"Doesn't even support X86 64-Bit..." hmm wat? xD

How are you feeling about the GHIDRA release 2 months from now? It's apparently better than IDA.

@@insidiousx6506 He means x86_64 which is often shortened to x64, so that's why there may be confusion

Also you kind of got your two audio clips too close to one another at 7:47

Mr @LiveOverflow Are you gaay ?

@Batch Drav yeah I agree buddy 😀

​@Batch Drav Sounds like you have some good recommendations, any other cool channels in the other categories you mentioned that I should also check out? :)

Batch Drav thx, I'll check them out 😊

Jamown his real name is Michael Stevens

Nothing! But it shows me that my videos can be entertaining regardless :3

Decap the chip, cover the flash memory and erase the fuses using a UV lamp. Easy peasy lemon squeezy. JK, this is much easier said than done. You could also try glitching it as they did with the Switch's processor, bypassing the fuse checking. Also easier said than done.

@@GRBtutorials On secure devices, fuses are generally OTP, physically destroyed transistors, not flash with secure bits.

@@Spirit532 Well, yeah, now that I looked for it, it seems like STM32 have OTP memory (also known as PROM, programmable ROM, usually made out of antifuses) for JTAG lockout, so that leaves us with just three options: glitching, finding some kind of vulnerability in the fuse check, or some kind of extremely complex physical attack. The only scenario in which glitching or vulnerabilities in the fuse checking would be impossible to find would be if there was no fuse checking at all. If we were making a secure MCU with paranoid security, we could put JTAG (or other debug interface) handling code in OTP memory, and when locking it out, blow all the antifuses. Then the JTAG handling code would get converted to zeros or ones (which we could define as the opcode for NOP).

For the STM32F0 sub-series exist some known vulnerabilities: www.aisec.fraunhofer.de/en/FirmwareProtection.html

@@GRBtutorials The only best solution is glitching. I would love to see someone sharing a video on Glitching ;) it's a very sensitive topic to discuss in public :)

as long as you understand the video it's fine!

@@LiveOverflow Ahaha, thanks! Great content once again. :)

I wish I know magic to create videos too!!!!

Yes, but what's the point in doing that if you have physical access to the device? Might as well just load the custom firmware via JTAG from the beginning.

@@GRBtutorials yeah that's a fair point. I'm guessing you'd have to manufacture a foodbabe firmware and then fake a loading page with APLU commands for it right? That's the only way I can think of without jtag access

QuickishFM yeah, but load via aplu checks that the signature of the new firmware is done with correct private key (hopefully securely stored by developers). If I understand it correctly.

@@d3line Oh I see, makes more sense then

You mean ReadOutProtection? I got the same question here, cause most of the devices that I checked have enabled 'ReadOutProtection'.

oh hey me from the past... turns out you found Ghidra and now rock at it ;)

I love Great Scott's channel. He makes things, and these guys hacks into them. I don't think that they'll get along well lol

how would we know who is talking? :P

Does that have arm? I dont even know. But I own 6.6 so I used that

@@LiveOverflow sorry i thought it did, i just checked and found that IDA freeware version supports only 16 architectures and ARM is not one of them.

me too, but looks pretty cool, isnt it? XD

Resident Evil??? :D sure

@@TheVektast :Ffff

@@TheVektast ^^

Not really. They are often combinations of f00d, babe, cafe, b00b, c0de - basically anything that is representable in hex in 4 characters to combine it to a full 8-character/32b value. Java uses cafebabe as the first 4 bytes of .class files (cf. Java's logo). And there was this little story not too long ago: mjg59.dreamwidth.org/14955.html