#04 - How To Get The Firmware - Hardware Hacking Tutorial 

I wanted to add that these tutorial series may be one of the best hardware hacking tutorials. This series gave me confidence to start buying and taking apart random stuff to gain more knowledge. Thank you very much for the effort!

You sir are a human university, the best tutorials ever made, the most comprehensive and clear, keep up the good work, I am waiting for the next video in the series.

This showed up in my feed today. I have no need to do any of this but I watched the entire video. You explain everything so well I just kept watching. Good job man.

I am a programmer at a finance company, but was always interested in hardware, mostly from a software perspective. I started looking at this series about a year ago and it kick-started a burning interest in electronics and hardware hacking in general. Now my desk is overcrowded with bread boards, several chips and boards like raspberry pies, several arduinos of different types, standalone mc chips, avr and arm cortex and have started soldering stuff together with sensors etc etc. The wires are every where. Even spreding out to the living room! Now I have started looking into openocd and things to get to the bottom of the hardware communication things, saw this video series again and this time I understand wth you are explaining (in terms of technology) which makes me appreciate the video series even more. Grazie mille!

I am totally loving this channel. Thank you for spending the time and effort sharing your knowledge. I have so many of your videos to watch!

This was a fantastic video - you have clear depth of knowledge, and you present better than almost every other hardware reversing video. I particularly like the context you give. So often presenters just show a wall of cryptic commands and output. You do a fantastic job in explaining.

This is perfect channel for all beginers in reverse firmware education and understanding what firmware works...Great job! Maybe in future we can send you some firmwares and you can make video from firmware analys this firmware.

Valerio, I really like the way you explain - detailed, clear and comprehensive, no shortcuts, no hiding details. Thank you for sharing your experience to us. I just discovered your channel, already subscribed and can't wait to watch from the beginning. Keep up the good work, I am sure this channel will grow up quick. (Y)

Ciao Valerio! You have the most instresting channel I've subscribed in my whole life! Keep the good work and stay safe.

like i said in my tweet earlier today, this whole series is awesome. you fill in the blanks on a lot of information that is all over on RU-vid but not i none place. thank you.

This is the best explained how to i have ever seen. Must go back to begging and to watch everything...

Am really enjoying this video series, thank you! I also am an old man who learned Perl :)

Valerio, a genuinely informative video, packed with useful, advanced information that will inspire and spark the interest of tinkerers, young and old, everywhere. We all thank you for sharing so generously. For the feedback you asked for, I would encourage more use of text to display names and acronyms, because you naturally have an endearing strong accent and this could improve the clarity for a wider audience. I will definitely be learning from more of your videos. Subscribed.

Fantastic video's, the density of information is incredible to me! Absolutely loving this series, and particularly this video so far, there are so many things I always wondered about in boot logs that you have addressed, it's inspiring me to learn more about all the other bits in there as well!

Grazie mille per aver menzionato Expect! Era esattamente la lingua di cui avevo bisogno. Ti auguro il meglio!

I was all smiles during this entire video. Your expertise shows through and this was the exact content I was looking for. I am excited to learn more. Thank you!

I have watched most of your videos and what can I say is your videos are fantastic and very informative. I am too an electronic engineer and I'm trying to reverse engineer a set top box these days. Your tutorials were very much helpful for me. I'm currently trying to extract the firmware using JTAG since I have successfully identified JTAG port using your tutorial. Keep up the good work! P.s- you have a nice accent too ;-) I like it

I have always wanted to get into hardware hacking. This video is great I hope you keep them coming.

I already loved binwalk, and I had no idea it could tell you about the entropy too!

Плохо что я раньше не нашел вашь Ютуб канал . Мала кто расказывает и показывает так подробно как вы . Хорошего развития канала .

Hello sir I would really want to thank you for your awesome content! It's a real wealth of high quality hands on information coming from experience which you dont see often. Most of the time people make 1 short tutorial and thats itl. Also your english is very understandable and I would dare to say that its easier to follow than some native speakers. You really make an effort to speak clearly and it helps! Have you maybe thought about doing a patreon or something like that? I really hope that you will contineau producing videos!

Fantastic video production. So fascinating. You did a great job. This was easy to follow and packed with so much info. Just fascinating

your video is gold, it slowly teaches me so many valuable knowledge, thank you so much. I feel luck to see your video even for the first time.

Subscribed, things like this is not only good to know, but can help you "modify" certain hardware..

Just in case someone stumbles upon here: uboot often has the commands to dump the contents of any connected SPI NOR or NAND flash disabled. Also, e.g. Xiaomi likes to disable UART-input entirely for uboot and the installed OS, so none of this will work in that case and you will need to either access the flash directly, use JTAG or find a vulnerability for the installed OS that lets you get root access that way.

Mr. Giampietro, thank you for sharing your knowledge! You have some serious skills! I will share your material with my colleagues!

I teach this content and really appreciate your detail and precision! Pure gold!

Man I wish you were still making videos you are awesome thanks for what you did make.

I agree with the comments here. Thank you so much for sharing such amount of knowledge, in such a structured and brilliant way. We are lucky to have you. Gracie mille, from France.

this is the exact content I was looking for. Thank you. God bless you

Right after Super Mario, this is gonna be my 2nd favourite Italian

I am also an old man.... I haven't seen Expect or TCL for many years.... Expect was ("was", no..... "IS") wonderful for this sort of thing. In the past I ran "end of day" on our mainframe using something very much like expect and my manager thought it was "black magic". I want to go back and look at my old TCL scripts now.

Re: TSOP (at 7:31) - there are clips for chips like this available. They can be found by searching for something like "nand tsop clip" or "360 clip". Security researchers use them to find TOCTOU (etc) firmware security flaws.

This is just GREAT stuff, Valerio! Grazie mille from Germany!

I have a hisense 50U6HF tv (Amazon version) I have soldered RX,TX, GND to debug area and get output in serial console but when i try to interrupt boot to get to uboot it says lockdown mode? I get a shell with no ability to input any commands. How to bypass this?

Amazing! You are genius, my friend, i'm gonna watch every your video! ❤❤❤

Sono indiano e adoro il tuo tutorial.Grazie mille!Mi iscrivo immediatamente! google helped me!

Mille grazie! (did I get that right?) fantastic information that got me grabbing cables and stuff. Now for the rest of your videos 😎🙏

Maestro mille grazie di Germania por cet seria di video informativo. It was very nice to see in practice things having thought about theoretically. As a thanks I will subscribe your channel for the first time after watching non stop 15 years RU-vid videos.

You are simply awesome, I hadn’t any idea how to do this and luckily I found you (seems most OpenWRT based routers uses same bootloader structure), I’m very happy to see how you manage your videos/explanations, it denotes you have passion for you work. This is great sir! :) Hope you are safe under these rare days, take care good man!

These series are gold... AMAZING

Holio molio this is such an amazing guide. Leave it to a real engineer to know exactly what they're doing!

zio fai prima a parlare in italiano che capisco meglio hahah sei il migliore grazie per sti video

The dump is easy to reverse engineering intro would be awesome 👌

Very professional and inspiring video! Can't wait to see the next episode

I understand lots of people can’t solder a TSOP 48 but it’s not near impossible like you say, I’ve done lots of them for tv boards

impressive! instantly subbed 😉 very nice thank you👍👍 have a nice Domenica

dude youre the best teacher ever

Отличный ролик! Время обновить инструменты!

Thanks for the video. I am currently trying to gain access to a system through UART. However, when I connect my UART-USB bridge, I can only see the output of the device (so baud rate seems to be correct) but cannot send any commands. I have checked the wiring and settings. Both TX and RX are connected to the MCU (I checked the traces). Do you have any idea other idea?

Fabulous video on first principles

Great video. I am inspired to try and dump the firmware of my electric skateboard

Valerio From the UK great teaching thank you.

Sir, please, continue this awesome work!!

How to get firmware if i have only JTAG interface on board? On board i have small ic eeprom - this is all firmware of this board or in processor is another soft? I was looking channel like this about 1 year, i hope you turn back to making video!

Great ,information in the video....keep it up make those wonderful videos..

Hello Sir. I got a cable modem device. It has a black cable where one end of it is connected to the motherboard and the other end of the cable has an audio jack connector facing outside. Do you know which type of cable should I use to connect to this audio jack and my laptop?.

Thank you. What are the options when there is not much data in uart boot beside "ERROR" , will appriciate help

thank you very much for your detailed video script series sir. very useful and im grateful to you

Great job, you're the best explain this topics... thanks for sharing your knowledge...

May I ask you a question: where is stored the UUID in a board? In the EEPROM? Is this usually a hash?

Interesting video. Thanks for your explanation. Can you make Raspberry Pi Pico board as a tool to read/write firmware of CSR-BC417 Chip which is in cheap bluetooth module HC-05? I tried it but failed, and I don't know why.

So very very useful. Thanks for sharing 👏👏👍👍✌️✌️

Thanks a lot, this is pure gold

Thank you and you gained another subscriber, I would like to change the firmware of an Epson printer, but I don't know if it's possible, just looking to find out

Very nice video you might have started a passion for hardware hacking ❤

You are a young excellent man.thanks.

wow that is amazing, i have question is it possible to read not only eeprom but the whole BOOTloader and for example if we change the MCU to be available to reprogram and the device to work fine. (i mean to transplant new Microcontroler which is empty )

A very helpful video...

A lot of thank for this useful guide. You are great!

Bravo. Molto interessante

You can't sniff the router's WAN interface? What about creating a subnet using the target router connecting it's WAN interface to any LAN port on the primary router.

In what cases can the firmware be dumped only by opening the chip and visually reading the rom under a microscope?

great explanation, love you man. .

Excelentemente EXPLICADO,!! gracias

Definitely deserves more subs! Grazi!

Very interesting and detailed information

10/10 please dont stop CIAO !!!!

Hello Valerio, I have a printer board with BGA Flash (GL032N90FFI03 - Spansion Inc. Cypress semiconductor. I Would like to know how can I access this device and copy your firmware for install in a new BGA Flash? Thank you and kind regards.

Is there a way to make a copy of firmware from Dafang device to sdcard? Or is there a list of Dafang firmware ? Thank you.

Thank you for this great video series! I really appreciate the knowledge you are sharing with others. Grazie mille!

Salve è complimenti per il video su Github, ho letto la tua guida per sostituire il Firmware con uno Open Source ad un wvrtm-127acn ho un wvrtm-130acn volevo sapere sè la procedura è la stessa!? è sé il Dump dell Firmware è indispensabile ó si può saltare in quanto richiede circa 11 ore per il dump!? Grazie!

this information also works for car ecu? I'm interested to learn but I notice you are not posting anymore =/

how i get dumpp for asus RT-AX86u my router no getting power after firmware update so i need dumpp to flash chip

This is amazing. Thank you so much, I'm subscribing to your channel 👍

Hello. I love every bit i read and hear from you. How ever, i have a test clip and a tl866ii programmer and the clip seems not to work or identify the chips. Please assist

You are a genius. Keep making videos!

Very professional video, how can we get in contact with you ? and can you do a video about a UBIFS file, i find it hard to extract data out of it, Thanks

Muy interesante la forma de codificar la informacion el los ruters desde el firware.

Buonasera, Vorrei un informazione, dispongo di un hardware molto vecchio compatibile con windows XP. Se installo i software a corredo del dispositivo usando la compatibilità per Windows XP, riesco ad installarlo madonna qualche problema di librerie DLL. Inoltre, non si crea la porta COM necessaria a controllare il dispositivo in questione. Il Device consiste in un Controller per motori passo passo. Sarebbe teoricamente possibile estrarre il firmware e modificarlo per essere supportato dagli SO più moderni? Grazie anticipatamente

Great Tutorial, pls keep it up. Your are a very good tutor.

questo video è un tesoro, complimenti

Loving the content, thank you!!!

Grandeee esattamente cosa voglio imparare ❤️❤️

Can firmware from brand like an Assurance Wireless WIKO phone be copied?

Hi Sir, I want to extract firmware from MC68360 Processor. Can you help me or make video on that.

bellissimo video mister!

So it is not possible on devicrs with avrs so read protected and you have to open cpu and connect to the die.

IM IN LOVE WITH HARDARE ENGENEETIND AND REVERSE MODIFICATION with hacking enterferance

If i have crypto binary how can i capture while writing in hardware boards