[016] IT9919 Hacking - part 1 - Reading firmware with flashrom

preview_player
Показать описание
In this series I will be hacking around with the IT9919 media processor that powers the Lenkeng LKV373 HDMI Extender Device and the EZCAP 283S which were reviewed in previous videos.

In this video I will show some tools and techniques for reading and writing to flash chips with the flashrom open-source flash-reader software and “Blue Pill” STM32F103 board

Twitter: @OpenTechLabChan

Bitcoin: 18CU9LxwRuiLHy9HsuMj2vzobbW4J3QVC2
  1. OpenTechLab
  2. electronics
  3. software
  4. open source
  5. eeprom
  6. flashrom
Рекомендации по теме
[016] IT9919 Hacking 0:32:55

[016] IT9919 Hacking - part 1 - Reading firmware with flashrom

[018] IT9919 Hacking 0:17:11

[018] IT9919 Hacking - part 3 - Hacking Upgrade Files

[017] IT9919 Hacking 0:13:07

[017] IT9919 Hacking - part 2 - Hunting for Checksums

[019] IT9919 Hacking 0:26:48

[019] IT9919 Hacking - part 4 - Diving into the boot-ROM

Extracting Firmware from 0:18:41

Extracting Firmware from Embedded Devices (SPI NOR Flash) ⚡

Hacking the Firmware 0:02:45

Hacking the Firmware of a Van Fan Window by Reverse Engineering it with IDA

Hacker's Guide to 0:17:40

Hacker's Guide to UART Root Shells

Debugging and Dumping 0:03:08

Debugging and Dumping the Firmware of an Electrolux Dryer using OpenOCD

Dump Flash of 0:07:22

Dump Flash of WCH CH552 Chip series using its bootloader vulnerability

AT+SHREAD - Read 0:00:26

AT+SHREAD - Read HTTP response in Simcom modules

Extracting Firmware from 0:12:27

Extracting Firmware from Linux Router using the U-Boot Bootloader and UART

DEF CON 26 0:35:35

DEF CON 26 ICA VILLAGE - Monta Elkins - Disassembly and Hacking of Firmware Where You Least Expect

[020] LKV373 Update 0:40:12

[020] LKV373 Update - GCC for the IT9919

2016 - Steve 0:35:53

2016 - Steve Lord - Building your own hardware for hardware hacking

Read file from 0:00:31

Read file from Simcom modules

ChipWhisperer-Lite (CW1173) Quick-Start 0:23:31

ChipWhisperer-Lite (CW1173) Quick-Start Guide: Win 7, AES Attack

Voltage Glitching Attack 0:04:17

Voltage Glitching Attack using SySS iCEstick Glitcher

Flash(G)ROM Hack 0:00:45

Flash(G)ROM Hack

IoT Firmware Emulation 0:24:36

IoT Firmware Emulation and Exploitation

This is how 0:05:33

This is how hacker hack! || Know how hacking actually look likes .☢️

mbftdi prog ubuntu 0:00:53

mbftdi prog ubuntu quartus

Считывание показаний датчика 0:00:32

Считывание показаний датчика BH1750 с помощью микросхемы FT2232H...

Lekeng LKV373, H3604 0:00:17

Lekeng LKV373, H3604 , HDMI EX-120 Audio Sync

Flashing and Dumping 0:00:13

Flashing and Dumping BIOS with Flipper Zero

Комментарии
Автор

Thanks for this good tutorial!
On the STM32 bluepill you do not need to first remove the 10K resistor - just solder a 1K8 resistor on top of it. The parallel resistance then comes to 1K5. This gives less risk of damaging the board.

ariedemuijnck
Автор

One trick you can use to read flash in circuit is to keep on board processor in reset state. When in reset most of the pins are in high impedance state, and obviously application processor will not interfere.

alusiamilkowska
Автор

YEY! welcome back. At work now but can't wait to see it!

ghesil
Автор

I'm so pleased you're back, I really love your channel and was worried you had given up on YT. Another interesting video btw, like the rest.

SteveMHN
Автор

Have to love it when you talk for 30 minutes about a device and 5 boards all of which I have lying around. Instead of a hoarder I now feel 1337 :)

RemcoStoutjesdijk
Автор

I never clicked so quick! Where have you been?? How dare you have a real life! ;-)

yrath
Автор

ooh, fascinating! can't wait to see how this goes
also, welcome back

leisergeist
Автор

Great stuff man! It'll be interesting to see what the outcome will be - especially when you introduce a fpga into the mix (that's worth a whole mini-series on it's own, btw)
Thanks for posting this brainfood mate!

tedvanmatje
Автор

I still think that this series had some of the most lucid reverse engineering information I've ever seen on YouTube.

edgeeffect
Автор

Great to have a new OpenTechLab video!


Interestingly I was able to make a dump (and later restore this after a brick with a dodgy upgrade file!) of the LKV373's flash chip using `flashrom`via the Raspberry Pi's SPI interface without having to extract the flash chip.

devplayer
Автор

you are alive. i found your channel a few weeks ago. its really interesing

pandarojodronero
Автор

I've just come back for a re-watching.... I was looking for you flashing a blue pill over serial.... found the right vid first guess...

But it's also interesting, having seen the whole series, realising how little you and "the blogs" knew at this early stage and where you got to from there....

edgeeffect
Автор

I'm 8 minutes in and I'm still gobsmacked that a company (ITE) believes that making their product/chips 100% opaque to anyone that is not a customer is a good way of interfacing with the world. Who cares if non customers know what your ISA is? Why be this secretive? It's even more amazing that a customer would signup to this kind of secrecy. But what do I know?
Fascinating video for sure!

vincei
Автор

1. Welcome back! This video a quintessence of hacking and a hacker mindset and it makes me think how far we can go with a bit of curiosity and some knowledge, also, it shows how vast the value of free software and open hardware is.
2. Is there a specific reason why you avoided using a flash/SPI programmer based on CH341A (there are compatibility patchwork for flashrom)? It might have been much easier to read from the soldered SPI chips using something like that along with the alligator clip.

markokikinda
Автор

Oooh... tweezer soldering iron, A? I've been putting off an appointment with some evil 0402 links for rather too long now.... maybe a tweezer iron could help me out.
That was great stuff... I'm not that interested in HDMI capture meself... but you covered SO many other subjects on the way there had to be something for all of us.
And I learned a new and very useful technical term today: "spew".
Welcome back!!!! Your cat's a lovely colour.

edgeeffect
Автор

I really enjoy your videos. So well presented and clear structure. And also so many Open Source ideas and lots of tools for our toolbox. Didn't know about that serial firmware, never thought something like that would even exist. Looking forward to any progress on this very cool project.

NumosG
Автор

@OpenTechLab: The compression algorithm could be the "Softdisk Library Format" seems to be used from time to time in firmware

felixrichard
Автор

Nice to see you back, last week i went thru my subscriptions to see if i not accidently deleted you.

jacksat
Автор

Good to have you back. Waiting to see how this goes.

adithyayuri
Автор

Very interesting project. Love the separation of the Winbond. Code is a little bit of a hurtle for me but taking it like a hot bath. Your interpretation is key! Regards.

chrisleech