Pulling firmware from consumer devices

I have a little media player box that I'd like to be able to pull the firmware from and run through a disassembler. I'm fairly certain that one of the chips on the board is an SPI flash memory; the trouble is that I can't pull up anything resembling a datasheet on the Web based on its markings.

So to do what I'd like to do, assuming I'm not able to identify the chip, I have to a) confirm that it is indeed an SPI flash chip, or if not, what protocol it is using; b) identify the SCLK, MOSI, MISO, etc. lines; c) somehow solder a header to the chip on the board (it's a 64 pin Type II TSSOP); d) read from the device in-situ while the device is powered up and still connected to its host processor (is this possible?)

Obviously I have not attempted something like this before, so any suggestions for a plan of attack would be much appreciated!

Reply to
bitrex
Loading thread data ...

Why would anyone here help you steal code from a commercial unit ??

If your not smart enough to pull this off your-self, why should any one WANT to help you ??

Just give it up.

hamilton

Reply to
hamilton

Why? What do you hope to achieve? Surely, a media player is a big "ho, hum (yawn)" in terms of technology -- do you expect to *learn* something?

What makes you think this chip holds *firmware* and not *music*?

Reply to
Don Y

Because reverse-engineering things is fun? The firmware is badly programmed and has a considerable number of showstopper bugs I discovered in just a few minutes of playing around with it - as if I'm interested in 'stealing' their dumbass code. I'm more interested in exploring the possibility of getting the device to run arbitrary code from the memory stick.

As far as I can tell, this device (bought from a Hong Kong supplier) is itself a copy of a similar device, also produced by a mainland China corporation, which itself is very likely a copy of something else. I'm sure its manufacturer will be pleased you're staunchly defending their intellectual property.

Reply to
bitrex

Why didn't you say all this the first time ??

Reply to
hamilton

bitrex wrote in news:Jo-dnStr2J1CJx7SnZ2dnUVZ snipped-for-privacy@earthlink.com:

So it is oke to steal a bike because it was probably stolen in the first place? Your morality amazes me.

Reply to
Sjouke Burry

I didn't expect that I would be accused of having malicious intent. In the US I'm fairly sure disassembling the source code of the device for the reasons stated would fall under the fair use clause; if the source code is copyrighted in China it's irrelevant as Chinese law has no penalty for copyright infringement that isn't for profit.

Reply to
bitrex

Nothing I'm trying to do is illegal under either US or Chinese law AFAIK, so you must be holding me to some moral standard of which I'm unaware.

Reply to
bitrex

You can build a device that violates patents all day for your personal use. Selling one is another story. Giving one away is also a problem since you have caused the patent owner to lose a sale.

Some devices have firmware loaded by the driver. As I have mentioned in another thread, "dd" is used to pull the firmware out of the driver for linux use quite often.

Here is an example, though I have only done this trick on satellite receivers, not an ipod. But the idea is the same.

Reply to
miso

Make sure that you use a bit bucket to catch what you shake out..

Reply to
Robert Baer

On a sunny day (10 Apr 2012 05:22:09 GMT) it happened Sjouke Burry wrote in :

That is bullshit. He OWNS that device. If I want to rip apart the lock on my bike I can.

If I want to modify the electronics in the car, I CAN, I may void the warrantee, but then that is a choice.

If I stick a scope on the TV PCB or log data on a pin do I steal anything? If I measure the circumference of a bike's wheel do I steal manufacturing secrets? We need a change of vie in this society. If you do not want me to have something then do not sell it to me.

Did he sign a contract that came with that media player not to reverse engineer it?

YOU ARE AN IDIOT.

Wow that feels good :-)

Reply to
Jan Panteltje

Of course, it's possible. Hook up a scope and go to town. Then hook up a serial protocol analyzer to grab the data that goes by.

Since you're asking the question, it's logical to assume you don't have access to the equipment.

IF you do get the data stream, what're you gonna do with it? Any product development team is gonna make some attempt to protect their IP. If you can get bits out, it's unlikely they'll be easy to decode.

It's unlikely that code is directly executed via spi.

Suggestion. Give the device to charity and take a tax deduction. Get a job at the local burger joint at minimum wage. Use the cash to buy a device you can live with.

There's ZERO possibility that you can reverse engineer the device in fewer hours than it'll take you go earn enough to buy one you like. You could probably earn enough to buy a dozen of them by the time you give up on the reverse engineering project. You don't even want to think what it'd cost to buy the equipment you'd need.

Are we having fun yet?

Reply to
mike

--
n wrongs =/= 1 right.
Reply to
John Fields

Are you sure it is 64 pin? A quick look on digikey does not show any flash in that package (serial or otherwise).

If it is SPI it should only have a few tracks going to it, a parallel bus will require many more.

--

John Devereux
Reply to
John Devereux

Sjouke Burry wrote in news:XnsA0314B5EBC523sjoukeburrysoesterbe@213.75.12.10:

it's NOT stealing if he's doing it(the FW readout/mod) for his own personal use and not for commercial sale or profit.

--
Jim Yanik
jyanik
 Click to see the full signature
Reply to
Jim Yanik

engineer it?

while it should be that once you buy a device you can do what ever you want with it. However thanks to the DMCA, breaking, telling someone how break, pretty much thinking about breaking any form of copy protection no matter how weak, even for legitimate reasons might get you sued, arrested and general mess up your life

just ask George Hotz, dvd jon, Dmitry Sklyarov etc.

-Lasse

Reply to
langwadt

Hi John,

It's a weird package. It apparently has 64 pins, but the vast majority of them appear to be unconnected; it looks like maybe 9 or 10 traces actually connect to anything.

There are only 5 major ICs on the board aside from a few opamps - the processor/video decoder SoC, a 256MB SDRAM, an HDMI output IC, a power management IC, and this unknown chip. I'm making an assumption that it's some kind of memory holding the firmware image, of course I may be incorrect and the firmware may be stored elsewhere. There's a spot on the board for a second IC of the same type, but in this version the location is vacant.

Reply to
bitrex

On a sunny day (Tue, 10 Apr 2012 10:43:19 -0700 (PDT)) it happened " snipped-for-privacy@fonz.dk" wrote in :

engineer it?

No

WHAT copy protection? If the FLASH was in a micro and the copy protect bit[s] were set, then he could not read it. If they are not set or if the the code / firmware is in external FLASH then there is no copy protection, so you are not in violation.

The stupid witch hunt by a couple of crap movie making Hollywood trillionairs reminds me of the commies witch hunts long time ago. They (Hollywood) will just have to come up with a better business model. And this is even nothing, wait until the replicators arrive. Already you can make 3 D scan of objects an use a 3D printer to re-create those.

Those guys you refer to needed a better lawyer. And then there are all those stupid software patents, not used to 'stimulate innovation', but used as weapon of one company against the other like Apple-Samsung Google-Nokia just to STOP innovation. Any idiot can invent the wheel and patent it it seems, and then bright big industries to its knees. All this will have to go and be replaced by a better system, a system where knowledge is truly shared and available for ALL people. THAT will accelerate innovation, and improve rotten software as that is what this was about. Will it happen? I dunno, human nature has things like greed, personal interests, shot-sightedness, political quarreling and what not. Patents will run out one day...

Reply to
Jan Panteltje

But copyrights will be perpetual (well, I understand that perpetual copyrights are prohibited by the US Constitution, but there is no limit on how long or how often the terms can be extended). We have yet to see the copyright on Mickey expire, and I doubt it will be allowed to expire).

See "Mickey Mouse Protection Act".

Reply to
Spehro Pefhany

OK, well I don't know what it is then (you could be right, Digikey is not the whole world). You need to put a scope on the connected signals. You should see regular signal on SCK, lots of data on MISO as it boots up, probably very little on MOSI except if/when the device writes anything to the chip. It probably reads the whole program into RAM at power-up and leaves it mainly alone thereafter.

That would be a start,

--

John Devereux
Reply to
John Devereux

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.