Reading data from EEPROM without desoldering

Introduction In IoT/Hardware security it is a common practice of dumping firmware/bootloader data in order to perform reverse engineering for closed source system applications. Well, the known easiest way is to download .bin/.zip (packed firmware) files from the device manufacturer’s website which they provide to end-users for firmware upgrade operations. And later us hackers/security researchers […]

How to Start IoT device Firmware Reverse Engineering?

IoT device Firmware Reverse Engineering:  It is a process to understand the device architecture, functionality and vulnerabilities present in the device incorporating different methods. Firmware: Piece of code written for specific hardware to perform different operations and control the device In this blog, we will learn how to access the file system of a TP-Link […]

FB50 Smart Lock Vulnerability Disclosure (CVE-2019-13143)

Executive Summary Our security engineers found vulnerabilities in the FB50 smart lock mobile application. An information disclosure vulnerability chained together with poor token management lead to a complete transfer of ownership of the lock from the user to the attacker’s account. Product Description The lock-in question is the FB50 smart lock, manufactured by Shenzhen Dragon […]

Arm Exploitation Series #1 — Introduction to the ARM Architecture

With the increasing growth in Internet-Of-Things (IoT) devices, it is an absolute necessity to scrutinize the security of these devices too, especially when they’re going to be right in our homes. What better way to start, than at the very instruction set architecture (ISA) that’s most commonly found on these devices — ARM. ARM, or […]