A field guide to dumping and reverse engineering a bare-metal U-Boot binary, including all the good stuff like funky hardware setups, UART logs, a locked bootloader and unknown base addresses.
Working on hacking a babyphone and encountering a locked bootloader, we were faced with a major roadblock. So, naturally, we bashed our head against said problem for 2 weeks, coming out the other side with a few fun challenges, solutions and tid-bits.
I want to recreate this experience here in this talk, by doing the whole process all over again, but this time live, in front of an audience.
Includes:
- getting serial logs
- dumping firmware
- extracting firmware
- reverse engineering the U-Boot bootloader, to extract the bootloader password
together with some tips, tricks and snark remarks.
Licensed to the public under http://creativecommons.org/licenses/by/4.0
This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them.
Please look for "audio tracks" in your desktop video player.