Flash Extraction
Jump to navigation
Jump to search
Contents
Table
Introduction
Embedded devices or smart devices store their code in a ROM or flash memory chip primarily because these types of memory are non-volatile and permanent even after power loss.
The data is stored even after the system is turned off in contrast to volatile memory that needs to stay powered on. A prime example of this is if you put your computer in hibernate S4 or (modern standby) S0.
The RAM memory will stay powered to keep everything in the memory active so that if you press the power button the system will be back up in seconds, if you disconnect the power the hibernated session will be gone because RAM is volatile memory.
This wiki page will provide a basic explanation of embedded and smart devices and their ways of storing code in modern electronics and provide some great resources in regard of the extraction techniques.
Some in-depth information regarding the subject will be shared here too.
Purpose of data extraction
Reverse engineering code stored in ROM firmware is a practice that serves multiple purposes across various fields, particularly in technology and security.
One of the primary reasons for reverse engineering firmware is to identify and mitigate security vulnerabilities. As IoT devices and embedded systems become more prevalent, ensuring their security is crucial. By analyzing the firmware, security researchers can uncover weaknesses in the code that could be exploited by malicious actors locally or even remotely which could pose a high risk to many users.
Below, we will explore the reasons why individuals and organizations engage in this process.
- Security audits
- - White hats - good guys, safeguarding systems & data to prevent hackers from getting in.
- - Grey hats - in between good and bad.
- - Black hats - abusing vulnerabilities to earn money or do damage, or other illicit services.
- Industrial hardware repair
- - Repair shops
- - Technical department in a company doing repairs locally
- Recovery in mission critical failure mode (back-up a day keeps the Dr away)
- - Data recovery companies
Physical locations
- Chip Internal ROM (embedded inside the microcontroller most often also known as a SoC system-on-a-chip)
- Chip external ROM (an external part on the PCB)
Types of Memory
- Various types of EEPROMs
- Serial EEPROM
- Parallel EEPROM
- Flash Memory -> Bigger, faster and cheaper but less reliable (less write cycles)
- NAND/NOR Flash
- FeRAM
Chip interfaces
- Also known as general-purpose ports (GPIO).
- - Bit-banging is the process of emulating a protocol in software instead of relying on a hardware peripheral to do the same things.
- - I2C is a two-wire serial communication protocol using a serial data line (SDA) and a serial clock line (SCL).
- The protocol supports multiple target devices on a communication bus and can also support multiple controllers that send and receive commands and data.
- Pinout
- VCC (1.5V up to 5V)
- SCL (I2C Clock)
- SDA (I2C Data)
- GND (Ground)
- The protocol supports multiple target devices on a communication bus and can also support multiple controllers that send and receive commands and data.
- - SPI is a synchronous, full duplex main-subnode-based interface.
- The data from the main or the subnode is synchronized on the rising or falling clock edge. Both main and subnode can transmit data at the same time.
- The SPI interface can be either 3-wire (Single SPI mode), 4-wire (Dual SPI mode) or 6-wire (Quad SPI mode).
- Pinout Dual SPI mode
- MOSI (Master Out Slave In)
- MISO (Master In Slave Out)
- SCLK (Serial Clock)
- SS/CS (Slave Select)
- - A parallel I/O port is a mechanism that allows the software to interact with external devices. It is called parallel because multiple signals can be accessed all at once.
- Microwire, often spelled μWire, is essentially a predecessor of SPI and a trademark of National Semiconductor.
- It's a strict subset of SPI: half-duplex, and using SPI mode 0. Microwire chips tend to need slower clock rates than newer SPI versions; perhaps 2 MHz vs. 20 MHz.
- Some Microwire chips also support a three-wire mode.
- - The QSPI peripheral provides support for communicating with an external flash memory device using SPI.
- - 1-Wire is a wired half-duplex serial bus designed by Dallas Semiconductor that provides low-speed (16.3 kbit/s) data communication and supply voltage over a single conductor.
- Genuine Dell laptop power supplies use the 1-Wire protocol to send data via the third wire to the laptop computer about power, current and voltage ratings.
- The laptop will then refuse charging if the adapter does not meet requirements.
- Emulating the DS2502 TO-92-3 1-wire Dell charger ID EEPROM.
Programming
- In-circuit programming
- Allows programmable devices, such as microcontrollers, to be programmed while they are installed in a complete system, facilitating firmware updates without removing the chip.
- Out-of-circuit programming
- Refers to the process of programming microcontrollers or integrated circuits while they are removed from their final application circuit, typically using specialized programming equipment.
Extraction Methods [ >> hot topic << ]
External ROM
- In case of an external ROM you can always try to read it with a programmer and try to dump the contents this way for later static analysis.
Internal ROM
When your target chip has a built-in ROM and the chip is locked you are out of luck trying to easily read the firmware in most cases.
Here is where it comes handy to know of different methods widely used to attack these chips in order to retrieve the firmware for later static analysis or even live debugging.
- 1. Decapsulation
- 2. Bootloader hacking
- 3. Fault injection & Glitching Attacks
- - VCC glitching (Crowbar Circuits)
-
- RECESSIM video: Hacking into a Locked Microchip - Reverse Engineer shows you how it's done.
- Example paper 1. Fault Injection using Crowbars on Embedded Systems.
- Example paper 2. Injecting Software Vulnerabilities with Voltage Glitching.
- Example paper 3. Glitch it if you can: parameter search strategies for successful fault injection.
- Example paper 4. The Forgotten Threat of Voltage Glitching: A Case Study on Nvidia Tegra X2 SoCs
- - Clock glitching (Oscillator Circuits)
-
- Example paper 1. Ultra Freezing Attacks and Clock Glitching of Clock Oscillator Circuits
- Example paper 2. High Speed Clock Glitching
- Example paper 3. Glitching Demystified: Analyzing Control-flow-based Glitching Attacks and Defenses
- Example paper 4. Attacking Glitch Detection Circuits
- Example paper 5. Machine Learning-Based Detection of Glitch Attacks in Clock Signal Data
- - EMFI (Electromagnetic Fault Injection)
-
- Example paper 1. Electromagnetic fault injection using transient pulse injections a comparison of EM-FI and optical-FI on smart cards
- Example paper 2. Electro Magnetic Fault Injection
- Example paper 3. Exploring Effects of Electromagnetic Fault Injection on a 32-bit High Speed Embedded Device Microprocessor
- Example paper 4. Electromagnetic fault injection: the curse of flip-flops
- 4. Scanning Electron Microscopy (SEM)
- - An expensive method.
- ResearchGate - FinFET architecture under a E-beam (SEM).
- Public Fault Injection Toolkits
- - ChipWhisperer
- - PicoEMP
Atmel SAM4C32 Glitching (Crowbar Circuit)
- Atmel SAM4C32 reset low period during early start-up process somewhere in the bootloader showing vulnerable time for glitch.
- After glitching the chip, JTAG comes online serving a command prompt which allows to dump the firmware of the chip protected by Atmel's Security Bit Feature called GPNVM.
- Credits to 0x01 Team and RECESSIM for finding the reset low period being connected to the glitch timebase.
Debugging Tools
- Tools that are used to find debug ports, OCD interfaces, serial port I/O.
- - OpenOCD (Open On-Chip Debugger)
- - PicoScope. The modern alternative to the traditional benchtop oscilloscope.
- - BusPirate - universal bus interface device for I2C and SPI.
- - GoodFET JTAG adapter
- - J-Link In-Circuit Debugger
- - JTAGulator is an open source hardware tool that assists in identifying OCD interfaces from test points, vias, component pads, or connectors on a target device.
Non-intrusive methods
[Vector] Factory debug / programming ports
- JTAG (primarily used for testing and debugging electronic circuits)
- - Finding a unpopulated or populated JTAG port on the PCB.
- UART (an asynchronous serial communication protocol that transmits data)
- TTL
- TTL defines voltage levels in digital logic circuits
[Vector] Network based [over-the-air (OTA) programming]
- Network stack - > WLAN / BT firmware bugs (OSI layer 1. physical)
- - Example 1. Broadcom Wi-Fi SoC remote heap overflow CVE 2017-0561
- - Example 2. Qualcomm Wi-Fi stack based buffer overflow CVE-2022-33279
- - Example 3. node-bluetooth remote buffer overflow CVE-2023-26110
- Network stack - > Promiscuous mode eavesdropping
- Promiscuous mode eavesdropping is needed to audit software code because it allows the monitoring of all network traffic, enabling auditors to detect
- unauthorized data access and vulnerabilities that may not be visible through standard monitoring methods.
Promiscuous mode eavesdropping is a network monitoring technique where a network interface card (NIC) captures all packets on the network segment, regardless of their destination address. This allows authorized or unauthorized users to intercept sensitive data transmitted over the network.
- Network stack - > MiTM (Man-in-the-middle) methods
- - SSL stripping
-
- Mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing.
- Exploitation of Trust by OSI layer 7 local client modifications to do cert pinning (local pentesting).
- Github example click here.
- Local - > Cryptographic checksums
- A cryptographic checksum is a mathematical value generated by a cryptographic algorithm to verify the integrity of data, ensuring that it has not been altered during transmission or storage.
Not only are OTA updates after being downloaded over TCP+TLS by a device cryptographically checked to make sure the authenticity and integrity is accounted for, if this was not the case it could install a malicious update or simply brick million of devices. TCP already ensures data integrity through checksums and error detection mechanisms so by adding even more checks it's redundance is high.
- Local - > Signed updates
- A cryptographic signed package is a digital package that includes a cryptographic signature, ensuring the package’s authenticity, integrity, and origin from a trusted entity.
- This signature verifies that the package has not been altered since it was signed.
Signing an OTA update package involves applying a digital signature using cryptographic methods. This process serves several critical purposes. 1. Authenticity. 2. Integrity.
Programmers & Nand Flash Controllers
Programmers
SOP16 / 8 / VSOP8 / WSON8 / PDIP8 / SO8 / TSSOP8 / UFDFPN8
- ➤ CH341A programmer
- ➤ Ezp2023+ programmer with appropriate SOP16 SOP8 adapter
- - Important note: limited NOR Flash and NAND Flash support! Might need 1.8v adapter, buggy software. Read more here.
Nand Flash Controllers
Listing of nand flash controller interface chips & off the shelf hardware (cheap stuff).
Since the search engine is broken @ the usual suspects: DHgate, Gearbest, Banggood, Aliexpress or various other China stores. I use a search query for example “TSOP48 usb pcb controller flash disk site:aliexpress.com” in image search mode.
BGA-153
- ➤ [UFS] JMicron JMS901 USB 3 (single channel nand supported)
- ➤ [eMMC] Alcor Micro AU6438 USB 2.0 (single channel nand supported)
TSOP48
- ➤ Innostor IS917 click here for details (Flash-extractor library)
- ➤ Silicon Motion Sm3281n click here for details (Flash-extractor library)
- ➤ Chipsbank CBM2099E click here for details (Flash-extractor library)
Nand Controller firmwares & datasheets
USBDev.ru is a great resource.
The final chapter
Analyzing dumped data.
