Great video! At 7:23 for anyone who's following along and is wondering why their memory dump continues way past the expected address. That's because the md utility expects a hex value for its second argument, so in the python interpreter after you've divided flashsize by 4 you should convert it to a hex value using hex().
Love the channel. You explain things in a very understandable way. You DEFINITELY have a future in teaching, if you so choose. A requested topic. Could you do a video talking about "reset" and how its implemented across SW, UART, and JTAG. For instance, most SW connections include a rst pin or pad. Was wondering if you could maybe demonstrate it in action. Keep up the great vids! I'm learning a lot!
Amazon has decent Chinese XLR condenser microphones with XLR to 1/4" adapters included for $29. Please. If you need it I've got a 48v usb phantom power supply. If you don't want to upgrade hardware, at least use Audacity to tweak EQ and nuke some of those crazy mids? Other than that, subbed bro. Good vid. Top notch technical stuff without the typical TH-camr BS and fluff. Hardcore bro.
Hey Matt, I LOVE your vids Please keep it up But I have to admin the mic is very very harsh and the overall volume of the vids is low (which makes it hard to watch on things like TV) I I would suggest to tune on your mic a bit or even buying a completely new one Anyways keep it up, you make great content ❤
Good content! Thank you. Btw if your headset is a Logitech pro X, try improving your mic with the Logitech g hub app. Anyways, I have it and I could never get a good result
At 4:05 i see the line "hit any key to stop autoboot: 0" spamming the whole keyboard before it but still boot up mine is not even count from 1 to 0. how to solve this problem
After extracting all of the flash rom like that. How can I pick only the firmware from it? I want to pick the firmware out, modify it and install it back using tftp. Any help is appreciated..
Trying to parse a dump with the script you wrote and I’m having issues. It only chews threw a few megs of data before it errors out. “python non-hexadecimal number found in fromhex()” Re-writing this code to rust I get the exact same output (at least as far as diff is concerned). Not sure exactly why though 😣 The dumped file from picocom is incomplete (terminal froze after so long - maybe I asked for a bad address range?) but the input is roughly 32 MB and output is ~2.3 MB. I’m very new to embedded but also willing to learn new things. Hope to work thru this issue soon
So if picocom outputs something weird it could affect the script's ability to decode. You can either redo the read or manually look at the text file in the place it errored out and fix it.
@@mattbrwn I want to add a debug statement where it errors but I’m not getting the logic of the loops 100% I guess it’s something I need to fiddle with a bit more. Big brain time 😮💨 Edit: I also don’t have bdinfo in the system so I’m. It sure where to start looking. The bootcmd variable has some addresses that look promising and a few statements say where things are like 32kb of data at some address etc. I tried calling md on it and it has something there but for now I’m still kinda poking around in the dark. Looking to read the flash thru a chip clip and maybe dump that way.
i have ISP's FTTX Modem with RTL8197DN now my isp closed that company. my modem (cts ACX-09) Aks HES3109 ISP Blocked Everything except 1 1gbps lan port . it has uboot . i am pretty noob on this platform . can you help me with this ?
I have a Siarra Wireless cellular router that has firmware for windows control program. The cpu is for Arm At9. There is available a version of linux for this cpu. Could this info be obtained using Linux through the exixting usb port on the board. Would it be possible to erase the flash and install the linux os. I would like to use OpenWRT to control the cellular radio. Thanks for the great content. 🇨🇦
Please check on ubnt switch us48-500w, many of them daying due to firmware boot loop. If you can help to give them new life. Very helpful. I personally need it and so many others as well. I can access u-boot menu. If you can guide me how to install fresh firmware on it.
@@mokran937 Is the bootloader also locked or password protected? Just because secure boot is enabled doesn't necessarily mean you couldn't dump the firmware. some more details about the device would be helpful.
@@mokran937 lol I got the log but can only see your link in the notification. yeah youtube is freaking out. Noticed from the logs this is a Meraki device. Cisco probably takes security pretty seriously on those devices so it might be a hard path forward. If by a long shot they leave JTAG enabled you could try using that to get into the bootloader. Also chip off firmware extraction could be a good try. what flash chip is it running?
uboot is very versatile. One can break out the compressed partitions from the bin or one can use mm and an address and value (in some cases) to bypass encryption.
I have a BLU View 2 (Android device) I picked up for a dirt cheap $25 so I got two. I've been getting myself started with this stuff too. My goal is to unblock fastboot and allow for firmware flashing
Great video! At 7:23 for anyone who's following along and is wondering why their memory dump continues way past the expected address. That's because the md utility expects a hex value for its second argument, so in the python interpreter after you've divided flashsize by 4 you should convert it to a hex value using hex().
Good point. I always forget about that 😂
Love the channel. You explain things in a very understandable way. You DEFINITELY have a future in teaching, if you so choose.
A requested topic. Could you do a video talking about "reset" and how its implemented across SW, UART, and JTAG.
For instance, most SW connections include a rst pin or pad. Was wondering if you could maybe demonstrate it in action.
Keep up the great vids! I'm learning a lot!
Just found your channel! Awesome stuff, just started working with u-boot for a new risc-v board. Your info was awesome and helpful!
Amazon has decent Chinese XLR condenser microphones with XLR to 1/4" adapters included for $29. Please. If you need it I've got a 48v usb phantom power supply. If you don't want to upgrade hardware, at least use Audacity to tweak EQ and nuke some of those crazy mids? Other than that, subbed bro. Good vid. Top notch technical stuff without the typical TH-camr BS and fluff. Hardcore bro.
Hey Matt, I LOVE your vids
Please keep it up
But I have to admin the mic is very very harsh and the overall volume of the vids is low (which makes it hard to watch on things like TV)
I I would suggest to tune on your mic a bit or even buying a completely new one
Anyways keep it up, you make great content ❤
yeah its definitely time for a better mic. I've been swinging between being too loud and too quiet...
i have learned quite a bit watching your videos. thank you. i hope the algorithm picks you soon.
Many thanks! Clear and understandable! Keep up with this kind of videos
Imagine dumping an entire Sega Dreamcast GD Rom like this, that's similar to how it was done initially.
great content, thank Matt
Glad you are enjoying it!
This is extremely helpful and clear info thanks a lot.
Good content! Thank you.
Btw if your headset is a Logitech pro X, try improving your mic with the Logitech g hub app. Anyways, I have it and I could never get a good result
yeah its the Logitech Pro X. I'm looking into a better mic now...
Nice video thanks Matt, I am watching all episodes like on netflix 😊
Please suggest video link how to write this bin files directly from uboot,
I have a Linux system and I want to clone it's nand memory
bom video amigo, qual tecla voce uso para parar o u-boot a tecla voce fica pressionada quando liga o roteador ? e o comando MD ? obigado um abraço.
I press enter.
At 4:05 i see the line "hit any key to stop autoboot: 0" spamming the whole keyboard before it but still boot up mine is not even count from 1 to 0. how to solve this problem
After extracting all of the flash rom like that. How can I pick only the firmware from it? I want to pick the firmware out, modify it and install it back using tftp. Any help is appreciated..
Hello Matt I have a question is the hardware hacking needs to know programming languages?
Is 0x0080...0/4 not just 0x0020...0? Or can only the first argument be in base 16?
Off topic but how'd you add icons to your i3bar?
Trying to parse a dump with the script you wrote and I’m having issues. It only chews threw a few megs of data before it errors out.
“python non-hexadecimal number found in fromhex()”
Re-writing this code to rust I get the exact same output (at least as far as diff is concerned). Not sure exactly why though 😣
The dumped file from picocom is incomplete (terminal froze after so long - maybe I asked for a bad address range?) but the input is roughly 32 MB and output is ~2.3 MB. I’m very new to embedded but also willing to learn new things. Hope to work thru this issue soon
So if picocom outputs something weird it could affect the script's ability to decode. You can either redo the read or manually look at the text file in the place it errored out and fix it.
@@mattbrwn I want to add a debug statement where it errors but I’m not getting the logic of the loops 100% I guess it’s something I need to fiddle with a bit more. Big brain time 😮💨
Edit: I also don’t have bdinfo in the system so I’m. It sure where to start looking. The bootcmd variable has some addresses that look promising and a few statements say where things are like 32kb of data at some address etc. I tried calling md on it and it has something there but for now I’m still kinda poking around in the dark. Looking to read the flash thru a chip clip and maybe dump that way.
Hey! Any chance you can explain how to update firmware with UTART for Uboot based routers? Many thanks!!
Hi,
How to dump firmware huawei e5577s-932?
Thank very for learnning extracting firmware
What distro linux in Computer
Arch Linux
Hey need your help for locking a router firmware to Our systems
@11:01 - "xxd -g 4 -r -seek -0xbf80000" may have also been an option.
Is it possible to upload a firmware that way?
i have ISP's FTTX Modem with RTL8197DN now my isp closed that company. my modem (cts ACX-09) Aks HES3109 ISP Blocked Everything except 1 1gbps lan port . it has uboot . i am pretty noob on this platform . can you help me with this ?
I have a Siarra Wireless cellular router that has firmware for windows control program. The cpu is for Arm At9. There is available a version of linux for this cpu. Could this info be obtained using Linux through the exixting usb port on the board. Would it be possible to erase the flash and install the linux os. I would like to use OpenWRT to control the cellular radio. Thanks for the great content. 🇨🇦
You would have to hook up to the uart onboard and often it already runs linux, just not GNU/Linux. I think its possible but idk the bootloadef
Interesting stuff 👌
i dont have that bdinfo command what i can do
Perhaps try ‘smeminfo’
What's next in the process?, say your end goal was to install openwrt, what would you do next?
If we restore the same firmware dump on the same device. Will it work ? Has anyone tried it ?
awesome
Please check on ubnt switch us48-500w, many of them daying due to firmware boot loop. If you can help to give them new life. Very helpful. I personally need it and so many others as well. I can access u-boot menu. If you can guide me how to install fresh firmware on it.
id like i custom busybox added to it
on a so old 2008 bootloader ... no secure boot...
welcome to IoT!
lol not all of them, i'm facing this right now
U-Boot 2018.01-RELEASE-gb0bd058b3f
Secure boot enabled.
Qualcomm IPQ807x-AC01
any idea ?
@@mokran937 Is the bootloader also locked or password protected?
Just because secure boot is enabled doesn't necessarily mean you couldn't dump the firmware.
some more details about the device would be helpful.
Tried to answer many times
@@mokran937 lol I got the log but can only see your link in the notification. yeah youtube is freaking out.
Noticed from the logs this is a Meraki device. Cisco probably takes security pretty seriously on those devices so it might be a hard path forward.
If by a long shot they leave JTAG enabled you could try using that to get into the bootloader.
Also chip off firmware extraction could be a good try. what flash chip is it running?
Muito bom
I understand what happened but i dont know why you would do this
uboot is very versatile. One can break out the compressed partitions from the bin or one can use mm and an address and value (in some cases) to bypass encryption.
I have a BLU View 2 (Android device) I picked up for a dirt cheap $25 so I got two. I've been getting myself started with this stuff too. My goal is to unblock fastboot and allow for firmware flashing
Video quality not good, please upload new video