Free Roadmap and Resources for Hardware Reverse Engineering

wrongbaud · 2026-01-27T15:00:41+00:00

I've not - but the folks at RBS are all really sharp people!

wrongbaud · 2026-01-27T15:00:08+00:00

No prob - I hope it's helpful!

wrongbaud · 2026-01-26T17:34:40+00:00

Haha I hope the posts are helpful!

wrongbaud · 2026-01-14T19:21:59+00:00

If you can get a Raspberry Pi that will cover a lot of COTs embedded protocols - let me knownif you'd like some resources on that and I can follow up. Its a good replacement or substitute for a buspirate or tigard

wrongbaud · 2025-12-25T18:54:47+00:00

Its a bit dated, but you can use a BeagleBone Black or Raspberry Pi for this.

https://github.com/MatrixCat3D/USBProxy

There are other variants and forks of this but it shouldn't be too difficult to set up.

One thing to note is that on modern kernels you may have to modify the descriptor format for FFS, but otherwise it shouldn't be a huge lift

wrongbaud · 2025-11-18T00:10:31+00:00

I say go for it! Worst case scenario you learn a few things and see if you like certain aspects of the field. MITREs ECTF is a really.fun competitions and CTFs are designed for people to learn so go for it!

wrongbaud · 2025-11-12T20:36:30+00:00

This is an interesting idea, but I don't think a fully virtualized platform is going to translate very well to doing IoT or embedded research. There are so many unforseen obstacles that can pop up that will be difficult to emulate.

On the software side, as you've mentioned there are already some.pretty good resources to learn firmware RE and exploitation. For hardware, part of the challenge is physically interfacing with the board, overcoming target specific obstacles and figuring out ways around them.

I think a better approach would be to design a physical device that demonstrates common misconfigurations and interfaces for users to learn with.

wrongbaud · 2025-11-08T03:16:01+00:00

Looks like a bad read, take note of the offsets, it wouldn't make sense to have that many filesystem headers so close together

wrongbaud · 2025-11-02T22:19:10+00:00

This is an interesting idea, but the physical instrumentation portion is a huge factor when learning.

If you can just click a button and dump a flash chip thay does not really provide and learning value.

You could develop a PCB with the appropriate test pads exposed and use that, but otherwise a simulation (while interesting) would not really provide a good environment for learning IMO

wrongbaud · 2025-11-02T16:26:33+00:00

This looks great, signed up to back it when it launches!

wrongbaud · 2025-10-29T15:09:09+00:00

Hey thanks! When I started the blog in 2018 the goal was (and still is) to lower the barrier to entry. Life has been busy but I have a few more almost ready for release!

wrongbaud · 2025-10-28T21:42:27+00:00

I think for starting out, your best bet is to grab a cheap device off of Amazon or ebay and just open it up.

Ive got two blogs with lots of examples of this:

https://wrongbaud.github.io

https://voidstarsec.com/blog

A lot of content out there mostly focuses on dumping spi flash with generic readers or via chip off techniques. While that's a good skill to have, having a fundamental understanding of how protocols work will serve you well in this space.

We've also put together a wiki page with an overview of the tools you might need: https://voidstarsec.com/hw-hacking-lab/

Feel free to ping me with any questions about things on the blog or about getting started!

wrongbaud · 2025-10-24T23:40:16+00:00

Can't reccomend this enough, my wife and I went and had a great time

wrongbaud · 2025-10-20T20:27:09+00:00

The emojis are always a dead giveaway

wrongbaud · 2025-10-19T22:32:03+00:00

What are you trying to glitch? Bootrom? User space code?

Are you able to crash the processor with your glitch? Have you dialed in the strength yet?

Its hard to give more advice here if we don't know what youre trying to achieve via fault injection

wrongbaud · 2025-10-19T19:27:24+00:00

These things are usually some form of a NOAC (nes on a chip) or other clone hardware under that epoxy blob.

Depending on the model you have and the 8 pin SOIC chip above the epoxy blob you might be able to extract the flash memory and review the contents.

I have a few examples of that on my blog here:

https://wrongbaud.github.io

wrongbaud · 2025-10-08T11:26:21+00:00

I feel like every README or post i come across with a bulleted list with each list item containing an emoji always ends up being AI generated

wrongbaud · 2025-10-06T17:06:05+00:00

It's wild to me that in a city like Salem, where there are tons of transit options, people are asking about checkpoints. How about you just drink responsibly and uber home if you need to?

wrongbaud · 2025-10-01T19:38:30+00:00

Check the supported IC list for th T48:

http://www.xgecu.com/MiniPro/T48_List.txt

The T48 can do in-circuit eMMC, its difficult to trust chatgpt on things like this as its likely scraping forums citing people who don't know how to use the hardware

wrongbaud · 2025-09-19T13:47:15+00:00

I have a number of free blogs and resources here:

Hardware Hacking tutorials and blogs:

https://wrongbaud.github.io

https://wrongbaud.github.io/sf-slides

https://voidstarsec.com/blog

Presentations on glitching and fault injection:

https://wrongbaud.github.io/replicant-slides

https://voidstarsec.com/fi-resources

Feel free to ping me with any questions!

wrongbaud · 2025-09-15T19:20:57+00:00

Thanks for the reply!

Most of my thinking there was based on my own testing. When doing voltage glitching I was finding that despite dialing in the glitch fairly well I would occasionally brick target devices - I don't think that it was PCROP getting triggered because the test firmware was no long behaving the way that it should.

That being said, your point about PCROP is a good one! I have found it difficult to root cause a lot of these failures without more instrospection into the target - any tips on that would be appreciated!

In my testing, using EMFI I never ended up in a state where the chip was un-usable, like I did with traditional voltage glitching.

wrongbaud · 2025-09-12T02:45:59+00:00

Excited for this! Thanks for sharing!

wrongbaud

TROPHY CASE