Chip Identification + Firmware FileSystem

docs/debug-interfaces/uart.md

@@ -149,13 +149,16 @@ Under Ubuntu or Debian, a non-root user cannot have access to serial ports such
 ### Detect the baud rate
 
 #### Most common baud rate
+
 The most common baud rates for UART are `9600`, `19200`, `38400`, `57600` and `115200`.
 
 A table of other used but less common baud rates can be found here:  [Here](https://lucidar.me/en/serialib/most-used-baud-rates-table/)
 
 
 #### Autodetect the baud rate using a script
-Link: [baudrate.py](https://github.com/devttys0/baudrate/blob/master/baudrate.py)
+
+* [devttys0/baudrate.py](https://github.com/devttys0/baudrate/blob/master/baudrate.py)
+
 ```bash
 # Download the script
 wget https://raw.githubusercontent.com/devttys0/baudrate/master/baudrate.py
@@ -180,7 +183,7 @@ It is possible to get baudrate using the duration of a bit periode, using PulseV
 124953.14257153569
 ```
 
-The closest common baudrate is : 115200. COnfigure the decoder and you should see ascii chars :
+The closest common baudrate is : 115200. Configure the decoder and you should see ascii chars :
 
 ![U-Boot string](../assets/UART_uboot_str.png)
 
@@ -234,6 +237,7 @@ It’s an emulation of serial port over BLE. The UUID of the Nordic UART Service
 * **TX Characteristic (UUID: 6E400003-B5A3-F393-E0A9-E50E24DCCA9E)** :
 	* If the peer has enabled notifications for the TX Characteristic, the application can send data to the peer as notifications. The application will transmit all data received over UART as notifications.
 
+
 ### Examples
 * [nRF UART 2.0 - Nordic Semiconductor ASA](https://play.google.com/store/apps/details?id=com.nordicsemi.nrfUARTv2)
 * [UART/Serial Port Emulation over BLE](https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v14.0.0%2Fble_sdk_app_nus_eval.html)

docs/enumeration/chip-identification.md

@@ -0,0 +1,11 @@
+# Chip identification
+
+* Google dork: `filetype:pdf <reference number>`
+* https://datasheetspdf.com
+* https://www.alldatasheet.com
+* https://www.datasheets360.com
+
+
+## EM/RF shield
+
+Electromagnetic/Radio Frequency Shield should be removed to see what it is hidding.

docs/firmware/firmware-dumping.md

@@ -146,7 +146,32 @@ Inspect the assembly with `avr-objdump -m avr -D chest.hex`.\
 Emulate : `qemu-system-avr -S -s -nographic -serial tcp::5678,server=on,wait=off -machine uno -bios chest.bin`
 
 
-## Explore firmware
+## Explore Filesystem
+
+
+### Common Filesystem
+
+* **SquashFS** : It is a compressed read-only filesystem commonly used in Linux-based Firmware. It provides a good flexibility because it supports creating writable overlay filesystems, allowing changes to be made to the filesystem at runtime.
+* **CramFS** (Compressed ROM Filesystem) : Simple read-only filesystem, that supports compression.
+* **ROMFS** (Read-Only Memory Filedystem) : Simple filesystem that is strictly read-only, and do not provide compression support.
+* **YAFFS/YAFFS2** (Yet Another Flash Filesystem) : This filesystem is specifically designed for NAND Flash memory. In particular, it incorporates ECC management for ensuring data integrity. Filesystem integrity is also maintained by storing metadata redundantly.
+* **JFFS/JFFS2** (Journalized Flash Filesystem) : This filesystem is also designed for NAND Flash memory. JFFS utilizes a journaling mechanism to track changes to the filesystem, ensuring data consistency and integrity even in the event of sudden power loss or system crashes. It also supports ECC.
+* **UBIFS** (Unsorted Block Image Filesystem) : UBIFS is a successor to JFFS2 and is optimized for NAND flash memory. It offers improved performance, reliability, and scalability, with features such as compression, encryption, and fast mounting. UBIFS supports multiple partitions.
+
+
+| Filesystem | RO/RW | Magic                 | Tool | 
+| ---------- | --- | ----------------------- | ------------ | 
+| SquashFS   | RO  | sqsh, hsqs, qshs, sqsl  | unsquashfs, 7zip | 
+| JFFS(2)    | RW  | 0x07C0 (v1), 0x72b6(v2) | jefferson | 
+| YAFFS(2)   | RW  | 0x5941ff53              |  unyaffs | 
+| CramFS     | RO  | 0x28cd3d45              |  uncramfs, 7zip | 
+| UBIFS      | RW  | 0x06101831              |  ubi_reader | 
+| RomFS      | RO  | 0x7275                  | /  | 
+| CPIO       | RO  | "070707"                | cpio, 7zip | 
+
+
+
+### Tools 
 
 * [unix/strings](#)
     ```ps1
@@ -175,17 +200,17 @@ Emulate : `qemu-system-avr -S -s -nographic -serial tcp::5678,server=on,wait=off
     3708          0xE7C           ARM executable code, 16-bit (Thumb), little endian, at least 522 valid instructions
     ```
 
-* [squashfs-tools/unsquashfs](#)
-    ```powershell
-    sudo unsquashfs -f -d /media/seagate /tmp/file.squashfs
-    ```
-
 * [onekey-sec/unblob](https://github.com/onekey-sec/unblob)
     ```ps1
     docker run --rm --pull always -v /path/to/extract-dir/on/host:/data/output -v /path/to/files/on/host:/data/input ghcr.io/onekey-sec/unblob:latest /data/input/path/to/file
     docker run --rm --pull always ghcr.io/onekey-sec/unblob:latest --help
     ```
 
+* [squashfs-tools/unsquashfs](https://github.com/plougher/squashfs-tools)
+    ```powershell
+    sudo unsquashfs -f -d /media/seagate /tmp/file.squashfs
+    ```
+
 * [onekey-sec/jefferson](https://github.com/onekey-sec/jefferson/) - JFFS2 filesystem extraction tool
     ```ps1
     pip install jefferson
@@ -193,6 +218,21 @@ Emulate : `qemu-system-avr -S -s -nographic -serial tcp::5678,server=on,wait=off
     jefferson file.jffs2 -d jffs2
     ```
 
+* [whataday/unyaffs](https://github.com/whataday/unyaffs) - YAFFS2 filesystem extraction tool
+    ```ps1
+    unyaffs [-l <layout>] [-t] [-v] [-V] <image_file_name> [<base dir>]
+        -l <layout>      set flash memory layout
+            layout=0: detect chunk and spare size (default)
+            layout=1:  2K chunk,  64 byte spare size
+            layout=2:  4K chunk, 128 byte spare size
+            layout=3:  8K chunk, 256 byte spare size
+            layout=4: 16K chunk, 512 byte spare size
+        -t               list image contents
+        -v               verbose output
+        -V               print version
+    ```
+
+
 ## Write new firmware
 
 * Repack firmware

docs/gadgets/memory-programmer.md

@@ -0,0 +1,6 @@
+# Memory Programmer
+
+
+![RT809H](../assets/memory-programmer-rt809h.jpg)
+
+RT809H with multiple adapters/sockets for eMMC/NAND Flash

docs/other/electronic-components.md

@@ -0,0 +1,19 @@
+# Electronic Components
+
+## Resistors
+
+## Capacitors
+
+## Transistors
+
+## Inductors
+
+
+## Integrated Circuit (IC) microchip
+
+### Microcontroller Unit (MCU)
+
+### System-on-Chip (SoC)
+
+### Trusted Platform Module (TPM)
+

docs/protocols/spi.md

@@ -30,7 +30,7 @@ SPI mainly involves four lines or wires:
 
 ## Dump Firmware via SPI
 
-Dump using a Raspberry Pi
+### Dump using a Raspberry Pi
 
 ```powershell
 sudo raspi-confi > Interface > SPI(P4)
@@ -49,12 +49,22 @@ An ESP8266 and ESP32 have several SPI busses available in hardware, SPI0 is hook
 $ python ./esptool.py read_flash --spi-connection HSPI 0 0x400000 flash_dump.bin
 ```
 
-Dump with HydraBus
+### Dump with HydraBus
 
 ```ps1
 flashrom --programmer serprog:dev=/dev/ttyACM0,spispeed=2M -c "MX25L12833F" --progress -r /tmp/image.bin
 ```
 
+### Dump with BusPirate
+
+```ps1
+flashrom -p buspirate_spi:dev=/dev/ttyUSB0
+flashrom -p buspirate_spi:dev=/dev/ttyUSB0 -c W25Q64.V
+
+flashrom -p buspirate_spi:dev=/dev/ttyUSB0 -c W25Q64.V -r firmware.bin
+```
+
+
 
 ## SPIFFS
 

overrides/main.html

@@ -14,6 +14,7 @@
     </div>
     <br>
     <script async src="https://static.addtoany.com/menu/page.js"></script>
+    <script defer src="https://cloud.umami.is/script.js" data-website-id="49aad71c-7d98-4635-8bd5-b6799c8874f8"></script>
   </div>
 {% endblock %}