Identification of firmware while teardown

[Freshman]

So, I had this idea.

When I do a product teardown, I can find what are the hardware ICs/components that are there.

How about to go and find what is the type of firmware that the product actually uses?

Where it uses like RTOS, or Bare metal coding? - Any idea on how to identify this (software perspective) when doing product teardown?

[radiolistener]

just open About menu or look for stickers.

[u666sa]

I think the main reason for teardown is good hi-res images of everything, and like you said, component names, and often overlooked, extracted firmware when possible. Either through j-tag or by desoldering eeprom or mcu.

What kind of firmware it uses, I think nobody cares.

[tunk]

Some devices has a header for TTL serial port.

[pcprogrammer]

If extraction is possible, use a disassembler like Ghidra and look at the code found.

The type of processor used can be an indicator of what to expect. If it is a simple slow one, the change of it running an OS like Linux is very low. If it is bare metal can be judged on the main function that can be found by tracing the code from the reset vector. Use of interrupts can tell a lot of tales.

Questions like "is there a boot loader" can also help in identifying code. A boot loader can have some communication via some accessible interface and provide information about it's version, etc. (Like tunk suggested a TTL serial port)

But it ain't clear cut and simple.

And even when identified it does not tell what the real important part entails. The device needs dedicated software to perform its function. Reverse engineering that is much more of a task.

Then there also is the matter of programmable hardware like FPGA's. If such a chip is used in a device there is also the question what does it do in that black box.

There is a lot to tearing down a product and it requires time, knowledge, experience and tenacity.