In this post we discuss how to commuinicate with an unsupported chip using OpenOCD and review how to write flash programming algorithms in OpenOCD. We also demonstrate how to flash custom firmware to the target device.| VoidStar Security Blog
One of the most common questions that I get during a training is: “What do we need to build out an initial hardware hacking lab?” Of course, the answer to this question can be heavily tailored based on the goals of the team and their targets, but I wanted to …| VoidStar Security Blog
This post aims to provide a road map and example of how to replicate a fault injection attack and the hurdles and shortcomings that can occur when attempting to do so. Furthermore, by outlining the process of replicating one of these attacks, we hope that readers come away from this post more confident in generating their own fault injection attacks or replicating pre-existing work.| VoidStar Security Blog
With this post, I hope to explain how to set up a development environment for the latest Ghidra release on Ubuntu 20.04. After following the steps outlined below, we will have the ability to write, debug and export custom Ghidra plugins, modules, and scripts.| VoidStar Security Blog
With this post we review Ghidra's built-in debugger and walk through how to use it on a simple ARM target| VoidStar Security Blog
With this post we cover and review our free four session Ghidra course| VoidStar Security Blog
In this post, I want to demonstrate and explain the following, Using pre-existing Ghidra scripts to aid in your analysis, Writing your own scripts to automate analysis tasks,Utilize and emulate Ghidra's intermediate language PCode to aid in your analysis| VoidStar Security Blog
To follow up on my last post about SWD and hardware debugging, I wanted to do a deep dive into JTAG from a reverse-engineering perspective. The previous post received a lot of great feedback and it seems that people are interested in this topic, so I wanted to continue the series and expand upon another hardware debugging mechanism. For those who are unfamiliar, JTAG is a hardware level debugging mechanism that many embedded CPUs utilize, with this post I hope to explain how to approach JTAG ...| VoidStar Security Blog
In my last post, we managed to dump the firmware off of an Xbox One controller by using the Single Wire Debug interface. Now that we have the firmware image as well as the target CPU determined, we can load it into Ghidra and attempt to learn more about how it works. For this post, we are focusing on learning more about how the firmware image works by writing a proper Ghidra loader and reviewing the USB stack.| VoidStar Security Blog
With this post we provide an introduction to OpenOCD and how to use it to communicate with an unknown target that uses SWD| VoidStar Security Blog
This post covers the basics of manually extracting data from I2C and parellel flash interfaces. We will use commodity tools to extract data from our exemplar targets and learn more about how they work.| VoidStar Security Blog
In previous posts, we've gone over how to tear down Arcade cabinets containing SPI Flash as well as how to dissect the data that was extracted from the Rom. With this next series of posts, I'd like to take the concepts we talked about on those platforms and demonstrate them on a more popular platform With this post our goal will be to extract the firmware from the platform and locate and type of debugging if possible (UART,JTAG,etc). We will explore multiple ways of attempting to extract the ...| VoidStar Security Blog
When reverse engineering an embedded system that is Linux based, one often wishes that they had an examplar system that could be virtualized, if only to gain familiarity with the nuances of the specific kernel version or to learn more about the running applications without needing the native hardware. Make no mistake, this is a bit of a pipe dream when working with bespoke embedded systems, but if you're working with a more generalized system (or if you just want to quickly spin up a Linux sy...| VoidStar Security Blog
The Tricore CPU architecture is commonly found in automotive embedded systems, often running an RTOS or even just bare metal firmware. This post will go over setting up an entry level toolchain for the Tricore architecture under Linux, and how we can use this toolchain when reverse engineering automotive platforms. We will also go over and provide a very simple bare metal loader.| VoidStar Security Blog
Hacking a Low-Cost Electric Toothbrush| Voidstar Security Research Blog
Configuring a Raspberry Pi for Hardware Hacking| Voidstar Security Research Blog
JTAG for Reverse Engineers| Voidstar Security Research Blog
Yearly review for VoidStar Security LLC| Voidstar Security Research Blog
Description of the on-site course at Leahy Center| Voidstar Security Research Blog
This blog entry aims to familiarize readers with locating an active UART on a target system, how to approach a UBoot console, and ultimately how to leverage both of these components to extract the flash memory from our target. After reading this, readers will be familiar with the screen utility the depthcharge python3 libraries.| VoidStar Security Blog
This post reviews some of the tools needed when setting up a lab for reverse engineering embedded systems. There will be two sections, one for hardware tools and one for software tools. After reading this blog post, the reader should know what is needed to set up an introductory lab for reverse engineering embedded systems and firmware images.| VoidStar Security Blog