Nytro Posted March 17, 2013 Report Posted March 17, 2013 [h=1]Reverse Engineering Serial Ports[/h]By Craig | November 1, 2012 | Embedded Systems, Hardware, Tutorials Given the name of this blog and the number of requests that I’ve had, I think it’s high time we discussed serial ports; specifically, serial ports in embedded systems. My goal here is to describe the techniques that I’ve found effective in identifying and reverse engineering embedded serial ports through the use of definitive testing and educated guesses, and without the need for expensive equipment. [h=1]Introduction[/h] Serial ports are extremely useful to embedded developers, who commonly use them for:Accessing the boot loaderObserving boot and debug messagesInteracting with the system via a shellNeedless to say, this functionality is also useful to hackers, so finding a serial port on an embedded device can be very advantageous. As a case study, we’ll be examining the PCB of a Westell 9100EM FiOS router for possible serial ports: Westell 9100EM PCB Now, these aren’t your dad’s RS-232 serial ports that we’re looking for; these are Universal Asynchronous Receiver Transmitters (UARTs), commonly found in embedded devices. Although protocol compatible, RS-232 and UART are not voltage compatible (from here on out I will use the terms “UART” and “serial port” interchangeably). UARTs most commonly operate at 3.3 volts, but can also be found operating at other standard voltages (5, 1.8, etc). Unfortunately there aren’t any industry standardized UART pin outs, and manufacturers don’t often go around advertising or documenting their debug interfaces, so we’ll need to do a bit of work in order to interface with these serial ports. Specifically, we need to reverse engineer both the hardware interface and the software protocol settings. Let’s start with the hardware interface first. For this, you’ll need a multimeter and a pair of eyeballs (or even one will do just fine). Yes, oscilloscopes and logic analyzers are useful and sometimes necessary, but 99% of the time a trusty multimeter and a bit of knowledge is all you need. [h=1]Identifying Serial Headers[/h] The first step is to try to identify potential candidates for serial port headers. Most serial port headers have at a minimum four pins:VccGroundTransmitReceiveTypically you’ll want to look for a single row of 4-6 pins, although this is not a hard and fast rule and they can come in any pin configuration the manufacturer has decided on. On our 9100EM PCB we find two possible candidates, labeled P1402 and P1404: Possible serial port headers Sometimes you won’t have a nicely broken out set of pins like this, and you’ll have to examine test points on the board; usually starting with test points closest to the SoC is a good idea. Here is an example of a serial port exposed via test points on a different board, the WL530G: Serial port test points on a WL530G In either case the process of pin identification is the same, but usually takes longer if there is no header since there will likely be more than 4 test points on the board that you will need to examine. At this point either P1402 or P1404 could be serial port headers. Or they could both be serial port headers. Or neither could be a serial port header. So we’ll examine the pins on each header individually to try to gain some insight.Articol complet:http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/ Quote
Blackvein Posted March 18, 2013 Report Posted March 18, 2013 Reverse Engineering Serial PortsStarted by Nytro, Today 01:49 AMReplies: 0Views: 25Romania, te iubesc! - Hackerville [Emisiune Full]Started by silvian0, Yesterday 10:08 PM 123...8Replies: 74Views: 4,780... Quote
