Love your stuff man. Keep doing what you are doing! Coming from network pentesting, having jumped into programming, then pentest labs and then SIEM stuff and IR competitions in college and wanting to have a better bottom up knowledge of devices, I find your videos extremely revealing.
This is an awesome video series. Im loving seeing the guts of this camera. As far as your soldering goes, if you ran some leaded solder over the pins of the IC first it would have come off easier. That factory solder is quite high temp and the leaded solder will mix with it and make it melt at a lower temp. Also they mace chip extraction solder that almost melts in your hand. Thats the best, however it is quite expensive. EDIT: spelling Another tip: I will heat the board before I wipe off the flux with cotton, and much of it comes off when hot. I try not to use the IPA because it spreads the flux around a lot. But with the amount of flux you used (and you used way too much, however you can NEVER have too much flux!) I would have hit it with IPA once or twice.
These are great videos, Matt. I've found when using solder wick that it's best to cut off the used part of the wick. If you don't, you're heating up the wick in both directions from the soldering iron tip. With the used part cut off, more heat from the iron goes through to the pads instead of just heating the braid. Thanks again for what you do!
It really helps if you apply some fresh solder to the pins before desoldering, so you don't have to heat the board that long. Even better if it was a juicy leaded solder.
@@mattbrwn there are even alloys with low melting temperatures that work excellently for desoldering purposes. For example, Rose's metal has a melting temperature of 94-98 degrees Celsius. After applying it to the component's solder joints it becomes stupid easy to desolder the component with a hot air gun. I even flipped this trick with SMD plastic connectors without melting the said plastic (like I did in my iPod Classic mod, you can find my blog post by my username if you're interested). However! The Rose's metal is quite brittle, so you need to remove it completely with the braid wick after desoldering
@@attribute-4677 I usually grab some low-temperature alloy with the tip of my soldering iron, apply it to the pins of the component in question, and wipe off the remainings from the soldering iron tip (you don't really want to have it in your permanent solder joints). Laying a piece of low-temperature alloy on the pins before using a hot air gun would work too, but generally, you don't need that much of this stuff to desolder a component.
Thanks Matt for giving me the courage to start in hardware stuff. I know it will be hard but i will stick with it til die. Those vids on your channel are so so great
When I take chips off I like to add some low melt (or even just reguler leaded) solder to the pins, less chance of cooking the chip/killing pads and comes off waaaaay easier :)
One of the nice things about these flash chips is that they only use like half of the pins.... So if you accidentally lift a pad it'll probably still work
I'm wondering why you're using flux to remove the chip. From my understanding, flux just helps solder flow smoothly and cleans contacts. What will help with removing chips from the board would be adding lead solder and mixing with the unleaded solder on the board. The unleaded solder has a higher temperature at which it melts, where as the commonly used leaded solder melts at a lower temperature.
Was there a link to part 1 somewhere or am I blind? Maybe add what part it is in the titles because looking at your channel I still have no idea which one is part one lol
my nand is 64gb and when i copy the firmware by rt809h it only stuck at logo in another device and the data i collect from that 64gb nand is just “9.something” gb so i think as u said i have to copy it by ts56 or any of xgecu by selecting “include spare area” right? so that all the data i can get correctly and that i can write in another nand and can run the device. am i right sir? or i should select “none” option? please reply.
Instead of cotton sticks dipped in IPA , try some atomizer pump (like in parumes , or hair conditioner) combined with a brush either soft one, or a harder one for scraping off some heavy shit . You would spread an even layer of IPA on the surface and avoid all the cotton mess at the same time. It works for me in most of applicatins
Flux doesn't do much for removing components, it's more for soldering. Its an acid that eats the corosion off the tin on the legs of the chip, helping the solder bond to it. Adding it to chips when removing them does nothing. I've been working in electronic repair and manufacturing for over 5 years.
One thing to note about NAND is the ECC. If you modify something, you're going to have to update the spare area associated with that page as well. If you don't, best case it restores the original data, worst case it marks the page as bad and it won't read. The ECC algorithm used in this particular configuration may not be obvious (especially if it's hardware ECC), so fixing the spare data might not be trivial.
@@mattbrwn thank you very much!!! Just getting into hardware hacking and your videos have taught me more in 2 days than I could have imagined! Keep up the awesome content 💪
the answer is often yes but it can be much harder and not worth it. you can technically do it with a logic analyzer but you will be at it for several days. if you can find a uart, spi, jtag, or similar bus on the chip and are able to connect to it on the board you could also dump the firmware.
@@mattbrwn Thank you for your work dude. I'm not even a script kiddie after a year or so but have learned a ton. 46 year old construction nerd who missed the boat but spend every spare moment learning. Your channel is in my rotation with Louis R too.
Lead-free solder is a scam. It's better to produce less number of reliable devices using leaded solder than to use lead-free solder producing a ton of e-waste due to those solder failures. Obviously for environment, not for manufacturers.
@@swiss_eng he means go to the support section of Arlo and download a firmware update and extract that. Sometimes that works, sometimes it doesn't or isn't available
anyone have a good rainbow table for unsalted sha256 hashes? alternatively, what's your go to wordlist?
1.Theres a website;p 2.remember that cybersecurity specialists usually have first dibs at creating a website
@@neon_Nomad my head hurt
Love your stuff man. Keep doing what you are doing! Coming from network pentesting, having jumped into programming, then pentest labs and then SIEM stuff and IR competitions in college and wanting to have a better bottom up knowledge of devices, I find your videos extremely revealing.
This is an awesome video series. Im loving seeing the guts of this camera.
As far as your soldering goes, if you ran some leaded solder over the pins of the IC first it would have come off easier. That factory solder is quite high temp and the leaded solder will mix with it and make it melt at a lower temp. Also they mace chip extraction solder that almost melts in your hand. Thats the best, however it is quite expensive.
EDIT: spelling
Another tip: I will heat the board before I wipe off the flux with cotton, and much of it comes off when hot. I try not to use the IPA because it spreads the flux around a lot. But with the amount of flux you used (and you used way too much, however you can NEVER have too much flux!) I would have hit it with IPA once or twice.
These are great videos, Matt. I've found when using solder wick that it's best to cut off the used part of the wick. If you don't, you're heating up the wick in both directions from the soldering iron tip. With the used part cut off, more heat from the iron goes through to the pads instead of just heating the braid. Thanks again for what you do!
Adding some low melt solder before you use the heat gun helps.
It really helps if you apply some fresh solder to the pins before desoldering, so you don't have to heat the board that long. Even better if it was a juicy leaded solder.
Hmm yeah I'll have to try that. Makes sense
@@mattbrwn there are even alloys with low melting temperatures that work excellently for desoldering purposes. For example, Rose's metal has a melting temperature of 94-98 degrees Celsius. After applying it to the component's solder joints it becomes stupid easy to desolder the component with a hot air gun. I even flipped this trick with SMD plastic connectors without melting the said plastic (like I did in my iPod Classic mod, you can find my blog post by my username if you're interested).
However! The Rose's metal is quite brittle, so you need to remove it completely with the braid wick after desoldering
@@attribute-4677 I usually grab some low-temperature alloy with the tip of my soldering iron, apply it to the pins of the component in question, and wipe off the remainings from the soldering iron tip (you don't really want to have it in your permanent solder joints).
Laying a piece of low-temperature alloy on the pins before using a hot air gun would work too, but generally, you don't need that much of this stuff to desolder a component.
Thanks Matt for giving me the courage to start in hardware stuff. I know it will be hard but i will stick with it til die. Those vids on your channel are so so great
The TH-cam algorithm leads me to another great TH-camr
Thanks! The algorithm works in mysterious ways!
Great stuff! Can't wait for the next part
I enjoy these videos a lot. Thanks for sharing!
When I take chips off I like to add some low melt (or even just reguler leaded) solder to the pins, less chance of cooking the chip/killing pads and comes off waaaaay easier :)
Capcom tape! I love it! That's what it will now be called for the rest of my life.
One of the nice things about these flash chips is that they only use like half of the pins.... So if you accidentally lift a pad it'll probably still work
I'm wondering why you're using flux to remove the chip. From my understanding, flux just helps solder flow smoothly and cleans contacts. What will help with removing chips from the board would be adding lead solder and mixing with the unleaded solder on the board. The unleaded solder has a higher temperature at which it melts, where as the commonly used leaded solder melts at a lower temperature.
well if you don't use flux on desoldering it, you'd damage the chip as the heat just directly hit the chip
Woopwoop part 2!
Was there a link to part 1 somewhere or am I blind? Maybe add what part it is in the titles because looking at your channel I still have no idea which one is part one lol
Louis would use a whole bottle of flux
True.
my nand is 64gb and when i copy the firmware by rt809h it only stuck at logo in another device and the data i collect from that 64gb nand is just “9.something” gb so i think as u said i have to copy it by ts56 or any of xgecu by selecting “include spare area” right? so that all the data i can get correctly and that i can write in another nand and can run the device. am i right sir? or i should select “none” option? please reply.
Instead of cotton sticks dipped in IPA , try some atomizer pump (like in parumes , or hair conditioner) combined with a brush either soft one, or a harder one for scraping off some heavy shit . You would spread an even layer of IPA on the surface and avoid all the cotton mess at the same time. It works for me in most of applicatins
great educational video! I wonder if those classic wordlists for cracking user accounts would work with this.
Why did all the flux go on the chip package, rather than a blob on either side where the pins are?
Flux doesn't do much for removing components, it's more for soldering. Its an acid that eats the corosion off the tin on the legs of the chip, helping the solder bond to it.
Adding it to chips when removing them does nothing.
I've been working in electronic repair and manufacturing for over 5 years.
Lol then why does rossmann use it
Why didn't you change the hash in the dump and then rewrite it before soldering? Just to keep investigating in case you don't find the password.
might have to do that eventually. trying to be as least invasive as possible.
One thing to note about NAND is the ECC. If you modify something, you're going to have to update the spare area associated with that page as well. If you don't, best case it restores the original data, worst case it marks the page as bad and it won't read. The ECC algorithm used in this particular configuration may not be obvious (especially if it's hardware ECC), so fixing the spare data might not be trivial.
Will you make a video about chip readers and all that stuff?
What flash reader are you using and where can i buy one?
That is the Xgecu T48 and I now recommend the upgraded Xgecu T56. eBay is where I got mine
@@mattbrwn thank you very much!!! Just getting into hardware hacking and your videos have taught me more in 2 days than I could have imagined! Keep up the awesome content 💪
Genuinely interested to know how many Q-tips you go through per week lol 😅
Excellent videos. Could you hacking the firmware of microcontroller of the any air conditioner ?
what temperature do you usually use to desolder?
matt,what’s your reader name?or could you suggest some reader to buy😊
hi Matt, can i dump the firmware without desolder the chip ?
the answer is often yes but it can be much harder and not worth it. you can technically do it with a logic analyzer but you will be at it for several days. if you can find a uart, spi, jtag, or similar bus on the chip and are able to connect to it on the board you could also dump the firmware.
Some hash... somewhere over in the starss
The anticipation...is killing me ..when's that chip going to give
Yeah this one took longer than most. Could be a number of factors.
Not sure it my technique would work better but I'd use a bigger nozzle on the hot air, or take the nozzle off if that's the biggest one.
@@MCgranat999Sounds like a load of hot air to me .......u c what i did there
Remember to follow the rainbow when working with hash
Cut it with them 3 d printing clippers ......my g😎
What linux distro are you using to do all this?
Arch Linux but all this stuff can be done with any kind of Linux you want.
@@mattbrwn Thank you for your work dude. I'm not even a script kiddie after a year or so but have learned a ton. 46 year old construction nerd who missed the boat but spend every spare moment learning. Your channel is in my rotation with Louis R too.
@@mattbrwn Kali Linux Manjaro and Straight Debian for me. Dragon OS im trying for SDR tools. Have a good day bro.
just heard about dragonOS from a training I'm in right now! I'll have to try that out. Getting SDR tools to work is a pain...
Why are we still using lead? Dont we know what happened to the Greeks, sure its a great sweetener but..
leaded solder works way better than lead-free.
Lead-free solder is a scam. It's better to produce less number of reliable devices using leaded solder than to use lead-free solder producing a ton of e-waste due to those solder failures. Obviously for environment, not for manufacturers.
@linus cat tips don't breathe it in either though
dude use a thin bristle toothbrush for cleaning :)
Sir plz help
My Nand Flash ic dump extract plz im send you. Please answer
kapton tape
I don’t understand why you would want to extract firmware from a camera? Just go download it
How do you think the person providing the firmware got it?
@@swiss_eng he means go to the support section of Arlo and download a firmware update and extract that. Sometimes that works, sometimes it doesn't or isn't available
He wants the password.
If you are afraid of chinese software phoning home, check out simplewall
1st
Great job glad the chip is still good:) just got my chip reader in but iv been focusing more on Tryhackme