An Exercise In Firmware Dumping With The GreatFET

June 4, 2021 by Tom Nardi 4 Comments

Looking to hone his hardware hacking skills, [James Chambers] recently set out to reverse engineer a common cheap wireless keyboard: the Logitech K360. The chipset it uses has already been fairly well explored (and exploited) by security researchers, but the goal here was more about gaining some practical hands-on experience than it was breaking any new ground.

The first post in what we’re sure will be a fascinating series deals with dumping the board’s firmware using the GreatFET. We actually haven’t seen too many projects that showcase the capabilities of this highly capable open hardware multi-tool, so the post serves as a nice demonstration of how one goes about writing the necessary Python scripts to put it to work in a practical scenario.

Of course, even with the best of tools, there’s always a few stumbling blocks. After identifying what was clearly some kind of programming header on the K360’s diminutive PCB, it took a few failed attempts at reading the firmware before [James] realized he needed to tap into more pins on the keyboard’s nRF24LE1 microcontroller. Once everything was physically wired up, he wrote some code for the GreatFET that would perform the proper incantations on the chip’s PROG and RESET pins to enable its programming interface.

[James] goes on to explain how you can pull some extended chip information out of the hardware and verify the contents of the firmware dump with Gihdra, but any more advanced analysis will have to wait until the next post in the series. In the meantime, if you like reading about hardware hacking from this “over the shoulder” viewpoint, you should check out some of the fantastic work that [wrongbaud] has sent in over the last year or so.

Creepy Tracking At The House Of Mouse

March 30, 2017 by Dan Maloney 70 Comments

If it’s been a few years since you’ve been to Disney World, you’re in for a surprise on your next visit. It seems the Happiest Place on Earth has become the Trackiest Place on Earth thanks to the Disney MagicBand, a multipurpose wristband that acts as your pass to all the Disney magic.

[Adam] recently returned from a Disney vacation and brought back his MagicBand, which quickly went under the knife for a peek at the magic inside. It turns out the technology is fairly mundane — a couple of flex PCBs with trace antennas and the usual trappings of an RFID transponder. But there’s also another antenna and a chip identified in a separate teardown as an NRF24LE1 2.4 GHz transceiver and microcontroller. The whole thing is powered by a coin cell, meaning the band isn’t just being interrogated by RFID – it’s actively transmitting and receiving.

What exactly it’s doing isn’t clear; Disney was characteristically cagey about specifics when [Adam] looked into the details, saying only that the bands “provide information that helps us improve the overall experience in our parks”. If you put aside the privacy concerns, it’s truly mind-boggling to think about the systems that must be in place to track thousands of these MagicBands around the enormous Disney property. And we can’t help but wonder if some of Disney R&D’s EM-Sense technology is at work in these wearables.

Thanks to [JohnU] for the tip.