#01 - Identifying Components - Hardware Hacking Tutorial

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
this is the first episode of the series are rocking tutorial that is dedicated to everything about our rocking kisses for beginners but also advanced users will find something useful on this series the hard working process is described based on information gathering of hardware and software building an emulation environment where to run interesting binaries of our device and eventually reverse-engineer them then analyzing how the device works and then at the end acting the device and eventually modifying is firmer it is the first episode we will talk about the first steps of information gathering the information gathering phase is based on understanding who makes the device if there is an original design manufacturer because sometimes a company brands a device or manufacturing device but another company have designed the device and development is firmer then we start opening the device and trying to identify is main device components we are mainly interested in the system on a chip and is architecture on amount of RAM and the flash EEPROM but also to understand if there are some other interesting devices then we won't locate the word interface in the JTAG interface and ezra step information gathering phase we want to get the firmer out of the device and extract is the root filesystem in this first episode we will talk about the first steps of information gathering up to identifying device components I am a volatility on petrol I have a background in digital electronics and information technology infrastructure and I wish to be your friendly Italian acha neighbor willing to share with you tools and techniques but about our tracking that I learned by myself acting many devices so let's start this router is the main device that we will use during it is a tutorial series the first step in information gathering phase is to understand what kind of device we have and is manufacture and also to understand if there is an original design manufacturer because sometimes a company manufacturing device but another company ever designed it and develop it is firmer this router is distributed in Italy by Lincoln Lincoln is the biggest Italian internet service provider because the wireless internet service provider according to this label it seems that this router has been manufactured by Lincoln but Lincoln is the name of the SP so this means that it is only branded it not manufactured it the manufacturer is someone else looking at the label this device we are not able to understand who is the original design manufacturer of the device anyway we can see that on the label do we have the model name of the device the SSID of the router the Wi-Fi default password the LAN MAC address or Ethernet MAC address and the serial number of the device looking at the manual we can understand that the serial number starts with the string gmk and then we have six digit for the data of production 2g digits for the year two digits for the month and two digits for today of production then we have a 6 digit sequential number later we will see that knowing this information is very important to up the device and to be able to generate the default Wi-Fi password of the device in T's acting tutorial we are we will always follow the easiest part first methodology this means that every time we will always start with the easiest path first so to get more information about this device the first step the easiest step is to search information on Internet so we will search information on internet aunties device and we will understand that this device has been manufactured by Assad a suit Korean company called gemtech they chased many production site in Asian countries the first step in the information gathering phase is to look for our device on Google because we are interested to know as much as possible about our device we can see that one of the first result is the user manual and we also know that the company that has produced our device is Gentek we look at the user manual but maybe there isn't there is the information that we are looking for because we are mainly interested in the system monetary pressure from a flash rom that is on our device so we return back and we look at other search results on Google one of these search results is very interesting it is the search result that the website tech info deport gives us this is a website really interesting with the lot of information on many many devices it is a community driving project so we don't have official information and on some device we have more information some other device we have a less information in this case we have a link to a product page but this is an empty link pointing to an internet service provider that is no more information about this product that maybe it is shipping in the past but we have some other very useful information like the FSS CC ID this is the ID given to each device that is sold in the United States FCC stands for Federal Communication Commission and gives approval to each device that they it is compliant with radio emission regular regulations so in this case we can click on related link and we go to the FCC website where the manufacturer has provided some information about device if we look at the information available we can find some interesting information for example we can see the external photos of the device the ID label of the device in this case this is not our ID label it is a device manufactured for another internet service provider and we can see that in this label there is the FCC ID and we also have other information the FSC see ID you can see that is not available on my own device because my own device is sold in Italy where there is no obligation for the FSC see radio emission compliance we can see that we also have other information like for example internal photos that can be very useful to understand how the device is manufactured what kind of component it has onboard and so on but maybe pictures are not big enough to read the marking of each device component we also have some other documentation like test reports of radio emission tests and so on but if we look at a detect tech report website we can find some other interesting information like for example the name of the system-on-a-chip in this case it is a magnetic chip we can also see the name and amount on all the flesh EPROM chip and the name and amount on of of the ROM chip this is really interesting information in our initial stage of information gathering in the links of interest we can also see a pointer to a github project but this is my own github project where I did a reverse engineering of T's router so it was not available when I started searching for this device anyway in this case there is a lot of information that I put on my github repository about this device another source of information is open wrt website which is a site dedicated to open source router firmer open wrt but there is a database of many many router with information on hardware available to the router in this case there is no information on our device but anyway it is it is one other side to search for at the beginning for example if we search for another router that an old router that I am it is DG 8 3 4G before we can see that we are able to find a lot a lot of information the system on a chip how to install the open wrt software on this device and also many other information including the position layout of the fresh Abram the position of the word interface and the position of the JTAG interface and including also pictures of the route of the router pictures of is mainboard and exact position of word interface and the JTAG interface so this website especially if we are doing some are tracking on a router this is for sure a website to track we got a lot of information about this router on the internet but the information that we got was related to the same part number but distributed but by different internet service provider with a different label format so probably it is a different fair more and it is also possible that the manufacturer have changed something inside the router likely system-on-a-chip their arm or the their prompt so it is better to open the device and to check by ourselves the components that are inside device so we open the device usually it is easy to open device of these sides sometimes this kind of device can air some special screw so we can need some special screwdriver but in different devices like for example smartphones smartwatches digital cameras and other very small device it can be very very difficult to open them sometimes we are able to find tutorials on internet on how to open a specific device and other times we have to find the solution by ourselves and can be really difficult on some industrial-grade there isis it is also possible that we have some countermeasure to prevent the opening of the device like for example using glue instead of screw using glue but to keep the shells together and inside the device on some military-grade device we can also have anti tampering circuitry that will wipe out the content of the air from if we open the device anyway i have put a link below that will better explain how to deal with this kind of devices now that we open the device we need to unscrew the motherboard from the device and we can see that sometimes we have it sinks that we able to remove to look below them and to understand what kind of components we have below sometime it's easy sometimes can be more difficult we can also have metal shield use it to shield the radio frequencies in this case often it is more difficult to remove sometimes it is impossible to remove without damaging the port if we have multiple boards there are no problem we can destroy one board at once and what's below the metal shield and it sings otherwise if we have only one board we can not destroy it so in this case we will move forward without identifying the device because our principle is always to follow this path first so if an information is difficult to get anyway we will move forward and we will return back only if absolutely needed we can look at the values integrated circuits on this motherboard but we can see that often it is difficult to read the part number on top of these integrated circuits in this case we can try to improve the readability of the part number using a cotton and Howell to clean up the surface of this part number then wait for the article to dry out and then use a chalk over these integrated circuits then use a cotton again without our code to remove the chalk and then after not too strongly and then after this it is usually easier to read the part number we can also use a magnifying glass or a magnifying lamp with the LED light to read the part number on top of these integrated circuits now that we have been able to read the part number on top of the integrated circuits we can search on the internet and usually we are able to find a lot of information including the datasheet of this part of these part numbers but in some cases especially on some unusual Chinese devices it is possible that we will find nothing on the Internet in this case can be useful to search on a Chinese search engine light for example Baidu and maybe only the search engine we will find something in Chinese obviously but we can use Google Translate to understand at least what kind of device we have but in our case on our motherboard there is a normal device that we are able to find a lot of information on the Internet the system-on-a-chip is a magnetic mt7 six to 180 chip it is a chip based on a MIPS CPU dual-core cpu running at eight hundred eight megahertz the RAM is a Wimble chip it is a 128 megabyte Ram chip it is different of it is different compared to what we found on the tech deport website but then it is the same science we also have an unusual discrete logic component it is a 74 hc1 64 usual we don't have this handle component on this motherboard but in this case it can be useful for us because it easy on to the chip to identify VCC a ground and this can be used as a reference point when we need to take some voltage measurements on the motherboard we also are able to identify the NAND flash device that it is a 128 megabytes NAND flash device and tis confirm what we found on the tech deport web beside when when we searched this information on the internet if you found this video interesting please subscribe help this channel grow share this video with your friends interested in hard watching and don't forget to click the subscribe button below and the notification Bay to be notified when new episodes will be released and not forget to click the apps the thumbs up icon and please give me feedback on the comments below but positive and negative I will appreciate any type of feedback or feedback especially suggestions and also if you have enjoyed this video or also if you don't don't like it this video but especially suggestions are really really welcome thank you for watching see you again on this channel
Info
Channel: Make Me Hack
Views: 14,339
Rating: 4.9916053 out of 5
Keywords: Identifying Integrated Circuits, Identifying Chips, Identifying Components, Hardware Hacking Tutorial, Hardware Hacking, How To Do Hardware Hacking, Practical Hardware Hacking, Hardware Hacking for beginners, Reverse Engineering, Reverse Engineering Hardware Tutorial, Practical Hacking, Hacking Tutorial, Hacking for beginners, Router Hacking, How To Do Router Hacking, ethical hacking basics, reverse engineering tutorial, identifying ic chips, reverse engineering hardware
Id: LSQf3iuluYo
Channel Id: undefined
Length: 16min 53sec (1013 seconds)
Published: Tue Mar 10 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.