the rootfs and start browsing around. (Although they had to switch the endianess of the data first). It also looks like they lucked out a bit and all the offsets where found in a system log.Its definitely non-trivial, but its not exactly an arcane art either.
Edit: As hardware gets cheaper a lot of today's embedded stuff is running linux, particularily in high-end stuff like automotive displays/routers/cable boxes etc. This looks like it was the case for this router as well. In that case once you have the image you can usually just run
fdiskon it, get the parition offsets, and mount without any detective work needed at all.