Author Topic: Firmware extraction from Keysight EDU34450A  (Read 640 times)

0 Members and 1 Guest are viewing this topic.

Offline badporkTopic starter

  • Newbie
  • Posts: 1
  • Country: us
Firmware extraction from Keysight EDU34450A
« on: October 16, 2023, 10:46:13 pm »
Has anyone done anything similar to this in the past? I'm trying to reverse the web-interface and GUI app running on the multi-meter. I watched the teardown video and I know it has a STM32H75 on it.

So far, I've downloaded the firmware from keysight, extracted it from the DFU file, and have a binary image of the firmware. I loaded it into ghidra and followed this tutorial https://blog.attify.com/analyzing-bare-metal-firmware-binaries-in-ghidra/ to setup the environment. I'm not sure how to go on past this point. There seems to be disassembled code, but I'm not sure how I would be able to find the specific code related to the web-interface or GUI for example.

Any help would be appreciated!
 

Online darkspr1te

  • Frequent Contributor
  • **
  • Posts: 374
  • Country: zm
Re: Firmware extraction from Keysight EDU34450A
« Reply #1 on: October 17, 2023, 07:21:01 am »
Hello,
 Chances are the DFU file is encrypted (although the 32h75 has a dfu boot mode) .
 i would search for strings first , if you dont find any then it's a high chance the firmware file is compressed or encrypted.
with most stm's the first 8 bytes are stack and entry point so i would load a already compiled stmh75 file into ghidra so you can see what a normal compiled bin file looks like and compare the starting bytes between the two firmware files, right away it should be clear that it's encrypted/compressed or plain firmware file if it matches/dont match




darkspr1te

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf