This is an introduction to hardware security for beginners. I will show you how to connect to the Linux terminal of a TP-Link wireless router using UART, and also how to dump its firmware using a SPI programmer. My aim has been to use the most affordable and accessible tools, so everyone can start without breaking the bank.
As promised in the video, here’s the list of tools that I used or mentioned:
The target: https://www.tp-link.com/us/home-networking/wifi-router/tl-wr841n/
The advanced UART adapter that I mentioned: https://www.crowdsupply.com/pylo/muart
Programmer I used to dump the firmware: https://github.com/boseji/CH341-Store
Software I used to dump the firmware: https://flashrom.org/Flashrom
Software used to extract the firmware contents: https://github.com/ReFirmLabs/binwalk
For the UART you can use any USB-UART adapter (sometimes called USB to TTL). I used an adapter based on PL2303, but FT232 is more common (the one with the 3.3/5v switch was based on FT232)
If you need more guides, check these out:
https://www.thezdi.com/blog/2019/9/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router
https://nvisium.com/blog/2019/08/07/extracting-firmware-from-iot-devices.html
https://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/
https://blog.rapid7.com/2019/02/20/iot-security-introduction-to-embedded-hardware-hacking/
I had to cut some corners to prepare a short and easy to understand video. For example I skipped the part on detecting the UART pins on the boards using an oscilloscope or logic analyzer.
If you have questions or comments, you can reach me via Twitter: https://twitter.com/mehdi0x61