Re: How to extract the firmware of my cellular ? (or embedded systems in general)

[Deafcon <tagraf () gmail com>]

First, if you're going to involve the cellular, you'll need to reverse
engineer by following all block to block, chip to chip... and fill out
everythings you see a model number on the chip (IC) and you'll need to
understand how are they working and what can you send that byte for..
In order for you to take the 'firmware' out and read the codes as you
like, you'll need to de-soldering the chip that contain the firmware
and find a way to flush out the bytes to the clocking output into the
computer to collect information...

You dump the address of the chip inside and it will show all assemble
language for you to read...

The device that do the job for any chips that contain a software
inside is the analyzter input/output device...

Here's some example of links that is the device will do the job for you...

http://www.parallax.com
http://www.parallax.com/html_pages/products/accessories/field_lab_tools.asp
http://www.embeddedarm.com/
http://s95417013.onlinehome.us/ktekx/5.htm
http://www.uclinux.org/ports/

You can start by googling it to search for "analyzer input output" or
"pic*" ....

I don't know what you want to do with the cellular, you can put
uclinux inside to make it advanced...

you'll have to start "research" whenever you get the model number of
ic/chips... That will help you to see if there's a party that involve
those projects...




On 9/10/06, Norbert François <norbertlike () gmail com> wrote:
> Hello !
>
> I was wondering how to extract the firmware of a cellular in order to
> study it... I read the paper about "Exploiting embedded systems", but
> sincerely I didn't understand the part on which they extracted the
> firmware. Moreover, it was performed on a router, not a cellular
> (smaller device = harder ?). I remember that the THC group released
> some [cellular] firmwares few months ago... How did they do ?
>
> Thanks a lot for your replies
> .
> Norbert
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------


--
==============================
Contact - Tagraf () gmail com
Project: (OpenWRT included wl, iptables :: HW:v3 M#:wrt54gs)
(PIC18F2520-Enhanced Flash Microcontrollers)
Study: (Driver's codes in Linux) (Linux architecture of kernel)
(Random File System access by Specific high accessable to multiFS)
Wish/Plan: (Mailcar) (Put IDS in WRT, when alert it'll send to
email/mobile and display such status on LCD output) (usb small
portable hard drive up to 10mb+) (Brand new laptop come with dual hard
drive win32/linux)
==============================

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------