Uncategorized

Reversing Huawei routers, part 4

There will be a part 5!

Practical Reverse Engineering Part 4 – Dumping the Flash
    Part 1 – Hunting for Debug Ports
    Part 2 – Scouting the Firmware
    Part 3 – Following the Data

In Parts 1 to 3 we’ve been gathering data within its context. We could sniff the specific pieces of data we were interested in, or observe the resources used by each process. On the other hand, they had some serious limitations; we didn’t have access to ALL the data, and we had to deal with very minimal tools… And what if we had not been able to find a serial port on the PCB? What if we had but it didn’t use default credentials? In this post we’re gonna get the data straight from the source, sacrificing context in favour of absolute access. We’re gonna dump the data from the Flash IC and decompress it so it’s usable. This method doesn’t require expensive equipment and is independent from everything we’ve done until now. An external Flash IC with a public datasheet is a reverser’s great ally. […]

More info:
http://jcjc-dev.com/2016/06/08/reversing-huawei-4-dumping-flash/

Pointers to 1-3 are also here:

https://firmwaresecurity.com/2016/05/23/reversing-huawei-routers-part-3/

Standard

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s