I'M BACK: Firmware Extraction Tips and Tricks

Matt Brown
Matt Brown
13,872
0
Published 2023-09-12
I'm back!

Can't wait to make some more awesome hardware hacking videos! In this one I share some tips and tricks from a recent device I was looking at and how I fixed some of my stupid mistakes.

UART adapter datasheet:
www.ftdichip.com/Support/Documents/DataSheets/Cabl…

IoT Hackers Hangout Community Discord Invite:
discord.com/invite/vgAcxYdJ7A

🛠️ Stuff I Use 🛠️

🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB

🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx

🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb

About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.

- Soli Deo Gloria

💻 Social:
twitter: twitter.com/nmatt0
linkedin: www.linkedin.com/in/mattbrwn/
github: github.com/nmatt0/

#iot #hacking #wifi #reverseengineering #firmware
All Comments (21)
  • @Vidread8
    Congrats my dude, always nice to see your content!
  • @raynrayn.8818
    ❤ I am happy to have you back as a follower from Saudi Arabia
  • @matthew-lawrence
    Thanks for your efforts Matt! Your chip extraction of the echo device has helped me hack an unnamed device's emmc and find user names, emails, and photos. I was really only interested in getting at its operating system but found it kept user data unencrypted. Would also love to see a video where you hacked and read the emmc of a device noninvasively by finding the "hidden" pins on the board itself, ie CLK, CMD, Data, etc. Even if it was an already reported device it would be very educational to see how you do that. I tried to figure that out on my device with an oscillascope and even trace the pins to other pads on the board once i removed the emmc, but only managed to find 3. I know there is an article on how to do it with the OG tall echo device but seems to leave out some critical steps (for my level of experience) as I was reviewing it.
  • @mytechnotalent
    welcome back Matt, nice new space and loved the hack! Crazy about the firmware being overwritten but nice you got the dump first.
  • @-mo0dy
    Congrats dude! Glad to have you back!
  • @zCri
    Congrats and good to see you back!
  • @christianziobro4933
    glad to see you back! you should consider making a discord in the future, love your content!
  • @dmaynor
    Failures are just as important to show as success. Especially if you can walk through you thought process of turning a L into a W!
  • @s3anuk
    Have you explored any glitch type attacks yet, Matt? Be good to see some content on that if you have. keep up the good work and thanks for your content!
  • @HawK40x
    Hey mate im glad i found your channel! I have a question, I can get into my ROUTER's SHELL directly through telnet but i dont get the "root" access cuz i wanna make some changes.. so what do you recommended what should i do about it ? Thanks!
  • @OfficialProjectSMP
    wrt the uboot thing, I believe `printenv` will sometimes show you how those commands are defined; that may help with avoiding that `test`function did
  • @LazloNQ
    I need the contents of a motor controller chip read and I'm willing to pay. Can anyone help me?