Juan Carlos has a written part 5 of his series of firmware reversing posts!
http://jcjc-dev.com/2016/12/14/reversing-huawei-5-reversing-firmware/
I think I missed part 4!
Tag: Juan Carlos Jiménez
Reversing Huawei routers, part 4
There will be a part 5!
Practical Reverse Engineering Part 4 – Dumping the Flash
Part 1 – Hunting for Debug Ports
Part 2 – Scouting the Firmware
Part 3 – Following the Data
In Parts 1 to 3 we’ve been gathering data within its context. We could sniff the specific pieces of data we were interested in, or observe the resources used by each process. On the other hand, they had some serious limitations; we didn’t have access to ALL the data, and we had to deal with very minimal tools… And what if we had not been able to find a serial port on the PCB? What if we had but it didn’t use default credentials? In this post we’re gonna get the data straight from the source, sacrificing context in favour of absolute access. We’re gonna dump the data from the Flash IC and decompress it so it’s usable. This method doesn’t require expensive equipment and is independent from everything we’ve done until now. An external Flash IC with a public datasheet is a reverser’s great ally. […]
More info:
http://jcjc-dev.com/2016/06/08/reversing-huawei-4-dumping-flash/
Pointers to 1-3 are also here:
Reversing Huawei routers, part 3
In part 2, Juan Carlos was interacting with the CLI in U-Boot. What will happen in episode 3? Spoiler alert: there is an episode 4 planned!
Practical Reverse Engineering Part 3 – Following the Data
Part 1: We found a door into the firmware in the form of a UART debug port
Part 2: We took a first look at the firmware, collected all sorts of data
The best thing about hardware hacking is having full access to very bare metal, and all the electrical signals that make the system work. With ingenuity and access to the right equipment we should be able to obtain any data we want. From simply sniffing traffic with a cheap logic analyser to using thousands of dollars worth of equipment to obtain private keys by measuring the power consumed by the device with enough precission (power analysis side channel attack); if the physics make sense, it’s likely to work given the right circumstances. In this post I’d like to discuss traffic sniffing and how we can use it to gather intel. Traffic sniffing at a practical level is used all the time for all sorts of purposes, from regular debugging during the delopment process to reversing the interface of gaming controllers, etc. It’s definitely worth a post of its own, even though this device can be reversed without it. […]
Post:
http://jcjc-dev.com/2016/05/23/reversing-huawei-3-sniffing/
Reversing Huawei router part 2: U-Boot’s CLI
Juan Carlos Jiménez has written the 2nd part of his series on reversing a Huawei router! The first part was excellent, this one is just as good.
Practical Reverse Engineering Part 2 – Scouting the Firmware
In part 1 we found a debug UART port that gave us access to a linux shell. At this point we’ve got the same access to the router that a developer would use to debug issues, control the system, etc. This first overview of the system is easy to access, doesn’t require expensive tools and will often yield very interesting results. If you want to do some hardware hacking but don’t have the time to get your hands too dirty, this is often the point where you stop digging into the hardware and start working on the higher level interfaces: network vulnerabilities, ISP configuration protocols, etc. […]
Part 2:
http://jcjc-dev.com/2016/04/29/reversing-huawei-router-2-scouting-firmware/
Part 1:
http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/
Huawei HG533 reversing, part I
Juan Carlos Jiménez has started a multi-part blog series on hardware reversing of a Huawei HG533 router.
http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/
Firmware Security 