Home Archive for Embedded Security
Category: Embedded Security

First Impression on the Xiaomi WiFi+

Posted on by Matthias Niedermaier Posted in Embedded Security, Linux, Make, Reverse Engineering No Comments ↓

Here a first look at the Xiaomi WiFi+ PCB and Software is given.

Setting-up OpenPLC

Posted on by Matthias Niedermaier Posted in Embedded Security, IT-Security, Linux, Make, Raspberry Pi No Comments ↓

The OpenPLC is a opensource Programmable Logic Controllers (PLC) alternative. Due to this, it is possible to understand the black box of these systems. It could be easily used with a Raspberry Pi.

Analysis of Mini 3G/4G WiFi Wireless Router (A5-V11)

Posted on by Matthias Niedermaier Posted in Embedded Security, IT-Security, Linux, Raspberry Pi, Reverse Engineering 1 Comment ↓

Coreboot debugging, configuration, tint, etc.

Posted on by Matthias Niedermaier Posted in Embedded Security, IT-Security, Linux, Raspberry Pi No Comments ↓

Coreboot provides a lot of possibilities of configurations, primary and secondary payloads and debugging mechanisms.

Flashing Coreboot on the T430 with a Raspberry Pi

Posted on by Matthias Niedermaier Posted in Embedded Security, IT-Security, Linux, Raspberry Pi 7 Comments ↓

Coreboot is an Open Source project, which replaces the proprietary BIOS of a traditional computer. Coreboot initialize the Hardware and then executes a payload (e. g. SeaBIOS or Grub).

Open Source Risc-V on the Xilinx Artix-7 35T Arty – Part 2

Posted on by Matthias Niedermaier Posted in Embedded Security, IT-Security, Linux, Make No Comments ↓

With OpenOCD it is possible to flash/upload programs to the spi flash of the Arty Board. From there the SiFive Risc-V “core” will boot.

Open Source Risc-V on the Xilinx Artix-7 35T Arty – Part 1

Posted on by Matthias Niedermaier Posted in Embedded Security, IT-Security, Make No Comments ↓

Configuring and programming the 100 € Xilinx Arty development board with an open source implementation of the Risc-V ISA from SiFive.

Hacking – Root @ Linksys E900 N300

Posted on by Matthias Niedermaier Posted in Embedded Security, IT-Security, Linux No Comments ↓

How to get root at Linksys E900 N300

Hacking – Root @ NETGEAR DM111PBL ADSL2+

Posted on by Matthias Niedermaier Posted in Embedded Security, IT-Security, Linux No Comments ↓

How to get a root shell on the NETGEAR DM111PBL?

Hacking IP-Camera Digoo BB-M2 – Part 3 – Getting root access

Posted on by Matthias Niedermaier Posted in Embedded Security, IT-Security, Linux, Reverse Engineering 24 Comments ↓

After getting access to the serial interface of the IP-Camera the next step is to get a root shell.

Hacking IP-Camera Digoo BB-M2 – Part 2 – Analyzing the boot process

Posted on by Matthias Niedermaier Posted in Embedded Security, IT-Security, Linux, Reverse Engineering 13 Comments ↓

The last article shows, how to identify the serial port on the IP-Camera. With this it is possible to solder wires on the IP-Camera and attach a USB to serial adapter to it.

Hacking IP-Camera Digoo BB-M2 – Part 1 – Identify serial interface

Posted on by Matthias Niedermaier Posted in Embedded Security, IT-Security, Linux, Reverse Engineering 4 Comments ↓

I have bought an WiFi security camera from banggood. The Digoo BB-M2 Mini WiFi HD 720P costs about 20 €, which is quite cheap for this kind of product. This article will analyze the serial interface of the IP camera.

Raspberry Pi – Hardware Hacking V0.1 update

Posted on by Matthias Niedermaier Posted in Embedded Security, Linux, Make, Raspberry Pi No Comments ↓

The manufactured boards have arrived. Unexpectedly the component identifiers are printed on the PCB and i have not placed them. Due to this reason in the next version they have to be placed right. Top of the PCB: Bottom of

Read more ›

Raspberry Pi – Hardware Hacking V0.1

Posted on by Matthias Niedermaier Posted in Embedded Security, Linux, Make, Raspberry Pi No Comments ↓

The idea behind the hardware hacking shield for the Raspberry Pi is to learn IT-Security hacks on different bus systems on embedded boards. Features for the first version of the Raspberry Pi Hardware Hacking Board (V0.1): I2C EEPROM to learn

Read more ›

Hacking TL-MR3020 – Part 4 – Qemu test

Posted on by Matthias Niedermaier Posted in Embedded Security, Linux, Reverse Engineering No Comments ↓

Qemu with RootFS of TL-MR3020 This tutorial should show, how it is possible to set-up a Qemu virtualized environment. DRAFT!

Hacking TL-MR3020 – Part 3 – Firmware analysis

Posted on by Matthias Niedermaier Posted in Embedded Security, Linux, Reverse Engineering No Comments ↓

Extracting and Analysis Firmware of the TL-MR3020 This tutorial shows how the firmware of the TP-Link TL-MR3020 could be analysed. DRAFT!  

Hacking TL-MR3020 – Part 2 – Firmware dump over SERIAL

Posted on by Matthias Niedermaier Posted in Embedded Security, Linux, Reverse Engineering No Comments ↓

TL-MR3020 Serial Dump over Python Script This tutorial show, how it is possible to make a firmware dump of the TP-Link TL-MR3020 via a serial connection. DRAFT!

Hacking TL-MR3020 – Part 1 – Firmware dump over TFTP

Posted on by Matthias Niedermaier Posted in Embedded Security, Linux, Reverse Engineering 2 Comments ↓

Firmware dump of the TP-Link TL-MR3020 This tutorial will show, how it is possible to make a firmware dump of the TP-Link TL-MR3020 Router. As a possible method the /dev/mtd* data will be transferred over tftp.

Top