OpenTechLab

Link to this comparison view

--- videos:016:notes [2019/04/12 16:09]
joel [Boot Rom]
+++ videos:016:notes [2019/08/25 08:01]
joel [IT9919 Hacking - part 1 - Reading firmware with flashrom]
@@ Line 1: / Line 1: @@
-====== IT9919 Reverse Engineering ======
+====== IT9919 Hacking - part 1 - Reading firmware with flashrom ======
-{{:videos:016:still4.jpg?600|}}
 <html>
+<iframe width="854" height="480" src="https://www.youtube.com/embed/j7JRosD_ua8" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
 </html>
-<panel title="Summary" subtitle="Dec ??, 2018">
+<panel title="Summary" subtitle="Aug 20, 2019">
-<panel-body>
+<panel-body>In this series I will be hacking around with the IT9919 media processor that powers the Lenkeng LKV373 HDMI Extender Device and the EZCAP 283S which were reviewed in previous videos.
-Experiments reprogramming the firmware of the IT9919 media processor with flashrom and STM32 Blue Pill boards.
-</panel-body>
+In this video I will show some tools and techniques for reading and writing to flash chips with the flashrom open-source flash-reader software and "Blue Pill" STM32F103 board</panel-body>
 <list-group>
+  * [[https://www.youtube.com/watch?v=j7JRosD_ua8|YouTube]]
+  * [[https://peertube.social/videos/watch/ad79bda5-8625-4a8c-9494-a2371d573432|PeerTube]]
 </list-group>
 </panel>
@@ Line 14: / Line 16: @@
 ===== Source Information =====
   * [[https://blog.danman.eu/new-version-of-lenkeng-hdmi-over-ip-extender-lkv373a/|Danman's Original Blog Post]]
-  * v3l0c1r4pt0r: Reverse Engineering the LKV373A
-      - [[https://re-ws.pl/2017/09/importlkv373a-hdmi-to-ethernet-converter-firmware-image-format/|Firmware image format]]
-      - [[https://re-ws.pl/2017/09/identifying-processor-architecture/|Identifying processor architecture]]
-      - [[https://re-ws.pl/2017/09/lkv373a-reverse-engineering-instruction-set-architecture/|Reverse engineering instruction set architecture]]
-      - [[https://re-ws.pl/2017/11/lkv373a-crafting-elf/|Crafting ELF]]
-      - [[https://re-ws.pl/2017/12/lkv373a-porting-objdump/|Porting objdump]]
-      - [[https://re-ws.pl/2018/01/lkv373a-state-of-the-reverse-engineering/|State of the reverse engineering]]
   * [[https://github.com/v3l0c1r4pt0r/lkv-wiki/wiki|lkv-wiki]]
     * [[https://github.com/v3l0c1r4pt0r/lkv-wiki/wiki/Instruction-Set-Architecture|Instruction Set Architecture]]
@@ Line 26: / Line 21: @@
   * [[https://drive.google.com/drive/u/0/folders/0B3mWuDyxrXyKZkxwYi1JNllENXc|Daniel Kucera's Repository]] (includes upgrade files, and other captured information).
-===== Collected Firmware =====
+===== Firmware Backups =====
   * Backups of the original content of the flash chips: {{ :videos:016:20181226-lkv-373a-backups.zip |}}
 ===== Blue Pill Flash Reading =====
-{{:videos:016:201812-rig-photo.jpg?600|}}
 ==== General Info ====
@@ Line 38: / Line 31: @@
 === Software ===
   * Firmware: [[https://github.com/dword1511/stm32-vserprog|stm32-vserproc]]
-    * [[https://github.com/jhol/stm32-vserprog/tree/gpio|Modified version with GPIO command]]
 === Wiring ===
 ^ Serial Port Pin  ^ Blue Pill Pin  ^
@@ Line 50: / Line 42: @@
 ==== Reading/Writing Flash ====
 === Wiring ===
+{{:videos:016:20190415-flash-resistor-wiring.jpg?400|}}
 ^ 23/25/26 Series Pin  ^ Blue Pill Pin                          ^
 | 1 (CS#)              | PA4                                    |
@@ Line 59: / Line 53: @@
 | 7 (HOLD#)            | 3.3                                    |
 | 8 (VCC)              | 3.3                                    |
-===== Boot Rom =====
-  * Internal Bootloader ROM: {{ :videos:016:20190318-rom.zip |}}
-==== Call Graph ====
-Functions are labelled with: address, number of instructions, presence of SMED(IA02) and SMAZ comparisons, and register accesses.
-{{:videos:016:20190411-call-graph.png?600|}}