U-Boot Bootloader Firmware Extraction Tools

preview_player
Показать описание
U-Boot is a common bootloader found in embedded Linux systems that if left unlocked can be used to extract firmware from the device. In this video I demo some new python tools to automate file extraction from ext4 mmc file systems using uboot's ext4ls and ext4load commands.

firmwaretools Github Repo:

IoT Hackers Hangout Community Discord Invite:

🛠️ Stuff I Use 🛠️

🪛 Tools:

🫠 Soldering & Hot Air Rework Tools:

🔬 Microscope Setup:

About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.

- Soli Deo Gloria

💻 Social:

#hacking #iot #cybersecurity
  1. Matt Brown
Рекомендации по теме
U-Boot Bootloader Firmware 0:19:20

U-Boot Bootloader Firmware Extraction Tools

Extracting Firmware from 0:12:27

Extracting Firmware from Linux Router using the U-Boot Bootloader and UART

I'M BACK: Firmware 0:10:13

I'M BACK: Firmware Extraction Tips and Tricks

#3 TechBytes | 0:01:52

#3 TechBytes | How to Compile U-Boot Bootloader from Scratch

#04 - How 0:34:08

#04 - How To Get The Firmware - Hardware Hacking Tutorial

Dump memory to 0:04:15

Dump memory to file from U-Boot console using Memory Display (md) log

Tutorial: Introduction to 1:25:58

Tutorial: Introduction to the Embedded Boot Loader U-boot - Behan Webster, Converse in Code

#05 - How 0:33:20

#05 - How To Get The Root File System - Hardware Hacking Tutorial

U-Boot, I-Hack 0:26:36

U-Boot, I-Hack

Getting Started in 0:11:28

Getting Started in Firmware Analysis & IoT Reverse Engineering

Extracting Firmware from 0:18:41

Extracting Firmware from Embedded Devices (SPI NOR Flash) ⚡

Intro to Hardware 0:12:07

Intro to Hardware Reversing: Finding a UART and getting a shell

Introduction to Firmware 0:11:32

Introduction to Firmware Reversing

boot/loader — How 0:25:03

boot/loader — How to boot Linux and nothing else

Intro to hardware 0:21:00

Intro to hardware security: UART access and SPI firmware extraction

U-Boot: Porting and 0:36:53

U-Boot: Porting and Maintaining a Bootloader for a Multimedia SoC Family - Neil Armstrong

Hacking the Arlo 0:20:03

Hacking the Arlo Q Security Camera: Bootloader Reverse Engineering

Extracting and Modifying 0:21:03

Extracting and Modifying Firmware with JTAG

Changing Device Tree 0:02:21

Changing Device Tree Properties from U boot using fdt command

#9 TechBytes | 0:01:26

#9 TechBytes | How to Configure U-Boot

Sinking U-Boots with 0:49:13

Sinking U-Boots with Depthcharge: Effective Exploitation of Boot-Time Security Debt | Jon Szymaniak

Embedded Linux | 0:15:37

Embedded Linux | Introduction To U-Boot | Beginners

Finding UART and 0:20:11

Finding UART and Getting a Root Shell on a Linux Router

AMD Sempron Cpu 0:00:29

AMD Sempron Cpu processor .Removing pins For Gold Recovery

Комментарии
Автор

Keen to see you tackle a more realistic device, say without the full uboot version, a login prompt for UART, encrypted firmware etc. that's what I keep getting lately, or not being able to find a file system at all after desoldering and reading the memory chip 😢

xbitbybit
Автор

Thanks for making these videos! I watch them purely for education and entertainment, even though i have no professional relationship with any of this. I really find your videos very interesting to watch and easy to grasp, so please keep them going!!!

muhh
Автор

Nice job as always Matt. Really like the firmware tools, awesome automation for this extraction analysis.

mytechnotalent
Автор

Love your stuff! This is super useful for what I'm trying to do right now with my router, keep up the awesome work!

Spozinbro
Автор

Thank you for the content, great insights, as always!

XYZ
Автор

Lots of really good info here, thanks!

feff
Автор

If you run 'bdinfo' that will give you the memory organization of U-Boot. Failures on md/mw on address could be; 1. Memory is mapped to CPU registers, 2 the address does not exist, or 3 U-boot could be running out of that memory rang. There could be a lot of things to cause failure.

bartzilla
Автор

Thank you, the content is awesome, good information!!

alecseiify
Автор

Thanks, Matt. Uboot has always seemed a bit mystical to me. Very practical example.

TheRealWulfderay
Автор

Wow! That was interesting! Thanks!
I wish I had some device to mess around with now lol

charlesdorval
Автор

Surprised to see that your parse uboot dump wasn't just wrapping a call to 'xxd -r'

zachkost-smith
Автор

am i only person get entertained by watching your content 🤠 ❤
GOOD 👍 JOB 👌 BRO

kaderdz
Автор

Matt make a video on extracting the files on locked down phones like Samsung, extracting the files that tell the device can use ADB or that tell the device if the OEM is on or not so we can extract them and change the values then push them back to the device to gain root access

kixxthemanz
Автор

You should give any Avaya J-series phone a try, they offer a pretty fun challenge

tritnaha
Автор

awesome tool. i will be putting it to work and def makes life a whole lot easier to just be able to fetch the actual files rather than MD. Can you elaborate on any write methods which can help write files or strings back to a location on an ext4fs via uboot.

saad
Автор

Don't you think the reset is simply caused by you overwriting code in memory that is currently being executed? Maybe the bootloader code itself, or interrupt vectors?

tomwimmenhove
Автор

What's the sensitive nature of the device? I don't understand why you would not want the viewers to know what it is?

timmturner
Автор

I have a Device, that boots it's normal OS after 30-60 seconds in u-boot command-prompt. Any chance to interrupt this autoboot?

robertsimon
Автор

10:35 probably memory mapped io or memory that's being used by the bootloader.

xenoxaos
Автор

if i have a firmware extracted from a device (example wifi camera), is there any way to modify the firmware? can you make such video?

Hobypyrocom