Category: Embedded Security

Setting-up OpenPLC

The OpenPLC is a opensource Programmable Logic Controllers (PLC) alternative. Due to this, it is possible to understand the black box of these systems. It could be easily used with a Raspberry Pi.

Analysis of Mini 3G/4G WiFi Wireless Router (A5-V11)

Coreboot debugging, configuration, tint, etc.

Coreboot provides a lot of possibilities of configurations, primary and secondary payloads and debugging mechanisms.

Flashing Coreboot on the T430 with a Raspberry Pi

Coreboot is an Open Source project, which replaces the proprietary BIOS of a traditional computer. Coreboot initialize the Hardware and then executes a payload (e. g. SeaBIOS or Grub).

Open Source Risc-V on the Xilinx Artix-7 35T Arty – Part 2

With OpenOCD it is possible to flash/upload programs to the spi flash of the Arty Board. From there the SiFive Risc-V “core” will boot.

Open Source Risc-V on the Xilinx Artix-7 35T Arty – Part 1

Configuring and programming the 100 € Xilinx Arty development board with an open source implementation of the Risc-V ISA from SiFive.

Hacking – Root @ Linksys E900 N300

How to get root at Linksys E900 N300

Hacking – Root @ NETGEAR DM111PBL ADSL2+

How to get a root shell on the NETGEAR DM111PBL?

Hacking IP-Camera Digoo BB-M2 – Part 3 – Getting root access

After getting access to the serial interface of the IP-Camera the next step is to get a root shell.

Hacking IP-Camera Digoo BB-M2 – Part 2 – Analyzing the boot process

The last article shows, how to identify the serial port on the IP-Camera. With this it is possible to solder wires on the IP-Camera and attach a USB to serial adapter to it.

Hacking IP-Camera Digoo BB-M2 – Part 1 – Identify serial interface

I have bought an WiFi security camera from banggood. The Digoo BB-M2 Mini WiFi HD 720P costs about 20 €, which is quite cheap for this kind of product. This article will analyze the serial interface of the IP camera.

Raspberry Pi – Hardware Hacking V0.1 update

The manufactured boards have arrived. Unexpectedly the component identifiers are printed on the PCB and i have not placed them. Due to this reason in the next version they have to be placed right. Top of the PCB: Bottom of

Raspberry Pi – Hardware Hacking V0.1

The idea behind the hardware hacking shield for the Raspberry Pi is to learn IT-Security hacks on different bus systems on embedded boards. Features for the first version of the Raspberry Pi Hardware Hacking Board (V0.1): I2C EEPROM to learn

Hacking TL-MR3020 – Part 4 – Qemu test

Qemu with RootFS of TL-MR3020 This tutorial should show, how it is possible to set-up a Qemu virtualized environment. DRAFT!

Hacking TL-MR3020 – Part 3 – Firmware analysis

Extracting and Analysis Firmware of the TL-MR3020 This tutorial shows how the firmware of the TP-Link TL-MR3020 could be analysed. DRAFT!  

Hacking TL-MR3020 – Part 2 – Firmware dump over SERIAL

TL-MR3020 Serial Dump over Python Script This tutorial show, how it is possible to make a firmware dump of the TP-Link TL-MR3020 via a serial connection. DRAFT!

Hacking TL-MR3020 – Part 1 – Firmware dump over TFTP

Firmware dump of the TP-Link TL-MR3020 This tutorial will show, how it is possible to make a firmware dump of the TP-Link TL-MR3020 Router. As a possible method the /dev/mtd* data will be transferred over tftp.

Top