python

, ,

DPAPIck v0.3 release notes

, ,
DPAPIck v0.3 release notes

Well, I have to admit that it’s been a long time since I wrote here.

Lot of people complained during the past years that DPAPIck was only supporting Windows XP and Vista and basically wanted to know if one day we were going to support newer versions of Microsoft Windows.

Thanks to Francesco Picasso (@dfirfpi), this project now supports Windows versions from XP to the latest Windows 8.1 (sorry, we haven’t tested it on Windows 10 yet). He did the work and sent me a patch that allowed DPAPIck to run against Windows 7 blobs but it was also breaking XP support at the same time. So I took some extra time to give that a bit of polish and to improve a few things on how the tool was processing data.

, , ,

Firmware extraction and reconstruction

, , ,
Firmware extraction and reconstruction

Recently I had to extract a firmware from an I2C EEPROM.

Although I am pretty used to SPI EEPROM on embedded equipments, seeing an I2C bus seemed pretty unusual to me.

As you may have noticed from my previous posts, I make heavily use of my GoodFET. It is a very handy tool and although I also have a BusPirate v4, I prefer Travis’s tool. Unfortunately, I2C protocol is not compiled by default on the firmware, the tools are marked as “untested” on the website and the pinout is not documented on the website. That’s a lot of things to find out :-)

,

Ask me a question

,
Ask me a question

Hi Jean-Michel, I am also working one a tcp stream reassembly utility and I see that you have done some work in defining the C wrapper for the libnids reassembly patch for Python.  I was wondering if you have actually used the resume function in Python ? I have tried but are not getting a usable structure from the callback in Python.  Do you perhaps have a sample Python function call or some tips maybe in order to use this function in Python? Regards, ChrisA