DFIR

, ,

From NAND chip to files

, ,
From NAND chip to files

First of all, I am pretty happy to write this article because I usually don’t have a lot of opportunities to write about forensics topics on this blog. The main reason for that situation is because I am almost always working on that field for my employer so this does not have a place on this blog . But this time it was related to a spare time project I did during my holidays!

You’re not going to have a lot of details about the whole project because it is still ongoing and moreover I am working on it with a friend and we hope to do a bigger publication once we are done. Anyway, I went through a lot a caveats so I thought it was worth writing about that step in our study.

, , ,

Dumping Z-Wave device firmware

, , ,
Dumping Z-Wave device firmware

In the previous weeks, I had to work on Z-Wave devices and that lead me to dump the firmware of those devices. Consequently, I used my favorite GoodFET to achieve this goal :-)

Code is now available on the GoodFET’s project repository. Be aware that you will need to update the firmware of your GoodFET device before using it because the Z-Wave chip requires specific timing and bit banging.

More details on that work are available on my employer’s blog as, this time, this was not a spare time project :)

, , ,

A journey in script-kiddie-land and kernel-land

, , ,
A journey in script-kiddie-land and kernel-land

Yes, I know what some of you may think: will we finally get the third and last part about the robot vaccum? You will. But trust me, I don’t have a lot of spare time and debugging the radio stuff is not the funniest part nor the easiest one!

But let’s come back to our subject. Reading some (all?) of my posts here, you may know what a GoodFET is. But have you heard about its little brother, the FaceDancer?

, , ,

Firmware extraction and reconstruction

, , ,
Firmware extraction and reconstruction

Recently I had to extract a firmware from an I2C EEPROM.

Although I am pretty used to SPI EEPROM on embedded equipments, seeing an I2C bus seemed pretty unusual to me.

As you may have noticed from my previous posts, I make heavily use of my GoodFET. It is a very handy tool and although I also have a BusPirate v4, I prefer Travis’s tool. Unfortunately, I2C protocol is not compiled by default on the firmware, the tools are marked as “untested” on the website and the pinout is not documented on the website. That’s a lot of things to find out :-)

, ,

Hard drive rescuing with a GoodFET

, ,
Hard drive rescuing with a GoodFET

This post is a little pause in my vacuum reversing trilogy. It is half about electronics, half about digital forensics but somehow it is still 100% of my hobbies ;-)

A friend of mine had faced a harddrive failure recently and wanted her data back. So she sent me the drive instead of giving away one month of salary to an expensive data rescuing company.

Most of the time, replacing the controller board of the harddrive is enough to get your data back. Hopefully some companies like HDDzone allows you to order the exact model of the PCB you want to replace.

One week later, the PCB was in my mail box. Great.