Last year [Emil] found themselves in the situation where a SEGGER J-link debug probe suddenly just stopped working. This was awkward not only because in-circuit debuggers are vital pieces of equipment in embedded firmware development, but also because they’re not that cheap. This led [Emil] to take the device apart to figure out what was wrong with it.
After checking voltages on the PCB, nothing obvious seemed wrong. The Tag-Connect style JTAG header on the PCB appeared to be a good second stop, requiring only a bit of work to reverse-engineer the exact pinout and hook up an ST-Link V2 in-circuit debugger to talk with the STM32F205RC MCU on the PCB. This led to the interesting discovery that apparently the MCU’s Flash ROM had seemingly lost the firmware data.
Fortunately [Emil] was able to flash back a version of the firmware which was available on the internet, allowing the J-Link device to work again. This was not the end of the story, however, as after this the SEGGER software was unable to update the firmware on the device, due to a missing bootloader that was not part of the firmware image.
Digging further into this, [Emil] found out a whole host of fascinating details about not only these SEGGER J-Link devices, but also the many clones that are out there, as well as the interesting ways that SEGGER makes people buy new versions of their debug probes.
(Thanks Zelea for the tip)
[Andrew] has an ASUS wl520-gU router that he is pretty fond of, despite its numerous problems. CPU clock bug aside, the router only has 16MB or memory like many others on the market. While tooling around with the bootloader he bricked the device, so he decided it was time for an overhaul.
After some searching online, he found that the router could be unbricked by shorting out one of the pins on its flash chip. With an emergency unbrick button installed on the board, he can now reset it in seconds by power cycling the device.
Now that he had a working router again, he proceeded to remedy his initial gripe – the lackluster amount of memory. He soldered in a 512Mbit (64MB) module in the original chip’s place, crossed his fingers and booted the router. It started up just fine, so he ran a few commands to instruct the router to recognize the new memory capacity. After rebooting, he found that it only recognized 32MB of RAM, which was remedied by soldering a 22 Ohm resistor to one of the module’s pins.
It did take a bit of careful soldering to get things upgraded and working, but we think it was well worth the effort.
[Adam Outler] and [Rebellos] have been working feverishly to advance the world of mobile device hacking. They’re attacking on two fronts, making it easier for the common hacker to monkey with the phone’s firmware and OS with impunity, and by finding ways to make regular handsets into dev-hardware for low-level hacking.
The Hummingbird Interceptor Bootloader (HIBL) circumvents the chain of trust on smartphones running the Cortex-A8 family of processors. This opens a lot of doors, not the least of which is the ability to run any OS that you’re capable of porting to the hardware. We’re certain that Android builds will come first as they are open-source, but there’s talk of iOS or Windows Phone being run after some heavy assembly hacking.
But the two developers are trying to bring more people into the fold with their recent hacks. [Adam] has put out a call for your broken hardware. He needs your dead smartphone boards to reverse engineer the circuitry. Soldering one wire from the OM5 pin on the processor to the OM1 resistor will make the phones unbrickable (something we heard about back in July) and remove the need for soldering in a JTAG interface. With borked hardware in hand he pops off the processor and traces out this connection as well as the UART pins.
The soldering isn’t an easy process, but it’s a marked improvement that breaks down more barriers that keep people from hacking their coveted hardware. The clip after the break shows how easy it now is to recover your phone if something goes wrong while messing with the firmware or OS.
Continue reading “Smartphone Hacking Without Risk – Plus, Broken Phones Needed”
[Adam Outler] has been pretty heavy into mobile device hacking lately. The biggest problem with that field is recovering from back flashes or development firmware glitches. In many cases you can use a JTAG programmer to reflash stock firmware to resurrect a handset. Unfortunately you’ll be hard pressed to find a phone that comes with a JTAG header, and soldering to the microelectronic boards is not for the faint of heart.
But a solution is here, [Adam] pulled together a wide set of resources to create a package to unbrick Samsung phones. Now we’re sure that there’s more than a handful of people who would argue that a bad firmware flash that can be fixed this way means that the phone wasn’t actually “bricked” in the first place. But what we see is one more barrier torn down between being a hardware user and becoming a hardware hacker. You’re much more likely to get in there and get your hands dirty if you know that you’ll be able to undo your mistakes and reclaim you precious pocket hardware. See just how easy it is in the video after the break.
Continue reading “One-click Unbrick For Samsung Phones”