Dumping the Firmware from the device
Today we are going to show you how to dump the firmware from the hardware devices
Software and hardware Requirements:
- Ubuntu 16.04 or any other Linux machine
- Flashrom tool
- SOIC cable pin 8
- Buspirate connectors
Let’s start the firmware dumping,
Here we choose Binatone wireless ADSL2+ router DT 850W
Let’s look inside of the device,
There EEPROM, and UART pins and Ralink CPU some Other IC chips are available, here mainly focusing on the EEPROM chip (winbond W25Q16), if you are not able to watch the EEPROM name on it use torchlight to see.
EEPROM (also written E2PROM and pronounced “e-e-prom”, “double-e-prom” or “e-squared-prom”) stands for electrically erasable programmable read-only memory and is a type of non-volatile memory used in computers and other electronic devices to store relatively small amounts of data but allowing individual bytes to be erased and reprogrammed. It means what we looking for firmware image EEPROM chip consisting.
To read EEPROM chip required Buspirate and SOIC Pin 8 connector
SOIC Pin 8 Connector
Bus Pirate v3 is a universal bus interface that talks to electronics from a PC serial terminal. Get to know a chip without writing code. This board provides 1-Wire, I2C, SPI, JTAG, asynchronous serial (UART), MIDI, PC keyboard, HD44780 LCDs, and generic 2- and 3-wire libraries for custom protocols.
And we need to understand colors of Buspirate connector,
Before we are going to dumping the firmware, we have to check the connections of SOIC Cable, Buspirate and EEPROM
Give the connection to EEPROM chip using SOIC pin8 cable
While giving the connection RED wire must be connecting to pin 1 EEPROM chip
Connect the SOIC cable to Buspirate according to below picture
After giving the connections Buspirate to SOIC pin 8 will be like this,
While giving the connections check yourself with bus pirate, VREG and PWR is blinking on the Buspirate which means connections established perfectly
Just connect the USB Cable to Linux machine and run the following command
#sudo flashrom –p buspirate_spi:dev=/dev/ttyUSB0
To identifying the EEPROM chip on the hardware
the above image shows the its identified the EEPROM is winbond flash chip “W25Q16.V”
To dumping the firmware from the EEPROM chip
#sudo flashrom –p Buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M –c (Chip name) –r (Name.bin)
It will take some time to dump the firmware.