Yep... I have a set of axes that are also excellent "hacking tools" The BIG problem with youtube is there is NO citation..., if you go read something like POC || GTFO , you will see they ALWAYS use citation to give credit, that has now basically disappeared in this space. Additionally a problem is too many dumbasses watching youtube videos, spoiling it by taking credit for shit that has been done underground for decades... a "real hacker", might spend years taking something apart.. or decades in a particular field , only to find that if they tell someone else, that within a weak they are boasting and taking credit and the whole area is shut down. Some would think wow years taking something apart... they must not be very good...... yep right .. go look at the PlayStation hacks and the amount of work that went into those. along with all the "fake" side traps with code in chips that was NEVER EVER executed, but people spent years analising and tehn giving up.
Afaik there are different versions of this board. The actual CH341 chip is both 3.3V and 5V compatible (which is why the mod even works to begin with) although some boards don't use the integrated 3.3V circuit others do.
Alternately, there are CH341 dongles with blue PCBs that have just a bunch of pin headers, rather than a fancy socket. This has a proper design: it has a jumper that lets you select between powering the CH341 chip from either USB power or an onboard 3.3v regulator, which is what determines the logic voltage (per the datasheet). You have to think about how to hook it up a little bit more since you don't have the socket, but if you're not confident modifying a PCB it'd probably be an overall better purchase - usually it's a little bit cheaper too.
@@ryjelsum Yes right! I have same dongle as Ed, and mine has 3v3 bug. I juat want to warn and inform to be carefull, some IC will not tolerate 5v as data pulses
[FacePalm] What do you think the deffinition of hacking is LMAO Hacking is the creative or unconventional use of tools, systems, or technologies to achieve a goal, often in ways they weren't originally intended to be used. It can involve exploring, modifying, or repurposing resources to solve problems, gain insights, or push boundaries. While hacking is often associated with computers, it can apply to anything where innovation or "thinking outside the box" comes into play.
He doesn't mention this in the video, but that CH341 device doesn't always work to read flash chips without desoldering. The problem is that in order to read from the flash chip, you have to power it. The CH341 can power a flash chip, but it can only output a limited amount of current. If the VCC rail connected to the flash chip is directly connected to other components too, it's possible the CH341 won't be able to power all those components, including the flash chip. In these cases, it's often best to just desolder the flash chip. Alternatively, you could connect a logic analyzer to the DI and DO pins of the flash chip, then power up the device. Use the logic analyzer to record the data stream as the CPU reads the flash contents. You may need to write a small program to convert the recording back into binary data though.
Just my experience, YYMV, but I used one to read and flash the BIOS of a Dell laptop. It functioned perfectly. I had to buy a second clip that connects to the chip since the first one refused to work.
@@MrWaalkman Yeah I'd say based on my experience that it works without desoldering about 80% of the time. It really just depends on whether your flash reader can provide enough power to the part of the board you're connected to.
Before unsoldering, just try plugging in the power cord in the device (but don't turn it on ofc) so it gets standby power to the chip. I've had this work on several devices. Some laptops require you to unplug the main battery as well if doing this.
1. add a electrolytic cap to the power rail (it looks odd, but, works) 100uF iirc. 2. Hold the reset pin on the uC low/high to stop the uC booting (if the bootloader uses the SPI bus it will corrupt your data). I had to do this to a tapo 200v3 to dump the firmware.
This is the first time I have encountered someone pronouncing SPI as ‘SPY’. I have only heard ‘S-P-I’ previously. Thank you for the info. As an embedded software developer, I can say that if someone stores unencrypted firmware on an external flash, you are free to read it.
@@tavershimaako7034 Well it is said that way sometimes ... sucks to read people trying pretend they have the corner of being right ... google initialism vs acronyms. If you want S.P.I., then be more diligent with your language. Both are correct, and vary depending on the crowd.
IMO, consumers should either: 1. Legally have FULL access to firmware OR 2. The C-Suite should be held legally liable for security breaches and face legal consequences equal to someone who makes and distributes malware as that's what they sold you.
Not really. They should not be forced. 1. Is their IP 2. Anybody can do mistakes. I think it's more simple: we should stop using the ones that we don't trust or like you said, the ones that don't open source their firmware.
I agree that this isn't the best. Just as a thought, imagine the law was done that way, then that means that if a company does give the full source of the firmware, then that would indemnify them and full onus would be on the buyer (and the vast majority of people wouldn't even be able to follow it, let alone detect vulnerabilities in it). It would be the equivalent of all of the ToS you agree to going forward being in a foreign language, and onus being on you for not knowing the language it is written in.
@marklonergan3898 No, that's dumb. You guys like, "uh hey excuse me, can you make things secure?". My point is that these people know exactly what they are doing by cutting corners and not making security the forefront of a product they are selling you. We need a major shift in policy regarding selling IoT electronics that punches a giant hole in your security because a group of c-suite asshole don't care about you or your data. It like Apple vs Arch Linux. We have at least two opitons: 1. Companies take responsibility for and are held liable for blatant security vulnerabilities. Im not talking zero days where you follow INDUSTRY STANDARDS but there are always going to be small vulnerabilities. I'm talking blatant bullshit like when an IP camera company leaves that admin password as, "password" and also hardcodes it. That is absolutely disgustingly lazy and should be prosecuted. OR 2. The company can release the firmware unencrypted and fully accessible to the user and they take full responsibility for their security knowing they chose the DIY. You either get to chose a company that takes over the liability for you, or you take it on yourself. It's literally not complicated like you're making it.
@@marklonergan3898 that is already what happens to most users. People play Minecraft without knowing English and the EULA has no translation. Same for most games and most SaaS. You not knowing the language of the contract you signed or not knowing the language of the code you have access to and are running doesn't exempt you from your responsibility. They wrote the EULA and distributed it, that is their part. So it would not be without precedent to requiring it to be open and leave the responsibility for the user.
Good points and good arguments! I’ll go ahead and add that while I totally agree with OP in PRINCIPLE, fining companies as criminals for distributing malware accidentally would immediately make most tech business unviable, since every piece of software I have ever seen has some flaw or breach of some kind.
I actually used one of these for the first time recently! I bricked my Chromebook while flashing the stock firmware after having windows on it 😅. Pretty fun tool to mess around with and see how things work :)
@@kumaran627 what do you mean? I bricked it after flashing the wrong firmware when returning to ChromeOS, and used this to get the correct one on it. That Chromebook is still living lol
I actually have one of these lying around, I once bought to fix a broken BIOS. Interesting to see what you can do with them. I had no idea how common these kind of chips where. Or that you could use the flashrom command line tool to interact with it. You always learn something new!
Oh come on, such ridiculous clickbait. It's not a 'hacking tool' that should be potentially illegal. I used one to switch around some options and button functions on a multimeter. It's a valid utility like any of a hundred other tools. Geeze...
The only special thing about this product is the ZIF socket you're not even using for its purpose. For general SPI dumping you can use any old arduino or rpi lying around. Or if you get a more feature rich product such as bus pirate or tigard, you can do i2c, uart and others in addition to dumping SPI chips' memories.
What is the point of this "ethics" if part of the firmware can be used in rare cases for a device of another model. The only downside for the manufacturer is if new functions were added to the old product, for example, NVME support to the old system board. Because of this, slightly fewer users will buy a new product with NVME support.
You actually get the right to use a copy of the firmware, not the firmware itself. That being said, I can also see why some people would try. Putting not encrypted firmware on an embedded device, and the SPI flash is also not included in the SOC. Its an open invitation at this point
the most effective thing you can do with your time is to make instructions on how to do this, because at some point if this is again a problem for you. you might not have to remake another bios that some one made because they learned from your instructions.
I was just thinking that this should be possible - thanks for confirming. I haven't bricked a computer yet - but it's nice to know all might not be lost if it ever happens.
Openwrt is awesome, I had a couple of routers that I didn't use, after discovering openwrt I could use for something useful, but unfortunately the routers only had 4mb of flash and 32mb of ram, so I modified the openwrt partition system for my device to fit inside an 16mb chip, so now I had more storage, but the ram was still an issue, so I flashed a custom bootloader that could work with different ram chips, and then I replaced the ram with a 128mb and now the router has the latest update and I'm able to use all the extra features of openwrt, this is only possible because openwrt is opensource, thank you all for that :D
I think I actually preferred the old camera style and video background (or lack thereof). Do like seeing new things though. Props for adding in pizzaz :)
I wish more new devices were still using SPI flash for more than eeprom config storage these days. TSOP isn’t too bad but requires more expensive readers and BGA just makes me want to cry.
literally just started playing with mine last night, pulled a BIOS off an old device, if you have a flipper you can also do this with the SPI memory application, raspi can do this as well, that's what I used back in my coreboot days. I found the soic-8 clip on this particular model to be much better quality than some of the other ones i've seen on amazon.
1) Firmware is usually downloadable from manufacturer website , no need to dump it off the router 2) This programmer is not usually 3.3v logic level and requires quite finekey soldering 3) this programmer is massively unstable , writes , forget about it 4) bad drivers 5) don't cook your devices by reading it in circuit , it is a possibility , always desolder Wait till they findout how much you can do with just uart on some of these devices
Love this device! Used it myself to remove the "whitelist" of acceptable wifi-adapters on a laptop years ago. It turned out it only accepted 4 devices in the whole world. It declined to boot if u used a good adapter that was not whitelisted. Damn i love that device. Have used it on alot of routers to bug-hunt aswell, and also decrypt firmware updates, since the key had to be stored in plaintext on the chip. :)
Wow thanks for that video! Just got mine ch341a and into ezviz camera to see what dodgy stuff (that I saw on wireshark) they are actually doing. Least to say private keys are handled on a plate and they even managed to ship C source code into production so I don't even need gidhra 🙃 It's amazing how security assumptions were defeated with an 8$ chinese tool. Thanks again!
This is the first time in my life I've ever heard anyone pronounce SPI as "SPY". But you're obviously a way superior low-level and embedded programmer than I am, so I'll follow your pronounciation from now on :D
@RaisalPradiptaBro a bunch of my fellow embedded engineers call it spy or spi interchangeably but then we also pronounce all the letters in the word sol-der in Australia 😁
Just used one of these devices this weekend to flash a modified bios on my AsRock motherboard, to enable ReBar support. AsRock has there instant flash locked down to only accept there signature. So it does have valid uses, which like many things, can be twisted to do bad things. Also you can easily do this with a raspberry pi.
I actually use this a lot with hardware hacking and tinkering cause its fun and i like that you can back up the whole device flash menaing i can mess with the firmware as much as i want and not having to worry about it never being able to function normally again or for it to become bricked forever. Also its fun to see 99% embedded devices running Linux and busybox. Alao often they ditch the gpl and dont comply which is lovely cause more fun trying to crack the software of a device and unveiling its secrets
I used this exact tool to get the data from my BMW's 8 pin flashed onto a $50 replacement gauge cluster from eBay. Something that would have cost a trillion dollars at the dealer. Works like a charm.
you're saying "spy" instead of SPI so many times, maybe I'll get used to it in the end... never mind it's impossible for me to get used to it, but I tried 😅 Nice video though, great work! ☺️
Vim probably appended a newline after your file when you changed the string. By changing it to U-boo you would have changed the alignment of everything after so you probably would not have had it boot correctly.
Most of well developed electronics will not have an easy access flash storage for their code. Either they use an encrypted binary on their flash or they use internal flash, which is not that easy to access.
Reverse engineering has been deemed to be completely legal if you do it in a clean room environment….basically disconnected from outside influence. You have to reverse engineer the firmware yourself without other input into how it’s done
I see a lot of people having a hard time understanding the deffinition of Hacking in the comments ... Forget the morality of making title clicbait away for algo/view purpous, this is still Hacking Hacking is the creative or unconventional use of tools, systems, or technologies to achieve a goal, often in ways they weren't originally intended to be used. It can involve exploring, modifying, or repurposing resources to solve problems, gain insights, or push boundaries. While hacking is often associated with computers, it can apply to anything where innovation or "thinking outside the box" comes into play.
To be fair anyone that can buy a standard USB and can write 1 line of code can break a computer with worm malware they created. It is more about knowing how it’s used so you can combat against it. The number one rule in ethical hacking is to believe the black hat is always 1 step ahead. So we are always playing catch up in security.
10:30 if it uses GPL-like licensed parts, like linux, you actually need to be able to replace that bit. Of course, the root file system may contain other parts. And - if you report a bug, prepare to get sued.
I am not sure I buy the “open source is more secure” argument. After all you had people complaining about them, not fixing audio drivers for over a decade with problems that they knew existed in Linux. The first WORM that was ever written, was written by the son of an engineer who had access to the source code for the operating system. I knew guys who cracked games back in the 90s, but they had professional dev tools and games were only a few megabytes. Combing through even a few megabytes of an Assembly language for a platform you’re not familiar with is really hard. it’s way easier to find exploits in C source code.
I used one of these to unbrick my G75VX laptop in college after asus quoted me $900 to fix it after the laptop bricked when I told it to boot off the dvd drive lol
big downside with these i find is if the board has more current draw then the chip or your usb port it wont read because it doesnt have enough current to turn the chip on -and- everything thats also connected to that 5v bus
The title is misleading, as the tool makes reading firmware easier, but hunting bugs is a completely different matter which requires the source code or disassembling the binary.
This is tool as any other, if you use maliciously then is hacking tool. Like the hammer if hit nails then is tool if you hit someone in head then is cold weapon.
"see's all the internet traffic in the house" Yes, the mostly -- almost entirely encrypted traffic.. Still not good. But I think it's important to not freak people out too much.
I've reported many bugs in the past, never once got a bug bounty. Most I've been given is a thank you. Million dollar companies will not pay you. Don't waste your time helping them.
I really like the Gov't suing people when people find out the Gov't has no security and does stuff like display your social security card in the html for some reason, gets your information stolen and then files charges for you finding it on the 'dark web', etc.
this isnt a hacking tool. its just a tool. i have several of these and have used them dozens of times to repair bricked devices, GPUs and more. if you use a screwdriver to remove your neighbor's door hinges and steal their stuff, it doesn't make a screwdriver a "burglary tool".. it just makes you a burglar. i can bypass all kinds of software security with a phone charger, pocket knife and a lighter. but it doesn't make it a hacking tool.. its still just a phone charger.
If the software is designed for security in an open source fashion, people being able to read it with a doodad wouldn't be a problem. Security through obstruction is ineffective.
it's pronounced "spy", also GO CHECK OUT LOW LEVEL ACADEMY ITS PRETTY NEAT lowlevel.academy (poggers?)
poggers
As a former Invisalign user myself, one thing you quickly learn is that nobody really notices when you're wearing it or your Esses. You sounded great
Well I didn't notice it but NOW I am aware hahaha
No worries.
It's a S P I (it is an acronym) flash reader not a spy lol :P
To be real homie. I prefer the Invisalign in. I already have your voice burned in with the Esses so it sounds strange when they are missing.
So now a flash-reader is considered a "hacking tool"?
For Clickbait, everything technical could be a hacking tool
I guess you could call it "hardware hacking "
Yeah I mean, how is this "hacking tool" considered not legal?
Yep... I have a set of axes that are also excellent "hacking tools"
The BIG problem with youtube is there is NO citation..., if you go read something like POC || GTFO , you will see they ALWAYS use citation to give credit, that has now basically disappeared in this space.
Additionally a problem is too many dumbasses watching youtube videos, spoiling it by taking credit for shit that has been done underground for decades...
a "real hacker", might spend years taking something apart.. or decades in a particular field , only to find that if they tell someone else, that within a weak they are boasting and taking credit and the whole area is shut down.
Some would think wow years taking something apart... they must not be very good...... yep right .. go look at the PlayStation hacks and the amount of work that went into those.
along with all the "fake" side traps with code in chips that was NEVER EVER executed, but people spent years analising and tehn giving up.
@@upx12I prefer using an axe as a hacking tool. More efficient than a usb especially on trees
I recommend buying CH341a version 1.7 as it has selectable voltage and this is suitable for more chips
Be aware of voltages! This device puts 5V on data lines to 3V3 TOE even when supply to TOE is set to 3V3. Look for 3v3 mod for ch341.
Good point!
Afaik there are different versions of this board. The actual CH341 chip is both 3.3V and 5V compatible (which is why the mod even works to begin with) although some boards don't use the integrated 3.3V circuit others do.
@@Ether_Void Yes, and because of that (some devices have this bug and some does not) I want to warn and inform anyone who want to use it.
Alternately, there are CH341 dongles with blue PCBs that have just a bunch of pin headers, rather than a fancy socket. This has a proper design: it has a jumper that lets you select between powering the CH341 chip from either USB power or an onboard 3.3v regulator, which is what determines the logic voltage (per the datasheet). You have to think about how to hook it up a little bit more since you don't have the socket, but if you're not confident modifying a PCB it'd probably be an overall better purchase - usually it's a little bit cheaper too.
@@ryjelsum Yes right! I have same dongle as Ed, and mine has 3v3 bug. I juat want to warn and inform to be carefull, some IC will not tolerate 5v as data pulses
This is not a hacking device.... It's a simple tool... Stupid click bait title.....
@@zadekeys2194 no, it is a SPY flash reader. Not a regular flash reader.
@@zadekeys2194 came here to say this!!!
@@zadekeys2194 everything is a hacking device if you're brave enough
Any tool is a hacking device
[FacePalm] What do you think the deffinition of hacking is LMAO
Hacking is the creative or unconventional use of tools, systems, or technologies to achieve a goal, often in ways they weren't originally intended to be used. It can involve exploring, modifying, or repurposing resources to solve problems, gain insights, or push boundaries. While hacking is often associated with computers, it can apply to anything where innovation or "thinking outside the box" comes into play.
The UA-cam algorithm will love these comments about the SPI / SPY topic. Maximum engagement, well played Ed!
@@OnlyHerculean that’s why he’s claiming it’s a phonetically pronounced abbreviation (it isn’t)
It took me a bit to realize he meant SPI not a special "spy" chip.
Same here! I've always spelled it out to help distinguish. Not that I talk much about "spy" chips, though...
@@criptych spy chips is what they eat at NSA
I don't call it "spy" but that is what it spells lol. Kinda like "pixie" vs "P.X.E." but in that case I use "pixie"
Good one.
That's why caption matters. Unfortunately not many UA-camr bothers with it.
He doesn't mention this in the video, but that CH341 device doesn't always work to read flash chips without desoldering. The problem is that in order to read from the flash chip, you have to power it. The CH341 can power a flash chip, but it can only output a limited amount of current. If the VCC rail connected to the flash chip is directly connected to other components too, it's possible the CH341 won't be able to power all those components, including the flash chip. In these cases, it's often best to just desolder the flash chip.
Alternatively, you could connect a logic analyzer to the DI and DO pins of the flash chip, then power up the device. Use the logic analyzer to record the data stream as the CPU reads the flash contents. You may need to write a small program to convert the recording back into binary data though.
Just my experience, YYMV, but I used one to read and flash the BIOS of a Dell laptop. It functioned perfectly. I had to buy a second clip that connects to the chip since the first one refused to work.
@@MrWaalkman Yeah I'd say based on my experience that it works without desoldering about 80% of the time. It really just depends on whether your flash reader can provide enough power to the part of the board you're connected to.
Before unsoldering, just try plugging in the power cord in the device (but don't turn it on ofc) so it gets standby power to the chip. I've had this work on several devices.
Some laptops require you to unplug the main battery as well if doing this.
1. add a electrolytic cap to the power rail (it looks odd, but, works) 100uF iirc. 2. Hold the reset pin on the uC low/high to stop the uC booting (if the bootloader uses the SPI bus it will corrupt your data). I had to do this to a tapo 200v3 to dump the firmware.
@@jonlee312 Why would you put a relay between the CH341 and the flash chip?
This is the first time I have encountered someone pronouncing SPI as ‘SPY’. I have only heard ‘S-P-I’ previously. Thank you for the info.
As an embedded software developer, I can say that if someone stores unencrypted firmware on an external flash, you are free to read it.
Opinions on if I have to RE the FW decryption process every time I want to root my devices?
Literally what the first paragraph of this said. It made me uncomfortable xd
It sucks hearing him pronounce it spy
@@tavershimaako7034 Well it is said that way sometimes ... sucks to read people trying pretend they have the corner of being right ... google initialism vs acronyms.
If you want S.P.I., then be more diligent with your language.
Both are correct, and vary depending on the crowd.
@@arizali_ yes, for a french, it sound, like espion 🤭
that engineer is a SPI
@@lucia-fu5sv THERES A SPI CREEPIN AROUND HERE
@@ErikTheHalibut SPI's, bloody useless
BAP
He's SPI'ing on the firmware
IMO, consumers should either:
1. Legally have FULL access to firmware
OR
2. The C-Suite should be held legally liable for security breaches and face legal consequences equal to someone who makes and distributes malware as that's what they sold you.
Not really. They should not be forced.
1. Is their IP
2. Anybody can do mistakes.
I think it's more simple: we should stop using the ones that we don't trust or like you said, the ones that don't open source their firmware.
I agree that this isn't the best. Just as a thought, imagine the law was done that way, then that means that if a company does give the full source of the firmware, then that would indemnify them and full onus would be on the buyer (and the vast majority of people wouldn't even be able to follow it, let alone detect vulnerabilities in it).
It would be the equivalent of all of the ToS you agree to going forward being in a foreign language, and onus being on you for not knowing the language it is written in.
@marklonergan3898 No, that's dumb. You guys like, "uh hey excuse me, can you make things secure?".
My point is that these people know exactly what they are doing by cutting corners and not making security the forefront of a product they are selling you.
We need a major shift in policy regarding selling IoT electronics that punches a giant hole in your security because a group of c-suite asshole don't care about you or your data.
It like Apple vs Arch Linux. We have at least two opitons:
1. Companies take responsibility for and are held liable for blatant security vulnerabilities. Im not talking zero days where you follow INDUSTRY STANDARDS but there are always going to be small vulnerabilities. I'm talking blatant bullshit like when an IP camera company leaves that admin password as, "password" and also hardcodes it. That is absolutely disgustingly lazy and should be prosecuted.
OR
2. The company can release the firmware unencrypted and fully accessible to the user and they take full responsibility for their security knowing they chose the DIY.
You either get to chose a company that takes over the liability for you, or you take it on yourself. It's literally not complicated like you're making it.
@@marklonergan3898 that is already what happens to most users. People play Minecraft without knowing English and the EULA has no translation.
Same for most games and most SaaS.
You not knowing the language of the contract you signed or not knowing the language of the code you have access to and are running doesn't exempt you from your responsibility. They wrote the EULA and distributed it, that is their part.
So it would not be without precedent to requiring it to be open and leave the responsibility for the user.
Good points and good arguments! I’ll go ahead and add that while I totally agree with OP in PRINCIPLE, fining companies as criminals for distributing malware accidentally would immediately make most tech business unviable, since every piece of software I have ever seen has some flaw or breach of some kind.
If you buy this, make sure you voltage mod it. Can be used at full 5v and full3.3
Or just buy the pgraded version with green pcb and voltage selector.
I actually used one of these for the first time recently! I bricked my Chromebook while flashing the stock firmware after having windows on it 😅. Pretty fun tool to mess around with and see how things work :)
WİNDOWS ??? 🤮🤮🤮
Cooked it reading the flash in circuit ??
@@nildesperandum2034 Yup, I needed something a little more functional than chrome os, and at that point I knew a lot more about Windows than Linux.
@@kumaran627 what do you mean? I bricked it after flashing the wrong firmware when returning to ChromeOS, and used this to get the correct one on it. That Chromebook is still living lol
@@itscharlie0110 i was not that fortunate , trying to recover a bios on a laptop did not desolder the chip and now the board is cooked
I actually have one of these lying around, I once bought to fix a broken BIOS. Interesting to see what you can do with them. I had no idea how common these kind of chips where. Or that you could use the flashrom command line tool to interact with it. You always learn something new!
Oh come on, such ridiculous clickbait. It's not a 'hacking tool' that should be potentially illegal.
I used one to switch around some options and button functions on a multimeter. It's a valid utility like any of a hundred other tools. Geeze...
Wait till they findout what JTAG can do
im sorry but SPI is pronounced S.P.I. not SPY! The hell is that???
Don't know man, it's just heartbreaking 😭
I had same issue with SCSI pronounciation (skuzi or whatever) that i encountered some time ago. I was pronouncing it letter by letter...
+1, it's annoying
ah yes, because I want to say three distinct syllables instead of just saying "SPY". no thanks. shocking that somehow you still knew what I meant.
@@LowLevelTV what do you mean that language is about people understanding the meaning of others? 😱
The only special thing about this product is the ZIF socket you're not even using for its purpose. For general SPI dumping you can use any old arduino or rpi lying around. Or if you get a more feature rich product such as bus pirate or tigard, you can do i2c, uart and others in addition to dumping SPI chips' memories.
It's funny when people question the "ethics" of pulling the firmware off a device *they* purchased. You own the device, it's your firmware.
Too bad EULA exists. Which I have no idea if they apply on routers.
What is the point of this "ethics" if part of the firmware can be used in rare cases for a device of another model. The only downside for the manufacturer is if new functions were added to the old product, for example, NVME support to the old system board. Because of this, slightly fewer users will buy a new product with NVME support.
@@schistosomaharinasutai6913 EULAs have zero legal standing.
You actually get the right to use a copy of the firmware, not the firmware itself.
That being said, I can also see why some people would try. Putting not encrypted firmware on an embedded device, and the SPI flash is also not included in the SOC. Its an open invitation at this point
Yer but the manufacturer thinks its theirs...
I used that to program bios chip on my laptop 🤣 because it broke after an update
Aahhhh ThinkChad in the comment section?!
the most effective thing you can do with your time is to make instructions on how to do this, because at some point if this is again a problem for you. you might not have to remake another bios that some one made because they learned from your instructions.
@@SM-qo9gr Im still rockin a T430 😂
@@robotron1236 best laptops for casual users. browsing emails and stuff. and its non arguable
I was just thinking that this should be possible - thanks for confirming.
I haven't bricked a computer yet - but it's nice to know all might not be lost if it ever happens.
Openwrt is awesome, I had a couple of routers that I didn't use, after discovering openwrt I could use for something useful, but unfortunately the routers only had 4mb of flash and 32mb of ram, so I modified the openwrt partition system for my device to fit inside an 16mb chip, so now I had more storage, but the ram was still an issue, so I flashed a custom bootloader that could work with different ram chips, and then I replaced the ram with a 128mb and now the router has the latest update and I'm able to use all the extra features of openwrt, this is only possible because openwrt is opensource, thank you all for that :D
I wish I had the soldering skills to upgrade embedded RAM
I keked every time you pronounced SPI as SPY
I think I actually preferred the old camera style and video background (or lack thereof).
Do like seeing new things though. Props for adding in pizzaz :)
Can you also rewrite the firmware in rust?
meh
Or in cpp;
1 trillion rust users triggered
@@Satoshic_ Me when I rewrite the firmware in pure Lambda Calculus 💀
Rust is too bloated.
We use Assembly now like a man who paid by hour.
No only JavaScript 😂
IT'S NOT SPY IT'S SPI
Dude, my ears are literally bleeding from him pronouncing SPI as some Cold War Soviet fear
I wish more new devices were still using SPI flash for more than eeprom config storage these days. TSOP isn’t too bad but requires more expensive readers and BGA just makes me want to cry.
11:20 "with this device", as the spi programmer fades into the green screen. lol.
It's probably a stealthy device
@@wernerviehhauser94 stealth boy
@@vitto_pincharrata must be a prototype since it only makes itself and not the wearer invisible :-)
fun fact: you can use a multitool such as flipper zero to dump SPI memory chips too!
Spy flash? I always pronounce it "Ess Pee Eye"
UA-cam algorithm. That’s what I’m thinking. 😂
Its an acronym we absolutly should just say the three letter ... but You know people like to shortcut and make "new words"-_- lol
literally just started playing with mine last night, pulled a BIOS off an old device, if you have a flipper you can also do this with the SPI memory application, raspi can do this as well, that's what I used back in my coreboot days. I found the soic-8 clip on this particular model to be much better quality than some of the other ones i've seen on amazon.
Please use manual focus if your camera is not keeping up :)
I used this to fix a expensive monitor that needed a chip reflashed after a power outage. So cool!
Better start backing up the firmware of all your devices
I tought that nothing can hurt my brain more than the pronouncing of SQL as "squeal" but here we are
1) Firmware is usually downloadable from manufacturer website , no need to dump it off the router
2) This programmer is not usually 3.3v logic level and requires quite finekey soldering
3) this programmer is massively unstable , writes , forget about it
4) bad drivers
5) don't cook your devices by reading it in circuit , it is a possibility , always desolder
Wait till they findout how much you can do with just uart on some of these devices
Is finekey the word finicky? I’m just trying to understand. I think that’s what you meant. 🤷🏼♂️🤷🏼♂️🤷🏼♂️
Love this device!
Used it myself to remove the "whitelist" of acceptable wifi-adapters on a laptop years ago. It turned out it only accepted 4 devices in the whole world. It declined to boot if u used a good adapter that was not whitelisted. Damn i love that device.
Have used it on alot of routers to bug-hunt aswell, and also decrypt firmware updates, since the key had to be stored in plaintext on the chip. :)
There is a bug in the video at 11:18 (chroma key overflow).
Its a feature
@@KimYoungUn69but now it has been documented 😢
Please be consistent and call I.S.P. "ISP"!
Thanks for finding your channel. big up man keep on going
Wow thanks for that video! Just got mine ch341a and into ezviz camera to see what dodgy stuff (that I saw on wireshark) they are actually doing. Least to say private keys are handled on a plate and they even managed to ship C source code into production so I don't even need gidhra 🙃 It's amazing how security assumptions were defeated with an 8$ chinese tool. Thanks again!
you are the very first person I have ever heard call it 'spy' also, its not a hacking tool just like the screwdriver you opened that router with ;)
I also use CH341a to edit SFP I2C EEPROM information, very useful to change or crack SFP vendor lock!
This is the first time in my life I've ever heard anyone pronounce SPI as "SPY".
But you're obviously a way superior low-level and embedded programmer than I am, so I'll follow your pronounciation from now on :D
@RaisalPradiptaBro a bunch of my fellow embedded engineers call it spy or spi interchangeably but then we also pronounce all the letters in the word sol-der in Australia 😁
This is my first time checking out one of your videos. I enjoyed it and subscribed! It's funny, at first I thought you were Sheldon grown up. LOL
Just used one of these devices this weekend to flash a modified bios on my AsRock motherboard, to enable ReBar support. AsRock has there instant flash locked down to only accept there signature. So it does have valid uses, which like many things, can be twisted to do bad things. Also you can easily do this with a raspberry pi.
I actually use this a lot with hardware hacking and tinkering cause its fun and i like that you can back up the whole device flash menaing i can mess with the firmware as much as i want and not having to worry about it never being able to function normally again or for it to become bricked forever.
Also its fun to see 99% embedded devices running Linux and busybox. Alao often they ditch the gpl and dont comply which is lovely cause more fun trying to crack the software of a device and unveiling its secrets
Good timing! Just as I m waiting for mine to ship.
I used this exact tool to get the data from my BMW's 8 pin flashed onto a $50 replacement gauge cluster from eBay. Something that would have cost a trillion dollars at the dealer. Works like a charm.
This tool can you let you recover a failed BIOS update using another PC
9:27 -M for .. Matryoshka? The doll inside a doll inside a doll..
Guess that's how you can also label "recursive"
you're saying "spy" instead of SPI so many times, maybe I'll get used to it in the end...
never mind it's impossible for me to get used to it, but I tried 😅
Nice video though, great work! ☺️
Crazy timing! Added one of these to my cart and then this video comes out the next day.
Vim probably appended a newline after your file when you changed the string. By changing it to U-boo you would have changed the alignment of everything after so you probably would not have had it boot correctly.
Was just going to post that :) Much safer to edit with a hex editor, not text editor
Most of well developed electronics will not have an easy access flash storage for their code. Either they use an encrypted binary on their flash or they use internal flash, which is not that easy to access.
Reverse engineering has been deemed to be completely legal if you do it in a clean room environment….basically disconnected from outside influence. You have to reverse engineer the firmware yourself without other input into how it’s done
I have one! Bought to fix a samsung tv which died after power gone for half a second.
I see a lot of people having a hard time understanding the deffinition of Hacking in the comments ... Forget the morality of making title clicbait away for algo/view purpous, this is still Hacking
Hacking is the creative or unconventional use of tools, systems, or technologies to achieve a goal, often in ways they weren't originally intended to be used. It can involve exploring, modifying, or repurposing resources to solve problems, gain insights, or push boundaries. While hacking is often associated with computers, it can apply to anything where innovation or "thinking outside the box" comes into play.
The device can also with the correct software read spi-nand chips.
Put focus on manual. You might also want to use a polarizer filter for reflection from glasses but might not work with multiple lights
To be fair anyone that can buy a standard USB and can write 1 line of code can break a computer with worm malware they created. It is more about knowing how it’s used so you can combat against it. The number one rule in ethical hacking is to believe the black hat is always 1 step ahead. So we are always playing catch up in security.
10:30 if it uses GPL-like licensed parts, like linux, you actually need to be able to replace that bit. Of course, the root file system may contain other parts. And - if you report a bug, prepare to get sued.
I'm with this thing on my hands right now
I am not sure I buy the “open source is more secure” argument.
After all you had people complaining about them, not fixing audio drivers for over a decade with problems that they knew existed in Linux.
The first WORM that was ever written, was written by the son of an engineer who had access to the source code for the operating system.
I knew guys who cracked games back in the 90s, but they had professional dev tools and games were only a few megabytes. Combing through even a few megabytes of an Assembly language for a platform you’re not familiar with is really hard. it’s way easier to find exploits in C source code.
Love how when you mention "this device" for bug hunting, and hold it up... it mysteriously disappears! {ROFL}
I used one of these to unbrick my G75VX laptop in college after asus quoted me $900 to fix it after the laptop bricked when I told it to boot off the dvd drive lol
big downside with these i find is if the board has more current draw then the chip or your usb port it wont read because it doesnt have enough current to turn the chip on -and- everything thats also connected to that 5v bus
I believe right to repair act protects people now to do this type of work on your own appliances.
The title is misleading, as the tool makes reading firmware easier, but hunting bugs is a completely different matter which requires the source code or disassembling the binary.
As a newbie to hardware development, this is interesting
what keyboard are you using? sounds really good
top video! got it during lockdown times for unbrickin BIOS'es on PC's.
I used one of these to put Coreboot on my Thinkpad!
I’m glad your name is no longer low level learning.
I'm surprised that any current devices still boot from an easily available, external, unencrypted, unsigned flash chip.
Actually it may need the 3.3v mod because the all the data lines are at 5V (because the chip is running at 5v).
This is tool as any other, if you use maliciously then is hacking tool. Like the hammer if hit nails then is tool if you hit someone in head then is cold weapon.
Would love more hardware hacking content like this! Keep it up!
"see's all the internet traffic in the house" Yes, the mostly -- almost entirely encrypted traffic.. Still not good. But I think it's important to not freak people out too much.
I've reported many bugs in the past, never once got a bug bounty. Most I've been given is a thank you. Million dollar companies will not pay you. Don't waste your time helping them.
ah yes the spy flash. my favorite type of flash. lol
I've had one of those for so long now, before that I used the "Willem Programmer" and I still do from time to time!
The ol' DaFoe Dongle.
If your stuff's vulnerable, make it invulnerable
I really like the Gov't suing people when people find out the Gov't has no security and does stuff like display your social security card in the html for some reason, gets your information stolen and then files charges for you finding it on the 'dark web', etc.
Used this for Bios reflash. "Hacking" nah.
Are any vids of this type NOT about routers? Any chance of doing this with another product please?
That backdrop is a green screen double whammy. Looks like someone plugged in a bad USB stick and got assimilated
this isnt a hacking tool. its just a tool. i have several of these and have used them dozens of times to repair bricked devices, GPUs and more. if you use a screwdriver to remove your neighbor's door hinges and steal their stuff, it doesn't make a screwdriver a "burglary tool".. it just makes you a burglar.
i can bypass all kinds of software security with a phone charger, pocket knife and a lighter. but it doesn't make it a hacking tool.. its still just a phone charger.
Wow the best advertisement for the old CH341a I have seen in my life!
It's a spaaaaiiiii flash reader 🤣
You can do the same using a raspberry pi and flashrom
Awesome 👍
Would love to see more hardware hacking videos 😊
gotta love the hacker background
yes for you it is AI
not desoldering the chip may cause the opcodes being sent to other chips connected to the board and may cause issues
11:39 Something even cooler than this?! Say it ain't so!
Hey I just wanted to thank you for sharing your knowledge of computers you are very good teacher and you're well spoken individual
you can get way better versions with selectable voltages
It's legal as long as you're not using it for nefarious purposes.
You really don't know what you're missing till you go full Shalomie.
I also have a tp link router and I also think about it now I know the right tool to extract the firmware.
youtube ads are getting treacherous. nice video
If the software is designed for security in an open source fashion, people being able to read it with a doodad wouldn't be a problem. Security through obstruction is ineffective.
Because why on earth would it ever be ILLEGAL?