Skip to main content

Dumping the Firmware from the device Using buspirate


One of the best way to get the firmware from the hardware


While doing penetration testing there are scenarios in which we need to dump the firmware from the devices.This method is typically used when there are no firmware’s available from vendor site. Today we are going to show you how to dump the firmware from an Wireless router Binatone DT 850W
Software and hardware Requirements:

  • Buspirate
  • Ubuntu 16.04 or any other Linux machine
  • Flashrom tool
  • SOIC cable pin 8
  • Buspirate connectors



             
This is a Wireless router from Binatone DT 850W which will be used as an example for dumping the firmware.

Let’s us Analyze the Inside Device.You can see IC chips like EEPROM, UART pins and Ralink CPU and also some Other IC chips Let us focus mainly on the EEPROM chip (winbond W25Q16).
What is EEPROM:
EEPROM (also written E2PROM and pronounced “e-e-prom”, “double-e-prom” or “e-squared-prom”) stands for electrically erasable programmable read-only memory and is a type of non-volatile memory used in computers and other electronic devices to store relatively small amounts of data but allowing individual bytes to be erased and reprogrammed.This is the chip we need to read to dump the firmware.

To read EEPROM chip we required Buspirate and SOIC Pin 8 connector which can be used to connect the interfaces to the device.


This is how Buspirate and SOIC Pin 8 connector looks like.

To Interface bus pirate with the EEPROM chips we need to clearly identify the pins and their corresponding colour codes. we can easily determine the required pins with colour combination

Give the connection to EEPROM chip to SOIC pin8 cable

While giving the connection RED wire must be connecting to pin 1 EEPROM chip , There is round mark on the chip to recognise the pin 1 on EEPROM , as shown below picture

Connect the SOIC cable to Buspirate Pins according to below picture

Use this extra connector to SOIC cable to identify the pins easily




After giving the connections Buspirate to SOIC pin 8 will be looks like this,

Before we are going to dumping the firmware, we have to check the connections of SOIC Cable, buspirate and EEPROM are connected properly

VREG and PWR are blinking on the buspirate which means connections established perfectly as shown below


Make sure you already connected to buspirate , to verify observe PWR led light is turned on the buspirate

Step 1

$sudo flashrom –p buspirate_spi:dev=/dev/ttyUSB0

To identifying the EEPROM chip


Step 2:

To dumping the firmware from the chip

$sudo flashrom –p Buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M –c (Chip name)  –r (Name.bin)




Comments

Popular posts from this blog

Firmware analysis Basic Approach

OWASP IoT I9: Insecure Software/Firmware, But here Our main concern is Firmware.
Testing Methodology:• Get the firmware• Reconnaissance• Unpacking• Localize point of interest• Decompile/pentest/fun!What are the requirements i will explain step by step. Here i am using the Ubuntu Xenial 16.04 you can use which Linux is comfortable with you.
Requirements:
1.Binwalk 2.Strings 3.Hexeditor 4.Linux OS - Ubuntu or Any other 5.Vulnerable firmware
So here i am not attacking any device directly because for firmware you will get from the vendor site or you can find some firmware in index of some sites.
Installation:
1.Binwalk:
as shown below And follow the installation steps from the Github location some dependencies need to be install. Some of them i will show how to do and remaining check from here
https://github.com/ReFirmLabs/binwalk/blob/master/INSTALL.md $sudo apt-get install binwalk




2.Strings:
After installation in the Binwalk in my Linux operating OS so next strings already default many Linux system…

Surfing Network build on TOR / VPN Raspberry pi 3

Browsing AnonymouslyBy 
Nirmal Balaji

In the latest technology people used to bring the smart devices like laptops mobile phones andtablets. people used to connect the various methods to access the internet. The most challenging one in the society is security but nowadays   is not secured . like there are many reasons while transferring the data from the one computer to the another computer the encrypted format is not available only the few people who are knowledgeable they can understand the things and secure  the network. nowadays only the point level are secured. remaining all unsecured .Network may take away our freedomofbrowsingby blocking the different websites. all these problems can be solved by setting up the VPN networkmeans virtual private network virtual private network is encryption that is security two different networks together using public telecommunication such as an internet. To establish and  Networkone needs to connect the server
This paper presentation about the cr…