Jump to content
Nytro

Reverse Engineering Serial Ports

Recommended Posts

Posted

[h=1]Reverse Engineering Serial Ports[/h]By Craig | November 1, 2012 | Embedded Systems, Hardware, Tutorials

Given the name of this blog and the number of requests that I’ve had, I think it’s high time we discussed serial ports; specifically, serial ports in embedded systems.

My goal here is to describe the techniques that I’ve found effective in identifying and reverse engineering embedded serial ports through the use of definitive testing and educated guesses, and without the need for expensive equipment.


[h=1]Introduction[/h] Serial ports are extremely useful to embedded developers, who commonly use them for:

  • Accessing the boot loader
  • Observing boot and debug messages
  • Interacting with the system via a shell

Needless to say, this functionality is also useful to hackers, so finding a serial port on an embedded device can be very advantageous. As a case study, we’ll be examining the PCB of a Westell 9100EM FiOS router for possible serial ports:

westell_board-300x200.jpg

Westell 9100EM PCB

Now, these aren’t your dad’s RS-232 serial ports that we’re looking for; these are Universal Asynchronous Receiver Transmitters (UARTs), commonly found in embedded devices. Although protocol compatible, RS-232 and UART are not voltage compatible (from here on out I will use the terms “UART” and “serial port” interchangeably). UARTs most commonly operate at 3.3 volts, but can also be found operating at other standard voltages (5, 1.8, etc).

Unfortunately there aren’t any industry standardized UART pin outs, and manufacturers don’t often go around advertising or documenting their debug interfaces, so we’ll need to do a bit of work in order to interface with these serial ports. Specifically, we need to reverse engineer both the hardware interface and the software protocol settings.

Let’s start with the hardware interface first. For this, you’ll need a multimeter and a pair of eyeballs (or even one will do just fine). Yes, oscilloscopes and logic analyzers are useful and sometimes necessary, but 99% of the time a trusty multimeter and a bit of knowledge is all you need.


[h=1]Identifying Serial Headers[/h] The first step is to try to identify potential candidates for serial port headers. Most serial port headers have at a minimum four pins:

  • Vcc
  • Ground
  • Transmit
  • Receive

Typically you’ll want to look for a single row of 4-6 pins, although this is not a hard and fast rule and they can come in any pin configuration the manufacturer has decided on.

On our 9100EM PCB we find two possible candidates, labeled P1402 and P1404:

connectors-300x200.jpg

Possible serial port headers

Sometimes you won’t have a nicely broken out set of pins like this, and you’ll have to examine test points on the board; usually starting with test points closest to the SoC is a good idea. Here is an example of a serial port exposed via test points on a different board, the WL530G:

wl530g_connectors-300x224.jpeg

Serial port test points on a WL530G

In either case the process of pin identification is the same, but usually takes longer if there is no header since there will likely be more than 4 test points on the board that you will need to examine.

At this point either P1402 or P1404 could be serial port headers. Or they could both be serial port headers. Or neither could be a serial port header. So we’ll examine the pins on each header individually to try to gain some insight.

Articol complet:

http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/

Posted

Reverse Engineering Serial Ports

Started by Nytro, Today 01:49 AM

Replies: 0

Views: 25

Romania, te iubesc! - Hackerville [Emisiune Full]

Started by silvian0, Yesterday 10:08 PM

123...8

Replies: 74

Views: 4,780

...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...