Hacking the Arlo Q Security Camera: Bootloader Reverse Engineering
15,701
Published 2023-01-28
unsalted sha256 bootloader password hash:
dd62e7962d63044fd1b190091930939affb172e578bb941728bd4e4478250641
IoT Hackers Hangout Community Discord Invite:
discord.com/invite/vgAcxYdJ7A
🛠️ Stuff I Use 🛠️
🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter:amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
- Soli Deo Gloria
💻 Social:
twitter: twitter.com/nmatt0
linkedin: www.linkedin.com/in/mattbrwn/
github: github.com/nmatt0/
#iot #hacking #bootloader #reverseengineering #firmware
All Comments (21)
-
Hey Matt, loved the video as per usual. I’ve cracked the hash for the boot loader, the password is: ngpriv106
-
What a goldmine of a channel!
-
Great video Matt, amazing explanations. Very easy to follow and understand!
-
I know the hash has been cracked now, but if you wanted to get into the older firmware without having to do a chip-off you could also have tried interrupting the boot process a few times, ideally with a reset. This would simulate the crashing firmware that this sort of A/B deployment is supposed to protect against and may have caused the boot loader to fail back to the old version.
-
Damn man you're good! I like how you show your discovery process, so much awesome tricks!
-
Bruh this is top quality content. Thank you so much 🙏
-
Thanks for the videos I learned a lot from your videos.
-
Thanks Matt....Great video.
-
Hi @mattbrwn... Just discovering your channel now... Where are you on part 4 of this serie?? :D Awesome videos, keep it up!
-
Very interesting videos!
-
Amazing as always !ganbatte!!
-
Great video
-
Really good content
-
Here i come hash cat.. guess the rainbow road was to easy a route
-
Hey Matt thanks for the video. How did you know that the hash was unsalted? Was it in a previous video?
-
Is it not possible for you to write your own known hash into the flash chip raw data dump or is this data retained in the armarello chip??
-
Says it will take a month but im having trouble getting both cpu and GPU running at same time... I don't have much experience with hashcat so if anyone knows whats going wrong im using hashcat launcher
-
bom video matt: o bootloader é u-boot ?
-
Did you end up making the 3rd video in this ARLO Q series?
-
Any updates on what happened with the arlo?