Core 2, I choose you. Less than 5 minutes after posting the last article, i discovered the final piece of my puzzle: a second CPU core. I was looking through my OpenOCD configuration when I realized it had a single tap definition hardcoded, so i decided to comment it out …

“Discovery requires experimentation” This weekend I made a pretty big breakthrough which lead to me making a few smaller breakthroughs and ultimately negating most of my previous research. I’ve also learned that “not reinventing the wheel” isn’t always the best option, especially when it comes to trusting other people’s research. …

It seems that the bootstrap code is just scattered around various memory addresses and there’s no simple way to dump all of it, so i decided to just dump a chunk of memory from 0x00000000 and look for any reference to addresses outside of that chunk (allowing me to build …

Before we get started with part 3, I have a few updates regarding part 1 & 2. I’ve found that the reset pad on the JTAG header is not actually a system reset (SRST) but a TAP reset (TRST), which isn’t very useful for debugging. Here is the updated layout …

Now that everything is ready to be connected, power up the hard drive an run openocd with the following command: openocd -f interface/<your interface here>.cfg -f target/test.cfg test.cfg should be the configuration for the CPU used by your hard disk controller, for most marvell CPUs this config should work. I’m …

I’ve not been doing much in the windows malware world for a while now, because quite frankly I’ve run out of ideas and I’m totally bored. Recently I decided to take the jump into electronics / hardware hacking and people have suggested I post some of that here. A couple …