Entries Category “Misc”

Tue 07 June 2022

Firmware key extraction by gaining EL3

A bit of history A few months back, I turned my attention on my fiber gateway. So I ordered the same model on ebay, unsoldered and dump the nand, and after a lot of work, managed to have a clear view of the system, from bootloader to userland. Basically, the bootloader check the signature of the kernel image, uncrypt the kernel image with a bootloader stored key, which in turn, uncrypt the rootfs image and voila. [YYYY] / # ls README dev lib opt sbin usr bin etc media proc sys var config exports mnt root tftpboot ctmp home nonexisting run tm [YYYY] / # cat README If you can read this, congratulations ! Feel free to drop me an email, xxxx@yyyy.zz
Mon 04 April 2022

Pwning the bcm61650

The percello prc6000, also known as bcm61650 after Broadcom bought the company, is a chip used in 3g femtocells (Home-nodeB). Here is a summary writeup of how I achieved to bypass its secure ROM to run arbitrary firmwares.
Mon 10 April 2017

Video Distorsion

Found this old piece of code, written in 2013. Only needed to change hardcoded resolution of the webcam to get it working again.
Fri 17 April 2015

Hello World

#include int main(int argc, char** argv) { printf("Hello World\n"); return 0; }

Social Network