#01 - Identifying Components - Hardware Hacking Tutorial
Summary
TLDRLa première épisode de la série 'Rocking Tutorial' se concentre sur la collecte d'informations pour comprendre le dispositif, l'identité du fabricant et le concepteur original. Le présentateur, Volatilité, partage des techniques pour ouvrir l'appareil et identifier les composants clés, notamment le système sur puce et la mémoire flash. Il explore les ressources en ligne, y compris les manuels, les sites de la communauté et les documents du FCC, pour extraire des informations précieuses sur le matériel. Ce tutoriel vise à aider les utilisateurs de niveaux débutant et avancé à démystifier le processus d'exploitation et de modification des firmwares.
Takeaways
- 😀 La série 'Rocking Tutorial' est destinée aux débutants et aux utilisateurs avancés intéressés par le reverse engineering des dispositifs.
- 🔍 L'objectif est d'analyser les composants d'un dispositif, de construire un environnement d'émulation, de rétro-ingénier les binaires et de modifier le firmware.
- 🏁 Le premier épisode se concentre sur la phase d'information, qui comprend la compréhension de la fabrication et de l'architecture du dispositif.
- 🔧 L'exploration commence par l'identification du fabricant, la recherche d'informations sur le matériel et du firmware, et la localisation des interfaces de programmation.
- 🌐 La recherche en ligne est un outil essentiel pour recueillir des informations sur le dispositif, notamment via les manuels, les sites de la communauté et les bases de données de matériel.
- 🔑 L'identification du fabricant original et la compréhension des différentes versions ou modèles du dispositif sont cruciales pour la suite du processus.
- 🛠️ L'ouverture physique du dispositif peut être nécessaire pour identifier les composants internes, bien que cela puisse être difficile ou nécessiter des outils spécifiques.
- 🔎 Les photos et les schémas internes fournis par des sources en ligne peuvent aider à comprendre la structure et la composition du dispositif.
- 💾 L'identification des composants clés tels que le système sur puce (SoC), la RAM et les dispositifs de stockage est essentielle pour la suite du reverse engineering.
- 🔗 Les ressources en ligne telles que les projets GitHub, les sites de la communauté et les bases de données de matériel peuvent fournir des informations précieuses sur le matériel et le firmware.
- 📝 La prise de notes et la documentation des informations recueillies sont importantes pour planifier les étapes suivantes du processus de rétro-ingénierie.
Q & A
Quel est l'objet principal de la série 'Rocking Tutorial'?
-La série 'Rocking Tutorial' est dédiée à tout ce qui concerne le hacking de dispositifs, offrant des informations pour les débutants et les utilisateurs avancés.
Quelle est la première étape de la phase de collecte d'informations?
-La première étape de la phase de collecte d'informations consiste à comprendre qui fabrique l'appareil et s'il existe un fabricant de conception d'origine.
Pourquoi est-il important de déterminer s'il existe un fabricant de conception d'origine (ODM)?
-Il est important de déterminer s'il existe un fabricant de conception d'origine car parfois une entreprise ne fabrique pas l'appareil mais seulement le commercialise avec sa marque.
Quels sont les composants clés que l'on cherche à identifier dans un appareil lors de la phase de collecte d'informations?
-Les composants clés à identifier sont le système sur puce (SoC), son architecture, la quantité de RAM, la mémoire flash EEPROM, ainsi que d'autres dispositifs intéressants comme les interfaces JTAG et SPI.
Quelle est la signification de l'identifiant FCC ID?
-L'identifiant FCC ID est attribué à chaque appareil vendu aux États-Unis par la Federal Communication Commission (FCC), qui certifie que l'appareil est conforme aux réglementations sur les émissions radio.
Quels sont les avantages de consulter le site Tech Info Depot pour la collecte d'informations sur un appareil?
-Le site Tech Info Depot est un projet communautaire qui fournit de nombreuses informations sur de nombreux appareils, y compris des photos internes et externes, des rapports de tests et des informations sur les composants.
Pourquoi est-il préférable d'ouvrir physiquement l'appareil après avoir collecté des informations en ligne?
-Ouvrir physiquement l'appareil permet de vérifier par soi-même les composants internes et de confirmer ou d'invalider les informations trouvées en ligne, car il se peut que le fabricant ait modifié des éléments internes.
Quels sont les défis potentiels lors de l'ouverture d'un appareil?
-Les défis peuvent inclure l'utilisation de vis spéciales, la présence de scellants, des blindages métalliques difficiles à retirer sans endommager l'appareil, ou même des mesures anti-tampering dans les appareils militaires.
Comment peut-on améliorer la lisibilité des numéros de composants sur les circuits intégrés?
-On peut utiliser de la gomme et de l'alcool pour nettoyer la surface, attendre que la gomme sèche, puis utiliser du craie pour souligner les numéros, et enfin enlever la craie avec de la gomme sans alcool pour rendre les numéros plus lisibles.
Quelle est la valeur ajoutée de consulter des moteurs de recherche chinois pour la recherche d'informations sur des composants?
-Les moteurs de recherche chinois comme Baidu peuvent fournir des informations supplémentaires sur des composants chinois non trouvés sur les moteurs de recherche occidentaux, et Google Translate peut aider à comprendre le contenu en chinois.
Outlines
🔍 Début de la série : Introduction à l'exploration des appareils
Le script introduit la première émission d'une série consacrée à l'exploration des appareils, offrant des informations utiles aux utilisateurs débutants et avancés. L'épisode se concentre sur la phase d'information initiale, qui comprend la compréhension de l'identité du fabricant de l'appareil, la recherche d'un fabricant de conception d'origine, et l'identification des composants clés du système sur puce (SoC), de la RAM et des mémoires flash EEPROM. L'objectif est d'extraire le firmware et le système de fichiers racines de l'appareil. Le présentateur se présente comme un passionné d'électronique numérique et de technologies de l'information, prêt à partager ses outils et techniques.
🔎 Recherche d'informations sur l'appareil et analyse des résultats
Le script décrit les étapes de recherche d'informations sur l'appareil via Internet, y compris la consultation du manuel de l'utilisateur et la découverte du fabricant original. Les résultats de recherche incluent la consultation du site Web de la Commission fédérale des communications (FCC) pour obtenir des informations sur le système sur puce, les composants flash et EEPROM. Le script mentionne également l'utilisation de ressources telles que le site OpenWRT et le projet GitHub personnel du présentateur pour trouver des informations détaillées sur l'appareil. L'importance de la recherche d'informations sur les appareils est soulignée pour faciliter le processus d'exploration.
🛠 Ouverture de l'appareil et identification des composants internes
Le script explique comment ouvrir physiquement l'appareil pour examiner et identifier les composants internes, y compris le système sur puce, la RAM et les mémoires flash. Il aborde les défis liés à l'ouverture des appareils, tels que l'utilisation de vis spéciales ou de glue, et les mesures de sécurité telles que les circuits anti-tampering. Les techniques pour améliorer la lisibilité des numéros de composants et l'utilisation d'outils tels que des loupes et des lampes poussent également être discutées. Le script met en évidence l'importance de la visualisation directe des composants pour confirmer les informations trouvées en ligne et pour avancer dans le processus d'exploration de l'appareil.
📡 Identification des composants et conclusion de la première émission
Le script conclut en identifiant les composants clés de la carte mère, tels que le système sur puce MT76x180 basé sur un CPU MIPS dual-core, la RAM de 128 mégaoctets et un composant logique discret inhabituel. Il souligne la différence entre les informations trouvées en ligne et celles observées sur la carte mère physique, ce qui peut indiquer des changements dans la conception de l'appareil. Le script invite les spectateurs à s'abonner, à partager la vidéo et à donner leur avis, soulignant l'importance des suggestions pour améliorer la série.
Mindmap
Keywords
💡Information Gathering
💡Hardware
💡Software
💡Emulation Environment
💡Reverse-Engineering
💡Firmware
💡Root Filesystem
💡JTAG Interface
💡Serial Number
💡FCC ID
Highlights
Introduction to the series dedicated to hacking tutorials for both beginners and advanced users.
Explanation of the hard working process based on information gathering, emulation environment building, and reverse-engineering.
Emphasis on understanding the manufacturer and the original design manufacturer of the device.
The importance of identifying the system on a chip, RAM, and flash EEPROM of the device.
Locating word interfaces such as JTAG for further device analysis.
The goal of extracting firmware and the root filesystem from the device.
Introduction of the presenter's background and expertise in digital electronics and IT infrastructure.
The methodology of starting with the easiest path first in the information gathering phase.
The process of searching for device information on the internet, including user manuals and FCC IDs.
Utilizing community-driven projects like techinfo.de for device information.
The value of FCC documentation for understanding device components and compliance.
Identifying the system-on-a-chip and other components from FCC reports.
Exploring openwrt.org for hardware information and router firmware.
The necessity of opening the device to verify components, despite potential challenges.
Techniques for improving the readability of integrated circuit part numbers.
The discovery of a MIPS CPU-based system-on-a-chip and other components on the motherboard.
The use of a 74HC164 logic component as a reference point for voltage measurements.
Confirmation of NAND flash device size and other findings from internet research.
Encouragement for viewers to subscribe, share, and give feedback for the tutorial series.
Transcripts
this is the first episode of the series
are rocking tutorial that is dedicated
to everything about our rocking kisses
for beginners but also advanced users
will find something useful on this
series the hard working process is
described based on information gathering
of hardware and software building an
emulation environment where to run
interesting binaries of our device and
eventually reverse-engineer them then
analyzing how the device works and then
at the end acting the device and
eventually modifying is firmer it is the
first episode we will talk about the
first steps of information gathering the
information gathering phase is based on
understanding who makes the device if
there is an original design manufacturer
because sometimes a company brands a
device or manufacturing device but
another company have designed the device
and development is firmer then we start
opening the device and trying to
identify is main device components we
are mainly interested in the system on a
chip and is architecture on amount of
RAM and the flash EEPROM but also to
understand if there are some other
interesting devices then we won't locate
the word interface in the JTAG interface
and ezra step information gathering
phase we want to get the firmer out of
the device and extract is the root
filesystem in this first episode we will
talk about the first steps of
information gathering up to identifying
device components I am a volatility on
petrol I have a background in digital
electronics and information technology
infrastructure and I wish to be your
friendly Italian acha neighbor willing
to share with you tools and techniques
but about our tracking that I learned by
myself acting many devices so let's
start
this router is the main device that we
will use during it is a tutorial series
the first step in information gathering
phase is to understand what kind of
device we have and is manufacture and
also to understand if there is an
original design manufacturer because
sometimes a company manufacturing device
but another company ever designed it and
develop it is firmer this router is
distributed in Italy by Lincoln Lincoln
is the biggest Italian internet service
provider because the wireless internet
service provider according to this label
it seems that this router has been
manufactured by Lincoln but Lincoln is
the name of the SP so this means that it
is only branded it not manufactured it
the manufacturer is someone else looking
at the label this device we are not able
to understand who is the original design
manufacturer of the device anyway we can
see that on the label do we have the
model name of the device the SSID of the
router the Wi-Fi default password the
LAN
MAC address or Ethernet MAC address and
the serial number of the device looking
at the manual we can understand that the
serial number starts with the string gmk
and then we have six digit for the data
of production 2g digits for the year two
digits for the month and two digits for
today of production then we have a 6
digit sequential number later we will
see that knowing this information is
very important to up the device and to
be able to generate the default Wi-Fi
password of the device in T's acting
tutorial we are we will always follow
the easiest part first
methodology this means that every time
we will always start with the easiest
path first so to get more information
about this device the first step the
easiest step is to search information on
Internet
so we will search information on
internet aunties device and we will
understand that this device has been
manufactured by Assad a suit Korean
company called gemtech they chased many
production site in Asian countries the
first step in the information gathering
phase is to look for our device on
Google because we are interested to know
as much as possible about our device we
can see that one of the first result is
the user manual and we also know that
the company that has produced our device
is Gentek we look at the user manual but
maybe there isn't there is the
information that we are looking for
because we are mainly interested in the
system monetary pressure from a flash
rom that is on our device so we return
back and we look at other search results
on Google one of these search results is
very interesting it is the search result
that the website tech info deport gives
us this is a website really interesting
with the lot of information on many many
devices it is a community driving
project so we don't have official
information and on some device we have
more information some other device we
have a less information in this case we
have a link to a product page but this
is an empty link pointing to an internet
service provider that is no more
information about this product that
maybe it is shipping in the past but we
have some other very useful information
like the FSS CC ID this is the ID given
to each device that is sold in the
United States FCC stands for Federal
Communication Commission and gives
approval to each device that they it is
compliant with radio emission regular
regulations so in this case we can click
on related link and we go to the FCC
website where the manufacturer has
provided some information about
device if we look at the information
available we can find some interesting
information for example we can see the
external photos of the device the ID
label of the device in this case this is
not our ID label it is a device
manufactured for another internet
service provider and we can see that in
this label there is the FCC ID and we
also have other information the FSC see
ID you can see that is not available on
my own device because my own device is
sold in Italy where there is no
obligation for the FSC see radio
emission compliance we can see that we
also have other information like for
example internal photos that can be very
useful to understand how the device is
manufactured what kind of component it
has onboard and so on but maybe pictures
are not big enough to read the marking
of each device component we also have
some other documentation like test
reports of radio emission tests and so
on but if we look at a detect tech
report website we can find some other
interesting information like for example
the name of the system-on-a-chip
in this case it is a magnetic chip we
can also see the name and amount on all
the flesh EPROM chip and the name and
amount on of of the ROM chip this is
really interesting information in our
initial stage of information gathering
in the links of interest we can also see
a pointer to a github project but this
is my own github project where I did a
reverse engineering of T's router so it
was not available when I started
searching for this device anyway in this
case there is a lot of information that
I put on my github repository
about this device another source of
information is open wrt website which is
a site dedicated to open source router
firmer open wrt but there is a database
of many many router with information on
hardware available to the router in this
case there is no information on our
device but anyway it is it is one other
side to search for at the beginning for
example if we search for another router
that an old router that I am it is DG 8
3 4G before we can see that we are able
to find a lot a lot of information the
system on a chip how to install the open
wrt software on this device and also
many other information including the
position layout of the fresh Abram the
position of the word interface and the
position of the JTAG interface and
including also pictures of the route of
the router pictures of is mainboard
and exact position of word interface and
the JTAG interface so this website
especially if we are doing some are
tracking on a router this is for sure a
website to track we got a lot of
information about this router on the
internet but the information that we got
was related to the same part number but
distributed but by different internet
service provider with a different label
format so probably it is a different
fair more and it is also possible that
the manufacturer have changed something
inside the router likely
system-on-a-chip their arm or the their
prompt so it is better to open the
device and to check by ourselves the
components that are inside device so we
open the device usually it is easy to
open device of these sides sometimes
this kind of device can air
some special screw so we can need some
special screwdriver but in different
devices like for example smartphones
smartwatches digital cameras and other
very small device it can be very very
difficult to open them sometimes we are
able to find tutorials on internet on
how to open a specific device and other
times we have to find the solution by
ourselves and can be really difficult on
some industrial-grade there isis it is
also possible that we have some
countermeasure to prevent the opening of
the device like for example using glue
instead of screw using glue but to keep
the shells together and inside the
device on some military-grade device we
can also have anti tampering circuitry
that will wipe out the content of the
air from if we open the device anyway i
have put a link below that will better
explain how to deal with this kind of
devices now that we open the device we
need to unscrew the motherboard from the
device and we can see that sometimes we
have it sinks that we able to remove to
look below them and to understand what
kind of components we have below
sometime it's easy sometimes can be more
difficult we can also have metal shield
use it to shield the radio frequencies
in this case often it is more difficult
to remove sometimes it is impossible to
remove without damaging the port if we
have multiple boards there are no
problem we can destroy one board at once
and what's below the metal shield and it
sings otherwise if we have only one
board we can not destroy it so in this
case we will move forward without
identifying the device because our
principle is always to follow this path
first so if an information is difficult
to get anyway we will move forward and
we will return back only if absolutely
needed
we can look at the values integrated
circuits on this motherboard but we can
see that often it is difficult to read
the part number on top of these
integrated circuits in this case we can
try to improve the readability of the
part number using a cotton and Howell to
clean up the surface of this part number
then wait for the article to dry out and
then use a chalk over these integrated
circuits then use a cotton again without
our code to remove the chalk and then
after not too strongly and then after
this it is usually easier to read the
part number we can also use a magnifying
glass or a magnifying lamp with the LED
light to read the part number on top of
these integrated circuits now that we
have been able to read the part number
on top of the integrated circuits we can
search on the internet and usually we
are able to find a lot of information
including the datasheet of this part of
these part numbers but in some cases
especially on some unusual Chinese
devices it is possible that we will find
nothing on the Internet in this case can
be useful to search on a Chinese search
engine light for example Baidu and maybe
only the search engine we will find
something in Chinese obviously but we
can use Google Translate to understand
at least what kind of device we have but
in our case on our motherboard there is
a normal device that we are able to find
a lot of information on the Internet the
system-on-a-chip
is a magnetic mt7 six to 180 chip it is
a chip based on a MIPS CPU dual-core cpu
running at eight hundred eight megahertz
the RAM is a Wimble chip it is a 128
megabyte Ram chip it is different of it
is different compared to what we found
on the tech deport website but then
it is the same science we also have an
unusual discrete logic component it is a
74 hc1 64 usual we don't have this
handle component on this motherboard but
in this case it can be useful for us
because it easy on to the chip to
identify VCC a ground and this can be
used as a reference point when we need
to take some voltage measurements on the
motherboard
we also are able to identify the NAND
flash device that it is a 128 megabytes
NAND flash device and tis confirm what
we found on the tech deport web beside
when when we searched this information
on the internet if you found this video
interesting please subscribe help this
channel grow share this video with your
friends interested in hard watching and
don't forget to click the subscribe
button below and the notification Bay to
be notified when new episodes will be
released and not forget to click the
apps the thumbs up icon and please give
me feedback on the comments below but
positive and negative I will appreciate
any type of feedback or feedback
especially suggestions and also if you
have enjoyed this video or also if you
don't don't like it this video but
especially suggestions are really really
welcome thank you for watching see you
again on this channel
関連動画をさらに表示
5.0 / 5 (0 votes)