So when in doubt and you have nothing to lose, act like a caveman, I guess? But I did manage to reproduce the result on another chip using the same procedure. The good news though? (If we're lucky) We get 99% of the firmware, and thanks to Charlie Miller we have a disassembler(zip) for it.ĭid messing with Pin #28 even have an effect? Could it just have been the erratic resetting of the chip that triggered the malfunction? Did I short VCELL+ to Pin28 while messing about? Was there high voltage on VCELL+? Was it just ESD? (I wasn't really bothered by the chip dying as this was one of 2 sacrificial controller boards I kept just for messing around with.)Īnd the results? Apparently we can corrupt (ideally just) the first couple of blocks of flash if we bully PIN #28 while the chip is trying to start up. Is the chip fried? It's at this point that I coded up the flash tool to try and read the flash contents.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |