In this post we discuss how to commuinicate with an unsupported chip using OpenOCD and review how to write flash programming algorithms in OpenOCD. We also demonstrate how to flash custom firmware to the target device.

In our last post, we reviewed how to use the pi-gen tool to generate an image for a Raspberry Pi that is pre-configured with many tools needed for basic hardware hacking. In this post, we will start using them on our first target.

With this post we provide an introduction to a three part series on hardware hacking and how to use a Raspberry Pi as a hardware hacking multitool. This post covers how to configure the Raspberry Pi and describes the first target that we will be using for the series

With this blog post, we'll introduce the PiFex, a basic companion board for the Raspberry Pi designed to teach users the basics of hardware hacking and embedded protocols. We will then demonstrate how to use the PiFex to access a JTAG tap on an undocumented SSD, allowing memory reads and GDB access to the SSD CPU.

One of the most common questions that I get during a training is:

“What do we need to build out an initial hardware hacking lab?”

Of course, the answer to this question can be heavily tailored based on the goals of the team and their targets, but I wanted to …

This blog entry aims to familiarize readers with locating an active UART on a target system, how to approach a UBoot console, and ultimately how to leverage both of these components to extract the flash memory from our target. After reading this, readers will be familiar with the screen utility the depthcharge python3 libraries.

This post reviews some of the tools needed when setting up a lab for reverse engineering embedded systems. There will be two sections, one for hardware tools and one for software tools. After reading this blog post, the reader should know what is needed to set up an introductory lab for reverse engineering embedded systems and firmware images.

To follow up on my last post about SWD and hardware debugging, I wanted to do a deep dive into JTAG from a reverse-engineering perspective. The previous post received a lot of great feedback and it seems that people are interested in this topic, so I wanted to continue the series and expand upon another hardware debugging mechanism. For those who are unfamiliar, JTAG is a hardware level debugging mechanism that many embedded CPUs utilize, with this post I hope to explain how to approach JTAG from a reverse engineers perspective and provide some practical examples along the way.

With this post we provide an introduction to OpenOCD and how to use it to communicate with an unknown target that uses SWD

This post covers the basics of manually extracting data from I2C and parellel flash interfaces. We will use commodity tools to extract data from our exemplar targets and learn more about how they work.