JFFS + Update SPI/I2C

docs/debug-interfaces/uart.md

@@ -186,16 +186,17 @@ The closest common baudrate is : 115200. COnfigure the decoder and you should se
 
 ### Interact with UART
 
-Different command line tools to interact with UART:
+* Command line tools to interact with UART:
+
     ```powershell
     cu -l /dev/ttyUSB0 -s 115200
     microcom -d -s 115200 -p /dev/ttyUSB0
     minicom -b 115200 -o -D /dev/ttyUSB0 # To exit GNU screen, type Control-A k
     screen /dev/ttyUSB0 115200
-miniterm.py /dev/ttyUSB0 115200 | tee ./stuff.log # tee command to save output, useful for parsing
     ```
 
-Script to brute force a password protected UART:
+* Brute force a password protected UART:
+
     ```python
     import serial, time
     port = "/dev/ttyUSB0"
@@ -214,6 +215,15 @@ with open('/home/audit/Documents/IOT/passwords.lst', 'r') as f:
             time.sleep(10)
     ```
 
+* Interact with HydraBus
+
+    ```ps1
+    uart1> scan
+    uart1> show
+    uart1> speed 38400
+    uart1> bridge
+    ```
+
 
 ## UART over BLE
 

docs/firmware/firmware-dumping.md

@@ -180,6 +180,12 @@ Emulate : `qemu-system-avr -S -s -nographic -serial tcp::5678,server=on,wait=off
     sudo unsquashfs -f -d /media/seagate /tmp/file.squashfs
     ```
 
+* [onekey-sec/jefferson](https://github.com/onekey-sec/jefferson/) - JFFS2 filesystem extraction tool
+    ```ps1
+    pip install jefferson
+    jefferson filesystem.img -d outdir
+    jefferson file.jffs2 -d jffs2
+    ```
 
 ## Write new firmware
 
@@ -197,10 +203,10 @@ Emulate : `qemu-system-avr -S -s -nographic -serial tcp::5678,server=on,wait=off
 
 ## Type of firmware
 
-* SREC - Motorola S-Record : All S-record file lines start with a capital S.
+* `SREC` - Motorola S-Record : All S-record file lines start with a capital S.
-* Intel HEX lines all start with a colon.
+* `Intel HEX` lines all start with a colon.
-* TI-TXT is a Texas Instruments format, usually for the MSP430 series. Memory addresses are prepended with an **@**, and data is represented in hex.
+* `TI-TXT` is a Texas Instruments format, usually for the MSP430 series. Memory addresses are prepended with an **@**, and data is represented in hex.
-* Raw NAND dumps
+* `Raw` NAND dumps
 
 
 ## Check entropy

docs/protocols/bluetooth.md

@@ -177,12 +177,15 @@ ubertooth-btle -U 2 -A 39 -f  -c bulb_39.pcap
 
 ### Using Android HCI
 
-Enable the Bluetooth HCI log on the device via Developer Options—also from the SDK, there is a helpful tool called the **Bluetooth HCI snoop log** (available after version 4.4)
+Enable the Bluetooth HCI log on the device via Developer Options.
 
 > It works like a hook in the stack to capture all the HCI packets in a file. For most Android devices, the log file is at `/sdcard/btsnoop_hci.log` or `/sdcard/oem_log/btsnoop/`
 
 ```powershell
+$ adb devices
 $ adb pull /sdcard/oem_log/btsnoop/<your log file>.log
+$ adb pull /sdcard/btsnoop_hci.log
+$ adb bugreport filename
 ```
 
 

docs/protocols/i2c.md

@@ -22,6 +22,12 @@ I2C (Inter-Integrated Circuit), pronounced "I-squared-C" or "I-two-C", is a popu
     sudo make install
     ```
 
+* HydraBus
+    ```ps1
+    i2c1> show pins
+    i2c1> scan
+    ```
+
 
 ## Read / Write
 

docs/protocols/spi.md

@@ -30,11 +30,15 @@ SPI mainly involves four lines or wires:
 
 ## Dump Firmware via SPI
 
+Dump using a Raspberry Pi
+
 ```powershell
 sudo raspi-confi > Interface > SPI(P4)
-NOTE: might need a press/hold the reset button
+# NOTE: might need a press/hold the reset button
+
 # check
 sudo flashrom -p linux spi:dev=/dev/spidev0.0,spispeed=1000
+
 # dump
 sudo flashrom -p linux spi:dev=/dev/spidev0.0,spispeed=1000 -r dump.bin
 ```
@@ -45,6 +49,12 @@ An ESP8266 and ESP32 have several SPI busses available in hardware, SPI0 is hook
 $ python ./esptool.py read_flash --spi-connection HSPI 0 0x400000 flash_dump.bin
 ```
 
+Dump with HydraBus
+
+```ps1
+flashrom --programmer serprog:dev=/dev/ttyACM0,spispeed=2M -c "MX25L12833F" --progress -r /tmp/image.bin
+```
+
 
 ## SPIFFS