Identifying the Bootloader in a Flash Dump
How to locate and read the bootloader in a raw flash dump with binwalk, strings, and dd, and what it reveals about a device’s secure boot.
Reverse Engineering an Unknown Binary Protocol
Many devices speak a custom binary protocol over serial or the network. Here is a method for decoding one from captures and the firmware that parses it.
Diffing Firmware Versions to Find Security Patches
When a vendor ships a quiet security fix, diffing two firmware versions reveals exactly what changed. Here is how to do it efficiently with the right tools.
Spotting Backdoors and Debug Hooks in Firmware
Not every hidden access path is malicious, but every one is a risk. Here is how to find debug hooks and backdoors left in shipped firmware.