Afaik there are different versions of this board. The actual CH341 chip is both 3.3V and 5V compatible (which is why the mod even works to begin with) although some boards don't use the integrated 3.3V circuit others do.
Alternately, there are CH341 dongles with blue PCBs that have just a bunch of pin headers, rather than a fancy socket. This has a proper design: it has a jumper that lets you select between powering the CH341 chip from either USB power or an onboard 3.3v regulator, which is what determines the logic voltage (per the datasheet). You have to think about how to hook it up a little bit more since you don't have the socket, but if you're not confident modifying a PCB it'd probably be an overall better purchase - usually it's a little bit cheaper too.
@@ryjelsum Yes right! I have same dongle as Ed, and mine has 3v3 bug. I juat want to warn and inform to be carefull, some IC will not tolerate 5v as data pulses
Yep... I have a set of axes that are also excellent "hacking tools" The BIG problem with youtube is there is NO citation..., if you go read something like POC || GTFO , you will see they ALWAYS use citation to give credit, that has now basically disappeared in this space. Additionally a problem is too many dumbasses watching youtube videos, spoiling it by taking credit for shit that has been done underground for decades... a "real hacker", might spend years taking something apart.. or decades in a particular field , only to find that if they tell someone else, that within a weak they are boasting and taking credit and the whole area is shut down. Some would think wow years taking something apart... they must not be very good...... yep right .. go look at the PlayStation hacks and the amount of work that went into those. along with all the "fake" side traps with code in chips that was NEVER EVER executed, but people spent years analising and tehn giving up.
He doesn't mention this in the video, but that CH341 device doesn't always work to read flash chips without desoldering. The problem is that in order to read from the flash chip, you have to power it. The CH341 can power a flash chip, but it can only output a limited amount of current. If the VCC rail connected to the flash chip is directly connected to other components too, it's possible the CH341 won't be able to power all those components, including the flash chip. In these cases, it's often best to just desolder the flash chip. Alternatively, you could connect a logic analyzer to the DI and DO pins of the flash chip, then power up the device. Use the logic analyzer to record the data stream as the CPU reads the flash contents. You may need to write a small program to convert the recording back into binary data though.
Just my experience, YYMV, but I used one to read and flash the BIOS of a Dell laptop. It functioned perfectly. I had to buy a second clip that connects to the chip since the first one refused to work.
@@MrWaalkman Yeah I'd say based on my experience that it works without desoldering about 80% of the time. It really just depends on whether your flash reader can provide enough power to the part of the board you're connected to.
Before unsoldering, just try plugging in the power cord in the device (but don't turn it on ofc) so it gets standby power to the chip. I've had this work on several devices. Some laptops require you to unplug the main battery as well if doing this.
1. add a electrolytic cap to the power rail (it looks odd, but, works) 100uF iirc. 2. Hold the reset pin on the uC low/high to stop the uC booting (if the bootloader uses the SPI bus it will corrupt your data). I had to do this to a tapo 200v3 to dump the firmware.
IMO, consumers should either: 1. Legally have FULL access to firmware OR 2. The C-Suite should be held legally liable for security breaches and face legal consequences equal to someone who makes and distributes malware as that's what they sold you.
Not really. They should not be forced. 1. Is their IP 2. Anybody can do mistakes. I think it's more simple: we should stop using the ones that we don't trust or like you said, the ones that don't open source their firmware.
I agree that this isn't the best. Just as a thought, imagine the law was done that way, then that means that if a company does give the full source of the firmware, then that would indemnify them and full onus would be on the buyer (and the vast majority of people wouldn't even be able to follow it, let alone detect vulnerabilities in it). It would be the equivalent of all of the ToS you agree to going forward being in a foreign language, and onus being on you for not knowing the language it is written in.
@marklonergan3898 No, that's dumb. You guys like, "uh hey excuse me, can you make things secure?". My point is that these people know exactly what they are doing by cutting corners and not making security the forefront of a product they are selling you. We need a major shift in policy regarding selling IoT electronics that punches a giant hole in your security because a group of c-suite asshole don't care about you or your data. It like Apple vs Arch Linux. We have at least two opitons: 1. Companies take responsibility for and are held liable for blatant security vulnerabilities. Im not talking zero days where you follow INDUSTRY STANDARDS but there are always going to be small vulnerabilities. I'm talking blatant bullshit like when an IP camera company leaves that admin password as, "password" and also hardcodes it. That is absolutely disgustingly lazy and should be prosecuted. OR 2. The company can release the firmware unencrypted and fully accessible to the user and they take full responsibility for their security knowing they chose the DIY. You either get to chose a company that takes over the liability for you, or you take it on yourself. It's literally not complicated like you're making it.
@@marklonergan3898 that is already what happens to most users. People play Minecraft without knowing English and the EULA has no translation. Same for most games and most SaaS. You not knowing the language of the contract you signed or not knowing the language of the code you have access to and are running doesn't exempt you from your responsibility. They wrote the EULA and distributed it, that is their part. So it would not be without precedent to requiring it to be open and leave the responsibility for the user.
Good points and good arguments! I’ll go ahead and add that while I totally agree with OP in PRINCIPLE, fining companies as criminals for distributing malware accidentally would immediately make most tech business unviable, since every piece of software I have ever seen has some flaw or breach of some kind.
[FacePalm] What do you think the deffinition of hacking is LMAO Hacking is the creative or unconventional use of tools, systems, or technologies to achieve a goal, often in ways they weren't originally intended to be used. It can involve exploring, modifying, or repurposing resources to solve problems, gain insights, or push boundaries. While hacking is often associated with computers, it can apply to anything where innovation or "thinking outside the box" comes into play.
This is the first time I have encountered someone pronouncing SPI as ‘SPY’. I have only heard ‘S-P-I’ previously. Thank you for the info. As an embedded software developer, I can say that if someone stores unencrypted firmware on an external flash, you are free to read it.
@@tavershimaako7034 Well it is said that way sometimes ... sucks to read people trying pretend they have the corner of being right ... google initialism vs acronyms. If you want S.P.I., then be more diligent with your language. Both are correct, and vary depending on the crowd.
Oh come on, such ridiculous clickbait. It's not a 'hacking tool' that should be potentially illegal. I used one to switch around some options and button functions on a multimeter. It's a valid utility like any of a hundred other tools. Geeze...
I actually used one of these for the first time recently! I bricked my Chromebook while flashing the stock firmware after having windows on it 😅. Pretty fun tool to mess around with and see how things work :)
@@kumaran627 what do you mean? I bricked it after flashing the wrong firmware when returning to ChromeOS, and used this to get the correct one on it. That Chromebook is still living lol
The only special thing about this product is the ZIF socket you're not even using for its purpose. For general SPI dumping you can use any old arduino or rpi lying around. Or if you get a more feature rich product such as bus pirate or tigard, you can do i2c, uart and others in addition to dumping SPI chips' memories.
What is the point of this "ethics" if part of the firmware can be used in rare cases for a device of another model. The only downside for the manufacturer is if new functions were added to the old product, for example, NVME support to the old system board. Because of this, slightly fewer users will buy a new product with NVME support.
You actually get the right to use a copy of the firmware, not the firmware itself. That being said, I can also see why some people would try. Putting not encrypted firmware on an embedded device, and the SPI flash is also not included in the SOC. Its an open invitation at this point
Openwrt is awesome, I had a couple of routers that I didn't use, after discovering openwrt I could use for something useful, but unfortunately the routers only had 4mb of flash and 32mb of ram, so I modified the openwrt partition system for my device to fit inside an 16mb chip, so now I had more storage, but the ram was still an issue, so I flashed a custom bootloader that could work with different ram chips, and then I replaced the ram with a 128mb and now the router has the latest update and I'm able to use all the extra features of openwrt, this is only possible because openwrt is opensource, thank you all for that :D
I actually have one of these lying around, I once bought to fix a broken BIOS. Interesting to see what you can do with them. I had no idea how common these kind of chips where. Or that you could use the flashrom command line tool to interact with it. You always learn something new!
the most effective thing you can do with your time is to make instructions on how to do this, because at some point if this is again a problem for you. you might not have to remake another bios that some one made because they learned from your instructions.
I was just thinking that this should be possible - thanks for confirming. I haven't bricked a computer yet - but it's nice to know all might not be lost if it ever happens.
I think I actually preferred the old camera style and video background (or lack thereof). Do like seeing new things though. Props for adding in pizzaz :)
I wish more new devices were still using SPI flash for more than eeprom config storage these days. TSOP isn’t too bad but requires more expensive readers and BGA just makes me want to cry.
1) Firmware is usually downloadable from manufacturer website , no need to dump it off the router 2) This programmer is not usually 3.3v logic level and requires quite finekey soldering 3) this programmer is massively unstable , writes , forget about it 4) bad drivers 5) don't cook your devices by reading it in circuit , it is a possibility , always desolder Wait till they findout how much you can do with just uart on some of these devices
Funfact: in some cases you don’t even need to use a flash reader to get the firmware. Most firms provide updated firmware’s that also often come in the .bin format and you could simply run these through binwalk. Even in the most up-to-date „secure“ version there are a lot of jucy CVEs waiting to be discovered. Ask me how I know lmao
10:30 if it uses GPL-like licensed parts, like linux, you actually need to be able to replace that bit. Of course, the root file system may contain other parts. And - if you report a bug, prepare to get sued.
This is the first time in my life I've ever heard anyone pronounce SPI as "SPY". But you're obviously a way superior low-level and embedded programmer than I am, so I'll follow your pronounciation from now on :D
@RaisalPradiptaBro a bunch of my fellow embedded engineers call it spy or spi interchangeably but then we also pronounce all the letters in the word sol-der in Australia 😁
The last time I needed a tool to read and write to SPI flash, I just got a Raspberry Pi. You might need to configure it to expose SPI interfaces (my 3b+ can do like 2 independent interfaces) over GPIO, and then you can just run flashrom directly on the device. Also, when dumping chips, a standard practice is to read the chip twice and diff the readouts to avoid any read errors corrupting the file. If you don't have a cable on your clip, you should use whatever cable that is the shortest and works for you, I remember reading that 20 cm is the upper bound, and I think I used 10 cm cables to connect the clip to my GPIO pins. The reader doesn't really matter if it works, but you might have one laying around without knowing it, and just need a clip to use it with for in situ reading and flashing. It's pretty much a requirement to do most coreboot and libreboot installs on computers, but taking ownership of the firmware you run is pretty cool and lets you do things that are otherwise impossible.
Love this device! Used it myself to remove the "whitelist" of acceptable wifi-adapters on a laptop years ago. It turned out it only accepted 4 devices in the whole world. It declined to boot if u used a good adapter that was not whitelisted. Damn i love that device. Have used it on alot of routers to bug-hunt aswell, and also decrypt firmware updates, since the key had to be stored in plaintext on the chip. :)
Most of well developed electronics will not have an easy access flash storage for their code. Either they use an encrypted binary on their flash or they use internal flash, which is not that easy to access.
Wow thanks for that video! Just got mine ch341a and into ezviz camera to see what dodgy stuff (that I saw on wireshark) they are actually doing. Least to say private keys are handled on a plate and they even managed to ship C source code into production so I don't even need gidhra 🙃 It's amazing how security assumptions were defeated with an 8$ chinese tool. Thanks again!
I used this exact tool to get the data from my BMW's 8 pin flashed onto a $50 replacement gauge cluster from eBay. Something that would have cost a trillion dollars at the dealer. Works like a charm.
big downside with these i find is if the board has more current draw then the chip or your usb port it wont read because it doesnt have enough current to turn the chip on -and- everything thats also connected to that 5v bus
Reverse engineering has been deemed to be completely legal if you do it in a clean room environment….basically disconnected from outside influence. You have to reverse engineer the firmware yourself without other input into how it’s done
I used one of these to unbrick my G75VX laptop in college after asus quoted me $900 to fix it after the laptop bricked when I told it to boot off the dvd drive lol
To be fair anyone that can buy a standard USB and can write 1 line of code can break a computer with worm malware they created. It is more about knowing how it’s used so you can combat against it. The number one rule in ethical hacking is to believe the black hat is always 1 step ahead. So we are always playing catch up in security.
I am not sure I buy the “open source is more secure” argument. After all you had people complaining about them, not fixing audio drivers for over a decade with problems that they knew existed in Linux. The first WORM that was ever written, was written by the son of an engineer who had access to the source code for the operating system. I knew guys who cracked games back in the 90s, but they had professional dev tools and games were only a few megabytes. Combing through even a few megabytes of an Assembly language for a platform you’re not familiar with is really hard. it’s way easier to find exploits in C source code.
Because it is not a hacking tool. It is a hardware development tool that you can use for hacking. Similar that the hammer which is normally used to drive nails into wood when building can be used to break windows and possible doors during a burglary. You cannot make random things illegal because people start using them for illegal things.
Vim probably appended a newline after your file when you changed the string. By changing it to U-boo you would have changed the alignment of everything after so you probably would not have had it boot correctly.
9:29 i don't know if the exact term in russian starts with an M. If not, it's most likely a reference to Matryoshka dolls, which fits nicely with the concept of recursion
The part where you use your genius to understand and your imagination to modify the firmware and do cool things, that's another meaning of "hacking" and it's fucking awesome
@@dutchlegend007 i guess it would kinda be considered "hardware hacking". If you find a default password or some vulnerabilities in the routers firmware etc.
I've reported many bugs in the past, never once got a bug bounty. Most I've been given is a thank you. Million dollar companies will not pay you. Don't waste your time helping them.
you're saying "spy" instead of SPI so many times, maybe I'll get used to it in the end... never mind it's impossible for me to get used to it, but I tried 😅 Nice video though, great work! ☺️
The title is misleading, as the tool makes reading firmware easier, but hunting bugs is a completely different matter which requires the source code or disassembling the binary.
I see a lot of people having a hard time understanding the deffinition of Hacking in the comments ... Forget the morality of making title clicbait away for algo/view purpous, this is still Hacking Hacking is the creative or unconventional use of tools, systems, or technologies to achieve a goal, often in ways they weren't originally intended to be used. It can involve exploring, modifying, or repurposing resources to solve problems, gain insights, or push boundaries. While hacking is often associated with computers, it can apply to anything where innovation or "thinking outside the box" comes into play.
Just used one of these devices this weekend to flash a modified bios on my AsRock motherboard, to enable ReBar support. AsRock has there instant flash locked down to only accept there signature. So it does have valid uses, which like many things, can be twisted to do bad things. Also you can easily do this with a raspberry pi.
This is tool as any other, if you use maliciously then is hacking tool. Like the hammer if hit nails then is tool if you hit someone in head then is cold weapon.
it's pronounced "spy", also GO CHECK OUT LOW LEVEL ACADEMY ITS PRETTY NEAT lowlevel.academy (poggers?)
poggers
As a former Invisalign user myself, one thing you quickly learn is that nobody really notices when you're wearing it or your Esses. You sounded great
Well I didn't notice it but NOW I am aware hahaha
No worries.
It's a S P I (it is an acronym) flash reader not a spy lol :P
To be real homie. I prefer the Invisalign in. I already have your voice burned in with the Esses so it sounds strange when they are missing.
Be aware of voltages! This device puts 5V on data lines to 3V3 TOE even when supply to TOE is set to 3V3. Look for 3v3 mod for ch341.
Good point!
Afaik there are different versions of this board. The actual CH341 chip is both 3.3V and 5V compatible (which is why the mod even works to begin with) although some boards don't use the integrated 3.3V circuit others do.
@@Ether_Void Yes, and because of that (some devices have this bug and some does not) I want to warn and inform anyone who want to use it.
Alternately, there are CH341 dongles with blue PCBs that have just a bunch of pin headers, rather than a fancy socket. This has a proper design: it has a jumper that lets you select between powering the CH341 chip from either USB power or an onboard 3.3v regulator, which is what determines the logic voltage (per the datasheet). You have to think about how to hook it up a little bit more since you don't have the socket, but if you're not confident modifying a PCB it'd probably be an overall better purchase - usually it's a little bit cheaper too.
@@ryjelsum Yes right! I have same dongle as Ed, and mine has 3v3 bug. I juat want to warn and inform to be carefull, some IC will not tolerate 5v as data pulses
So now a flash-reader is considered a "hacking tool"?
For Clickbait, everything technical could be a hacking tool
I guess you could call it "hardware hacking "
Yeah I mean, how is this "hacking tool" considered not legal?
Yep... I have a set of axes that are also excellent "hacking tools"
The BIG problem with youtube is there is NO citation..., if you go read something like POC || GTFO , you will see they ALWAYS use citation to give credit, that has now basically disappeared in this space.
Additionally a problem is too many dumbasses watching youtube videos, spoiling it by taking credit for shit that has been done underground for decades...
a "real hacker", might spend years taking something apart.. or decades in a particular field , only to find that if they tell someone else, that within a weak they are boasting and taking credit and the whole area is shut down.
Some would think wow years taking something apart... they must not be very good...... yep right .. go look at the PlayStation hacks and the amount of work that went into those.
along with all the "fake" side traps with code in chips that was NEVER EVER executed, but people spent years analising and tehn giving up.
@@upx12I prefer using an axe as a hacking tool. More efficient than a usb especially on trees
I recommend buying CH341a version 1.7 as it has selectable voltage and this is suitable for more chips
He doesn't mention this in the video, but that CH341 device doesn't always work to read flash chips without desoldering. The problem is that in order to read from the flash chip, you have to power it. The CH341 can power a flash chip, but it can only output a limited amount of current. If the VCC rail connected to the flash chip is directly connected to other components too, it's possible the CH341 won't be able to power all those components, including the flash chip. In these cases, it's often best to just desolder the flash chip.
Alternatively, you could connect a logic analyzer to the DI and DO pins of the flash chip, then power up the device. Use the logic analyzer to record the data stream as the CPU reads the flash contents. You may need to write a small program to convert the recording back into binary data though.
Just my experience, YYMV, but I used one to read and flash the BIOS of a Dell laptop. It functioned perfectly. I had to buy a second clip that connects to the chip since the first one refused to work.
@@MrWaalkman Yeah I'd say based on my experience that it works without desoldering about 80% of the time. It really just depends on whether your flash reader can provide enough power to the part of the board you're connected to.
Before unsoldering, just try plugging in the power cord in the device (but don't turn it on ofc) so it gets standby power to the chip. I've had this work on several devices.
Some laptops require you to unplug the main battery as well if doing this.
1. add a electrolytic cap to the power rail (it looks odd, but, works) 100uF iirc. 2. Hold the reset pin on the uC low/high to stop the uC booting (if the bootloader uses the SPI bus it will corrupt your data). I had to do this to a tapo 200v3 to dump the firmware.
@@jonlee312 Why would you put a relay between the CH341 and the flash chip?
The UA-cam algorithm will love these comments about the SPI / SPY topic. Maximum engagement, well played Ed!
@@OnlyHerculean that’s why he’s claiming it’s a phonetically pronounced abbreviation (it isn’t)
IMO, consumers should either:
1. Legally have FULL access to firmware
OR
2. The C-Suite should be held legally liable for security breaches and face legal consequences equal to someone who makes and distributes malware as that's what they sold you.
Not really. They should not be forced.
1. Is their IP
2. Anybody can do mistakes.
I think it's more simple: we should stop using the ones that we don't trust or like you said, the ones that don't open source their firmware.
I agree that this isn't the best. Just as a thought, imagine the law was done that way, then that means that if a company does give the full source of the firmware, then that would indemnify them and full onus would be on the buyer (and the vast majority of people wouldn't even be able to follow it, let alone detect vulnerabilities in it).
It would be the equivalent of all of the ToS you agree to going forward being in a foreign language, and onus being on you for not knowing the language it is written in.
@marklonergan3898 No, that's dumb. You guys like, "uh hey excuse me, can you make things secure?".
My point is that these people know exactly what they are doing by cutting corners and not making security the forefront of a product they are selling you.
We need a major shift in policy regarding selling IoT electronics that punches a giant hole in your security because a group of c-suite asshole don't care about you or your data.
It like Apple vs Arch Linux. We have at least two opitons:
1. Companies take responsibility for and are held liable for blatant security vulnerabilities. Im not talking zero days where you follow INDUSTRY STANDARDS but there are always going to be small vulnerabilities. I'm talking blatant bullshit like when an IP camera company leaves that admin password as, "password" and also hardcodes it. That is absolutely disgustingly lazy and should be prosecuted.
OR
2. The company can release the firmware unencrypted and fully accessible to the user and they take full responsibility for their security knowing they chose the DIY.
You either get to chose a company that takes over the liability for you, or you take it on yourself. It's literally not complicated like you're making it.
@@marklonergan3898 that is already what happens to most users. People play Minecraft without knowing English and the EULA has no translation.
Same for most games and most SaaS.
You not knowing the language of the contract you signed or not knowing the language of the code you have access to and are running doesn't exempt you from your responsibility. They wrote the EULA and distributed it, that is their part.
So it would not be without precedent to requiring it to be open and leave the responsibility for the user.
Good points and good arguments! I’ll go ahead and add that while I totally agree with OP in PRINCIPLE, fining companies as criminals for distributing malware accidentally would immediately make most tech business unviable, since every piece of software I have ever seen has some flaw or breach of some kind.
It took me a bit to realize he meant SPI not a special "spy" chip.
Same here! I've always spelled it out to help distinguish. Not that I talk much about "spy" chips, though...
@@criptych spy chips is what they eat at NSA
I don't call it "spy" but that is what it spells lol. Kinda like "pixie" vs "P.X.E." but in that case I use "pixie"
Good one.
That's why caption matters. Unfortunately not many UA-camr bothers with it.
that engineer is a SPI
@@lucia-fu5sv THERES A SPI CREEPIN AROUND HERE
@@ErikTheHalibut SPI's, bloody useless
BAP
He's SPI'ing on the firmware
This is not a hacking device.... It's a simple tool... Stupid click bait title.....
@@zadekeys2194 no, it is a SPY flash reader. Not a regular flash reader.
@@zadekeys2194 came here to say this!!!
@@zadekeys2194 everything is a hacking device if you're brave enough
Any tool is a hacking device
[FacePalm] What do you think the deffinition of hacking is LMAO
Hacking is the creative or unconventional use of tools, systems, or technologies to achieve a goal, often in ways they weren't originally intended to be used. It can involve exploring, modifying, or repurposing resources to solve problems, gain insights, or push boundaries. While hacking is often associated with computers, it can apply to anything where innovation or "thinking outside the box" comes into play.
If you buy this, make sure you voltage mod it. Can be used at full 5v and full3.3
Or just buy the pgraded version with green pcb and voltage selector.
This is the first time I have encountered someone pronouncing SPI as ‘SPY’. I have only heard ‘S-P-I’ previously. Thank you for the info.
As an embedded software developer, I can say that if someone stores unencrypted firmware on an external flash, you are free to read it.
Opinions on if I have to RE the FW decryption process every time I want to root my devices?
Literally what the first paragraph of this said. It made me uncomfortable xd
It sucks hearing him pronounce it spy
@@tavershimaako7034 Well it is said that way sometimes ... sucks to read people trying pretend they have the corner of being right ... google initialism vs acronyms.
If you want S.P.I., then be more diligent with your language.
Both are correct, and vary depending on the crowd.
@@arizali_ yes, for a french, it sound, like espion 🤭
Can you also rewrite the firmware in rust?
meh
Or in cpp;
1 trillion rust users triggered
@@Satoshic_ Me when I rewrite the firmware in pure Lambda Calculus 💀
Rust is too bloated.
We use Assembly now like a man who paid by hour.
No only JavaScript 😂
Oh come on, such ridiculous clickbait. It's not a 'hacking tool' that should be potentially illegal.
I used one to switch around some options and button functions on a multimeter. It's a valid utility like any of a hundred other tools. Geeze...
Wait till they findout what JTAG can do
I actually used one of these for the first time recently! I bricked my Chromebook while flashing the stock firmware after having windows on it 😅. Pretty fun tool to mess around with and see how things work :)
WİNDOWS ??? 🤮🤮🤮
Cooked it reading the flash in circuit ??
@@nildesperandum2034 Yup, I needed something a little more functional than chrome os, and at that point I knew a lot more about Windows than Linux.
@@kumaran627 what do you mean? I bricked it after flashing the wrong firmware when returning to ChromeOS, and used this to get the correct one on it. That Chromebook is still living lol
@@itscharlie0110 i was not that fortunate , trying to recover a bios on a laptop did not desolder the chip and now the board is cooked
The only special thing about this product is the ZIF socket you're not even using for its purpose. For general SPI dumping you can use any old arduino or rpi lying around. Or if you get a more feature rich product such as bus pirate or tigard, you can do i2c, uart and others in addition to dumping SPI chips' memories.
It's funny when people question the "ethics" of pulling the firmware off a device *they* purchased. You own the device, it's your firmware.
Too bad EULA exists. Which I have no idea if they apply on routers.
What is the point of this "ethics" if part of the firmware can be used in rare cases for a device of another model. The only downside for the manufacturer is if new functions were added to the old product, for example, NVME support to the old system board. Because of this, slightly fewer users will buy a new product with NVME support.
@@schistosomaharinasutai6913 EULAs have zero legal standing.
You actually get the right to use a copy of the firmware, not the firmware itself.
That being said, I can also see why some people would try. Putting not encrypted firmware on an embedded device, and the SPI flash is also not included in the SOC. Its an open invitation at this point
Yer but the manufacturer thinks its theirs...
There is a bug in the video at 11:18 (chroma key overflow).
Its a feature
@@KimYoungUn69but now it has been documented 😢
Openwrt is awesome, I had a couple of routers that I didn't use, after discovering openwrt I could use for something useful, but unfortunately the routers only had 4mb of flash and 32mb of ram, so I modified the openwrt partition system for my device to fit inside an 16mb chip, so now I had more storage, but the ram was still an issue, so I flashed a custom bootloader that could work with different ram chips, and then I replaced the ram with a 128mb and now the router has the latest update and I'm able to use all the extra features of openwrt, this is only possible because openwrt is opensource, thank you all for that :D
I wish I had the soldering skills to upgrade embedded RAM
I keked every time you pronounced SPI as SPY
Please use manual focus if your camera is not keeping up :)
Dude, my ears are literally bleeding from him pronouncing SPI as some Cold War Soviet fear
I tought that nothing can hurt my brain more than the pronouncing of SQL as "squeal" but here we are
I actually have one of these lying around, I once bought to fix a broken BIOS. Interesting to see what you can do with them. I had no idea how common these kind of chips where. Or that you could use the flashrom command line tool to interact with it. You always learn something new!
I used that to program bios chip on my laptop 🤣 because it broke after an update
Aahhhh ThinkChad in the comment section?!
the most effective thing you can do with your time is to make instructions on how to do this, because at some point if this is again a problem for you. you might not have to remake another bios that some one made because they learned from your instructions.
@@SM-qo9gr Im still rockin a T430 😂
@@robotron1236 best laptops for casual users. browsing emails and stuff. and its non arguable
I was just thinking that this should be possible - thanks for confirming.
I haven't bricked a computer yet - but it's nice to know all might not be lost if it ever happens.
I think I actually preferred the old camera style and video background (or lack thereof).
Do like seeing new things though. Props for adding in pizzaz :)
I wish more new devices were still using SPI flash for more than eeprom config storage these days. TSOP isn’t too bad but requires more expensive readers and BGA just makes me want to cry.
im sorry but SPI is pronounced S.P.I. not SPY! The hell is that???
Don't know man, it's just heartbreaking 😭
I had same issue with SCSI pronounciation (skuzi or whatever) that i encountered some time ago. I was pronouncing it letter by letter...
ah yes, because I want to say three distinct syllables instead of just saying "SPY". no thanks. shocking that somehow you still knew what I meant.
@@LowLevelTV what do you mean that language is about people understanding the meaning of others? 😱
I didn't realize what he was saying until he ran the flashrom command
1) Firmware is usually downloadable from manufacturer website , no need to dump it off the router
2) This programmer is not usually 3.3v logic level and requires quite finekey soldering
3) this programmer is massively unstable , writes , forget about it
4) bad drivers
5) don't cook your devices by reading it in circuit , it is a possibility , always desolder
Wait till they findout how much you can do with just uart on some of these devices
Is finekey the word finicky? I’m just trying to understand. I think that’s what you meant. 🤷🏼♂️🤷🏼♂️🤷🏼♂️
IT'S NOT SPY IT'S SPI
I used this to fix a expensive monitor that needed a chip reflashed after a power outage. So cool!
Better start backing up the firmware of all your devices
you are the very first person I have ever heard call it 'spy' also, its not a hacking tool just like the screwdriver you opened that router with ;)
Please be consistent and call I.S.P. "ISP"!
Thanks for finding your channel. big up man keep on going
No affiliate link to the device? Why?
because i am a moron
@@LowLevelTV add it to the description? I'd rather buy it and help you out then buy it and amazon get all the $$
@@LowLevelTV don't be offended. I really like your channel and my comment was in good faith.
Google: CH 341 - be a little more flexible, dude
@@Eng_Simoes think he’s just annoyed that he didn’t take the easy money 😂
11:20 "with this device", as the spi programmer fades into the green screen. lol.
It's probably a stealthy device
@@wernerviehhauser94 stealth boy
@@vitto_pincharrata must be a prototype since it only makes itself and not the wearer invisible :-)
Spy flash? I always pronounce it "Ess Pee Eye"
UA-cam algorithm. That’s what I’m thinking. 😂
Its an acronym we absolutly should just say the three letter ... but You know people like to shortcut and make "new words"-_- lol
Funfact: in some cases you don’t even need to use a flash reader to get the firmware. Most firms provide updated firmware’s that also often come in the .bin format and you could simply run these through binwalk. Even in the most up-to-date „secure“ version there are a lot of jucy CVEs waiting to be discovered. Ask me how I know lmao
10:30 if it uses GPL-like licensed parts, like linux, you actually need to be able to replace that bit. Of course, the root file system may contain other parts. And - if you report a bug, prepare to get sued.
This is the first time in my life I've ever heard anyone pronounce SPI as "SPY".
But you're obviously a way superior low-level and embedded programmer than I am, so I'll follow your pronounciation from now on :D
@RaisalPradiptaBro a bunch of my fellow embedded engineers call it spy or spi interchangeably but then we also pronounce all the letters in the word sol-der in Australia 😁
I’m glad your name is no longer low level learning.
fun fact: you can use a multitool such as flipper zero to dump SPI memory chips too!
The device can also with the correct software read spi-nand chips.
The last time I needed a tool to read and write to SPI flash, I just got a Raspberry Pi. You might need to configure it to expose SPI interfaces (my 3b+ can do like 2 independent interfaces) over GPIO, and then you can just run flashrom directly on the device.
Also, when dumping chips, a standard practice is to read the chip twice and diff the readouts to avoid any read errors corrupting the file. If you don't have a cable on your clip, you should use whatever cable that is the shortest and works for you, I remember reading that 20 cm is the upper bound, and I think I used 10 cm cables to connect the clip to my GPIO pins.
The reader doesn't really matter if it works, but you might have one laying around without knowing it, and just need a clip to use it with for in situ reading and flashing. It's pretty much a requirement to do most coreboot and libreboot installs on computers, but taking ownership of the firmware you run is pretty cool and lets you do things that are otherwise impossible.
This is my first time checking out one of your videos. I enjoyed it and subscribed! It's funny, at first I thought you were Sheldon grown up. LOL
This tool can you let you recover a failed BIOS update using another PC
Love this device!
Used it myself to remove the "whitelist" of acceptable wifi-adapters on a laptop years ago. It turned out it only accepted 4 devices in the whole world. It declined to boot if u used a good adapter that was not whitelisted. Damn i love that device.
Have used it on alot of routers to bug-hunt aswell, and also decrypt firmware updates, since the key had to be stored in plaintext on the chip. :)
Most of well developed electronics will not have an easy access flash storage for their code. Either they use an encrypted binary on their flash or they use internal flash, which is not that easy to access.
Wow thanks for that video! Just got mine ch341a and into ezviz camera to see what dodgy stuff (that I saw on wireshark) they are actually doing. Least to say private keys are handled on a plate and they even managed to ship C source code into production so I don't even need gidhra 🙃 It's amazing how security assumptions were defeated with an 8$ chinese tool. Thanks again!
Good timing! Just as I m waiting for mine to ship.
I also use CH341a to edit SFP I2C EEPROM information, very useful to change or crack SFP vendor lock!
I have one! Bought to fix a samsung tv which died after power gone for half a second.
I'm with this thing on my hands right now
not desoldering the chip may cause the opcodes being sent to other chips connected to the board and may cause issues
gotta love the hacker background
I used this exact tool to get the data from my BMW's 8 pin flashed onto a $50 replacement gauge cluster from eBay. Something that would have cost a trillion dollars at the dealer. Works like a charm.
big downside with these i find is if the board has more current draw then the chip or your usb port it wont read because it doesnt have enough current to turn the chip on -and- everything thats also connected to that 5v bus
9:27 -M for .. Matryoshka? The doll inside a doll inside a doll..
Guess that's how you can also label "recursive"
Reverse engineering has been deemed to be completely legal if you do it in a clean room environment….basically disconnected from outside influence. You have to reverse engineer the firmware yourself without other input into how it’s done
I used one of these to unbrick my G75VX laptop in college after asus quoted me $900 to fix it after the laptop bricked when I told it to boot off the dvd drive lol
I used one of these to put Coreboot on my Thinkpad!
To be fair anyone that can buy a standard USB and can write 1 line of code can break a computer with worm malware they created. It is more about knowing how it’s used so you can combat against it. The number one rule in ethical hacking is to believe the black hat is always 1 step ahead. So we are always playing catch up in security.
what keyboard are you using? sounds really good
I am not sure I buy the “open source is more secure” argument.
After all you had people complaining about them, not fixing audio drivers for over a decade with problems that they knew existed in Linux.
The first WORM that was ever written, was written by the son of an engineer who had access to the source code for the operating system.
I knew guys who cracked games back in the 90s, but they had professional dev tools and games were only a few megabytes. Combing through even a few megabytes of an Assembly language for a platform you’re not familiar with is really hard. it’s way easier to find exploits in C source code.
Because it is not a hacking tool. It is a hardware development tool that you can use for hacking. Similar that the hammer which is normally used to drive nails into wood when building can be used to break windows and possible doors during a burglary. You cannot make random things illegal because people start using them for illegal things.
Vim probably appended a newline after your file when you changed the string. By changing it to U-boo you would have changed the alignment of everything after so you probably would not have had it boot correctly.
Was just going to post that :) Much safer to edit with a hex editor, not text editor
And also probably exchanged any 00 with 20 LOL. Never edit binaries in a texteditor.
Love how when you mention "this device" for bug hunting, and hold it up... it mysteriously disappears! {ROFL}
This is like calling screwdrivers 'murder weapons'..
Would love more hardware hacking content like this! Keep it up!
9:29 i don't know if the exact term in russian starts with an M. If not, it's most likely a reference to Matryoshka dolls, which fits nicely with the concept of recursion
Hey dude, would this process work on let's say an old Datto or Cisco router?
What is the 'hacking' part?
The part where you use your genius to understand and your imagination to modify the firmware and do cool things, that's another meaning of "hacking" and it's fucking awesome
@@dutchlegend007 i guess it would kinda be considered "hardware hacking". If you find a default password or some vulnerabilities in the routers firmware etc.
11:18 What the hell is that stealth camo device you are holding?!
I've reported many bugs in the past, never once got a bug bounty. Most I've been given is a thank you. Million dollar companies will not pay you. Don't waste your time helping them.
As a newbie to hardware development, this is interesting
11:39 Something even cooler than this?! Say it ain't so!
There is a better one a newer version of the programmer you have shown. The one you are using could brick and fry some SoC
What about devices that boot off an SD card, like an old industrial device or more commonly an Anbernic game handheld?
where can i buy it? my hope to see affiliate link in description was not fulfilled
For the same reason a knife is legal. It's not the tool itself, its how you use it that determines if its legal or illegal
ah yes the spy flash. my favorite type of flash. lol
11:20 - what device ;)
you're saying "spy" instead of SPI so many times, maybe I'll get used to it in the end...
never mind it's impossible for me to get used to it, but I tried 😅
Nice video though, great work! ☺️
The title is misleading, as the tool makes reading firmware easier, but hunting bugs is a completely different matter which requires the source code or disassembling the binary.
bug hunting lol, keep it real dude
I see a lot of people having a hard time understanding the deffinition of Hacking in the comments ... Forget the morality of making title clicbait away for algo/view purpous, this is still Hacking
Hacking is the creative or unconventional use of tools, systems, or technologies to achieve a goal, often in ways they weren't originally intended to be used. It can involve exploring, modifying, or repurposing resources to solve problems, gain insights, or push boundaries. While hacking is often associated with computers, it can apply to anything where innovation or "thinking outside the box" comes into play.
Based 0:45 RE Chad.
If your stuff's vulnerable, make it invulnerable
binwalk ftw
where is the sexy purple room
😏
Yeah, fantastic content aside, I like the mandated YT purple room
Are any vids of this type NOT about routers? Any chance of doing this with another product please?
Actually it may need the 3.3v mod because the all the data lines are at 5V (because the chip is running at 5v).
top video! got it during lockdown times for unbrickin BIOS'es on PC's.
That backdrop is a green screen double whammy. Looks like someone plugged in a bad USB stick and got assimilated
What do you think of photonics?
Just used one of these devices this weekend to flash a modified bios on my AsRock motherboard, to enable ReBar support. AsRock has there instant flash locked down to only accept there signature. So it does have valid uses, which like many things, can be twisted to do bad things. Also you can easily do this with a raspberry pi.
This is tool as any other, if you use maliciously then is hacking tool. Like the hammer if hit nails then is tool if you hit someone in head then is cold weapon.
I believe right to repair act protects people now to do this type of work on your own appliances.
Wow the best advertisement for the old CH341a I have seen in my life!
You feel like an hacker after extracting the firmware off the chip later to realise the firmware is available from vendor website