[018] IT9919 Hacking - part 3 - Hacking Upgrade Files
Рет қаралды 14,113
Күн бұрын
@PetreRodan 5 жыл бұрын
really enjoying the series
@RemcoStoutjesdijk 5 жыл бұрын
Mighty impressive. Apart from looking forward to running custom sw on my device, I've just learned a whole lot. As an EE dabbling in embedded this is fantastic.
@KucharJosef 5 жыл бұрын
I'm wondering what keywords are triggering these scam bots
@goosenp 5 жыл бұрын
Wow, this part is the most impressive development yet!
@OpenTechLab 5 жыл бұрын
And there's more still to come!
@claytonmoore9530 5 жыл бұрын
This is a great series. Listening to you go through your thought process and research steps is a great learning experience.
@UpcycleElectronics 5 жыл бұрын
You're piecing this instruction set together like I'm watching the process. Half of what you say here is Chinese to me, but the more I watch the more puzzle pieces find their way home. Thanks for another epic upload. -Jake
@tedvanmatje 5 жыл бұрын
Awesome, awesome! Thanks for the link to that polish bloke's website (which I will be digesting in a wee moment) and for that binview site too. Just had a moment where I had to scrape away a substantial amount of cobwebs - the last time I used assembler was on my old amiga, but all's gravy now :) Watching this has triggered a productive brainfart which is actually productive procrastination, if there is such a thing (an excuse to sit infront of a screen for hours)....thanks mate! This weekend has now taken a turn for the best. Until the next one and thanks for uploading!
@EmilHarder 5 жыл бұрын
It's really, really enjoyable and educational to follow your work. Thank you for letting us look over your shoulder and learn from and with you!
@avramitra 5 жыл бұрын
Can't wait for the next part! I'm addicted!
@vincei4252 5 жыл бұрын
Lol. Is it me or can I hear a cat needing attention in the background? At first I thought it was one of my cats :-) 🐈🐈🐈🐈
@OpenTechLab 5 жыл бұрын
Yeah she was getting a bit frantic while I was trying to record. She doesn't like being shut out
@pipsqueak2009 5 жыл бұрын
This is really interesting... looking forward to seeing how far you can get with this
@jrsmile 5 жыл бұрын
im really diggin this series, please continue afterwards with more cheap devices :-)
@23RaySan 5 жыл бұрын
cool video series. im already excited for episode 4 :)
@danmanmgm 5 жыл бұрын
It would be awesome to see a custom fw running on this platform.
@czoknorris 5 жыл бұрын
Since you can modify the flasher, why dont you just bypass the checksum computation? Redirect the CPU to Checksum-OK directly.
@OpenTechLab 5 жыл бұрын
The problem I discovered is it's not a checksum computation - just a memcmp on whether the data was correctly written to flash. The flasher then triggers a reboot, and the checksum is checked by the real system checksum checker - which we will look at in the next video
@czoknorris 5 жыл бұрын
OpenTechLab coool, looking forward.
@Nadox15 4 жыл бұрын
@@OpenTechLab Very interesting, but where is the code safed for the checksum calculation? (I am pretty sure you will explain it in your 4th video, but I am not that far yet haha)
@konobikundude 5 жыл бұрын
I wonder if some of the Kaitai Struct tooling would help with the workflow of visualizing things in-place
@Gengh13 5 жыл бұрын
So now even hdmi extenders could start mining crypto currencies.
@OpenTechLab 5 жыл бұрын
:) - I think the hash rate might be rather disappointing
@NiHaoMike64 5 жыл бұрын
Not so, the video encode/decode blocks can't really be repurposed for any other use. And keep in mind even a Raspberry Pi has many times the compute power.
@Architector120 5 жыл бұрын
i can be wrong but.. it looks like a "C-SKY" architecture..
@OpenTechLab 5 жыл бұрын
Wow - great find! There are certainly some striking similarities: github.com/c-sky/csky-doc/blob/master/CSKY%20Architecture%20user_guide.pdf
@nickb2245 5 жыл бұрын
@@OpenTechLab I found an instruction set list at github.com/c-sky/tools/blob/master/gx6605s/CK610_spec.pdf but I'm not sure it actually lines up.
@anlm1 5 жыл бұрын
Is there a good community like Discord, IRC, or Forum to talk to people to learn more about how to modify hardware and put your own firmware on it like you are doing in this series? I'm interested in taking old hardware like DVRs, printers, scanners, smartphones, dongles etc into stuff like open linux machines, plotters, reusing smartphones in the place of Arduinos, etc
@programorprogrammed 5 жыл бұрын
Fantastic
@TheCADexperts 5 жыл бұрын
One ideea and probably I'm way off, but since we are seeing references to other Atmel chips in the text section , is it possible one of those has a known architecture and by finding the corresponding firmware we could then break it down for a known architecture first?
@OpenTechLab 5 жыл бұрын
I didn't check, but I think they're all the ids of different flash chips, not processors. If you have a hunch about something, though, be my guest to follow it up!
@yrath5034 5 жыл бұрын
You big bloody tease.
@pandarojodronero2919 5 жыл бұрын
just make the checksum-comparition function to always return "true" or correct firmware, so the you can change anything you like in the rest of the file and it wont be overwritten on boot.
@williamsquires3070 5 жыл бұрын
(@7:37) - You may be looking at interleaved code here, where alternate instructions are loaded into the instruction pipeline; this is common on Intel architectures. If this were a SISD (like the old 8-bit micros), you would expect the instructions to load the value 0x000b9f7d to immediately follow one another, otherwise, the problem is that the “call $pc+(30796*4)” might modify register 3. Given that the chip (as seen from video 1 in this series) has 3 cores (a main core, an a/v core, and a security core), this may even be a 3-way interleave, but this is just a guess.
@philmissy1 5 жыл бұрын
It would appear ive fallen down the wrong rabbit hole and now im lost and confused. Im very far from your level of knowledge and understanding but it has brought light to the reason I never throw electronics away. I have for years looked at boards similar and well just about every board ever made and wished I could command it to well be my bitch. LOL Gld ive found your channel its very intresting.
@boriskontorovich Жыл бұрын
I think your cat had some thoughts at 14.17....
@DeirdreOByrne 5 жыл бұрын
Forgive me for stating the obvious, but can you not just NOP out the call to the checksum check?
@OpenTechLab 5 жыл бұрын
Unfortunately not... because it's not actually a checksum check. Just a memcmp that checks the flash upgrade did its job correctly
@DeirdreOByrne 5 жыл бұрын
@@OpenTechLab OK - I thought you were looking at the firmware bootstrap, not the flash upgrade. NOPping out the firmware integrity checks is something I've done in the past :D
@OpenTechLab 5 жыл бұрын
Yeah I actually tried something along those lines, but of course even if the flasher software is tricked into thinks a hacked firmware image is valid, it won't make any difference to the boot-loader which will load the firmware after rebooting
@DeirdreOByrne 5 жыл бұрын
@@OpenTechLab Just out of curiosity - did you check out the function at 82bac? The function you've called "unknown_func()". There be dragons? :)
@OpenTechLab 5 жыл бұрын
Not yet, no. There's a lot of unknowns to explore
@hd-dk6tg 5 жыл бұрын
MediaDSP3200/MediaDSP3201 (or MD32 for short) architecture: slideplayer.com/slide/15233183/ person.zju.edu.cn/person/attachments/2017-09/07-1506579034-711542.ppt edit: r-type encoding seems different...
@OpenTechLab 5 жыл бұрын
Wow! Nice find. Amazing
@edmundhumenberger9917 5 жыл бұрын
Could it be a Tensilica core?
@OpenTechLab 5 жыл бұрын
As in Xtensa? Looking at the ISA, I don't think that one's a match. The other guy suggest "C-SKY" - which seems closer
@d3stinYwOw 5 жыл бұрын
Probably I've found compression library. Same name, BSD license and It might be it. github.com/antirez/smaz
Cool Items Official
Рет қаралды 13 МЛН