38C3 Community Stages

Reverse engineering U-Boot for fun and profit
2024-12-27 , Stage HUFF
Language: English

A field guide to dumping and reverse engineering a bare-metal U-Boot binary, including all the good stuff like funky hardware setups, UART logs, a locked bootloader and unknown base addresses.


Working on hacking a babyphone and encountering a locked bootloader, we were faced with a major roadblock. So, naturally, we bashed our head against said problem for 2 weeks, coming out the other side with a few fun challenges, solutions and tid-bits.

I want to recreate this experience here in this talk, by doing the whole process all over again, but this time live, in front of an audience.
Includes:
- getting serial logs
- dumping firmware
- extracting firmware
- reverse engineering the U-Boot bootloader, to extract the bootloader password
together with some tips, tricks and snark remarks.

Hardware hacking, reverse engineering, low level shit