Extraction du firmware des caméras IP chinoises - Principes de base du test d'intrusion IoT

What's up everybody? This is Matt Brown with another IoT hacking video. Today we are going to be extracting firmware off of this Chinese IP camera that I got while I was overseas in Southeast Asia. And so we are going to uh take the flash chip off of the board over here on our workbench in just a minute and we're going to show the process of a typical IoT pentest where we extract firmware off of a a device for the purposes of security analysis. But before we get into that, my name is Matt Brown. As I said, I am an IoT security professional and I provide this YouTube channel as a free resource to you, the community, to learn how to get into this. And if you have been wondering, I would love to get into this hardware hacking scene, but I just don't know where to start, go down in the description of this video and check out our Discord server because we have a great community. We have over 4,000 people there now that are uh working on projects together, are collaborating, all sorts of cool learning opportunities. So, go and check out that resource. And without further ado, we're going to go over to the bench where we have the device uh taken apart. So, let's go. Here it is. Uh if you remember from the last video, last time we looked at a certain part of this camera, and we're going to zoom in right here. We looked right over here. There were these these debug interfaces that were exposed uh the the UART console and we actually got a root shell on this device with that interface. Today we're not going to be powering this device on. We are going to be performing static firmware analysis on the software that is contained in this chip right here. So, uh, on the other side of this board, we have the the kind of the the the Linux, uh, SOC here. So, uh, baked into this guy is a CPU, some DRAM, and probably some video encoding capabilities in the silicon. And then over on the other side right here is our flash chip. We'll go ahead and uh, get under the microscope just for a second. We're actually actually don't even need the microscope for most of what we're doing today, but it's helpful so that we can get a read on the ID on this flash chip. So, right here, I'm going to try to get the light in just right for you guys. We can see that this is a kind of a standard eightpin windbond flash chip. And we can see the ID number.