Tag Archives: buspirate

How to Dump the Firmware from the EEPROM with help of Buspirate

Dumping the Firmware from the device

Today we are going to show you how to dump the firmware from the hardware devices

 

Software and hardware Requirements:

  1. Buspirate
  2. Ubuntu 16.04 or any other Linux machine
  3. Flashrom tool
  4. SOIC cable pin 8
  5. Buspirate connectors

Let’s start the firmware dumping,

Here we choose Binatone wireless ADSL2+ router DT 850W

Let’s look inside of the device,

There EEPROM, and UART pins and Ralink CPU some Other IC chips are available, here mainly focusing on the EEPROM chip (winbond W25Q16), if you are not able to watch the EEPROM name on it use torchlight to see.

EEPROM:

EEPROM (also written E2PROM and pronounced “e-e-prom”, “double-e-prom” or “e-squared-prom”) stands for electrically erasable programmable read-only memory and is a type of non-volatile memory used in computers and other electronic devices to store relatively small amounts of data but allowing individual bytes to be erased and reprogrammed. It means what we looking for firmware image EEPROM chip consisting.

To read EEPROM chip required Buspirate and SOIC Pin 8 connector

SOIC Pin 8 Connector

Buspirate:

Bus Pirate v3 is a universal bus interface that talks to electronics from a PC serial terminal. Get to know a chip without writing code. This board provides 1-Wire, I2C, SPI, JTAG, asynchronous serial (UART), MIDI, PC keyboard, HD44780 LCDs, and generic 2- and 3-wire libraries for custom protocols.

And we need to understand colors of Buspirate connector,

 

http://dangerousprototypes.com/docs/File:Seed-cable.png

Before we are going to dumping the firmware, we have to check the connections of SOIC Cable, Buspirate and EEPROM

Give the connection to EEPROM chip using SOIC pin8 cable

While giving the connection RED wire must be connecting to pin 1 EEPROM chip

Connect the SOIC cable to Buspirate according to below picture

After giving the connections Buspirate to SOIC pin 8 will be like this,

 

While giving the connections check yourself with bus pirate, VREG and PWR is blinking on the Buspirate which means connections established perfectly

Just connect the USB Cable to Linux machine and run the following command

Step 1

#sudo flashrom –p buspirate_spi:dev=/dev/ttyUSB0

To identifying the EEPROM chip on the hardware

the above image shows the its identified the EEPROM is winbond flash chip “W25Q16.V”

 

Step 2:

To dumping the firmware from the EEPROM chip

#sudo flashrom –p Buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M –c (Chip name)  –r (Name.bin)

It will take some time to dump the firmware.