Identifying the Bootloader in a Flash Dump
How to locate and read the bootloader in a raw flash dump with binwalk, strings, and dd, and what it reveals about a device’s secure boot.
Reverse Engineering an Unknown Binary Protocol
Many devices speak a custom binary protocol over serial or the network. Here is a method for decoding one from captures and the firmware that parses it.
Diffing Firmware Versions to Find Security Patches
When a vendor ships a quiet security fix, diffing two firmware versions reveals exactly what changed. Here is how to do it efficiently with the right tools.
Why Encrypted Firmware Is Not Enough
Encrypting firmware feels like the finish line, but the key has to live somewhere. Here is why encryption alone rarely stops a determined attacker.
Pulling Firmware over a Bootloader Console
When a bootloader console is reachable over UART, you often do not need a chip clip at all. Here is how to dump firmware straight from U-Boot.
Spotting Backdoors and Debug Hooks in Firmware
Not every hidden access path is malicious, but every one is a risk. Here is how to find debug hooks and backdoors left in shipped firmware.