{"id":1069,"date":"2024-11-15T00:15:39","date_gmt":"2024-11-14T23:15:39","guid":{"rendered":"https:\/\/kosma.pl\/kosmopol\/?page_id=1069"},"modified":"2024-11-19T20:27:03","modified_gmt":"2024-11-19T19:27:03","slug":"reverse-engineering","status":"publish","type":"page","link":"https:\/\/kosma.pl\/kosmopol\/reverse-engineering\/","title":{"rendered":"Reverse Engineering"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"1069\" class=\"elementor elementor-1069\">\n\t\t\t\t<div class=\"elementor-element elementor-element-006852d e-flex e-con-boxed e-con e-parent\" data-id=\"006852d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e83d278 elementor-widget-divider--separator-type-pattern elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"e83d278\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;none&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 24 24&#039; fill=&#039;none&#039; stroke=&#039;black&#039; stroke-width=&#039;1&#039; stroke-linecap=&#039;square&#039; stroke-miterlimit=&#039;10&#039;%3E%3Cpolyline points=&#039;0,6 6,6 6,18 18,18 18,6 24,6 \t&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-49c3714 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"49c3714\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-10c04c3\" data-id=\"10c04c3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2cfee4e elementor-widget elementor-widget-heading\" data-id=\"2cfee4e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Services<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t<div class=\"elementor-element elementor-element-33455b0 e-flex e-con-boxed e-con e-parent\" data-id=\"33455b0\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-0f06277 e-con-full e-flex e-con e-child\" data-id=\"0f06277\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-14f4a3b elementor-widget elementor-widget-image\" data-id=\"14f4a3b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/bin-150x150.png\" class=\"attachment-thumbnail size-thumbnail wp-image-1154\" alt=\"\" srcset=\"https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/bin-150x150.png 150w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/bin-300x300.png 300w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/bin.png 512w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-54dd677 e-con-full e-flex e-con e-child\" data-id=\"54dd677\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-513071c elementor-widget elementor-widget-heading\" data-id=\"513071c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Firmware services<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4714086 elementor-widget elementor-widget-text-editor\" data-id=\"4714086\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>Memory chip readout\/copying<\/li><li>Readout protection bypass<\/li><li>Disassembly and annotation<\/li><li>Memory\/peripheral mapping<\/li><li>Firmware blob modification<\/li><li>Protocol reverse engineering<\/li><li>Firmware reimplementation<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-2163ba5 e-flex e-con-boxed e-con e-parent\" data-id=\"2163ba5\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-049969d e-con-full e-flex e-con e-child\" data-id=\"049969d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b236512 elementor-widget elementor-widget-image\" data-id=\"b236512\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/motherboard-150x150.png\" class=\"attachment-thumbnail size-thumbnail wp-image-1152\" alt=\"\" srcset=\"https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/motherboard-150x150.png 150w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/motherboard-300x300.png 300w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/motherboard.png 512w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-4642d28 e-con-full e-flex e-con e-child\" data-id=\"4642d28\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-219c9a6 elementor-widget elementor-widget-heading\" data-id=\"219c9a6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Hardware services<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e074d59 elementor-widget elementor-widget-text-editor\" data-id=\"e074d59\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>Component identification<\/li><li>Schematic and PCB re-engineering<\/li><li>Hardware modification and retrofitting<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-142afa2 e-flex e-con-boxed e-con e-parent\" data-id=\"142afa2\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b30ecbf elementor-widget-divider--separator-type-pattern elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"b30ecbf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;none&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 24 24&#039; fill=&#039;none&#039; stroke=&#039;black&#039; stroke-width=&#039;1&#039; stroke-linecap=&#039;square&#039; stroke-miterlimit=&#039;10&#039;%3E%3Cpolyline points=&#039;0,6 6,6 6,18 18,18 18,6 24,6 \t&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fdcd509 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fdcd509\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8f77921\" data-id=\"8f77921\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-656ced2 elementor-widget elementor-widget-heading\" data-id=\"656ced2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Project Portfolio<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bebc4ac elementor-widget elementor-widget-caster-portfolio-listing-widget\" data-id=\"bebc4ac\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"caster-portfolio-listing-widget.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\r\n<div id=\"widget-portfolio-listing\" class=\"portfolio-listing-wrap listing-zigzag\" >\r\n\r\n\t<div class=\"portfolio-list\"><div class=\"pl-content-wrap\"><div class=\"pl-media\"><a href=\"https:\/\/www.usenix.org\/conference\/woot20\/presentation\/obermaier\" target=_blank ><figure class=\"lazyload portfolio-thumbnail\" ><img fetchpriority=\"high\" width=\"1322\" height=\"739\" data-src=\"https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2020\/01\/woot.png\" class=\"lazyload attachment-full size-full wp-post-image\" alt=\"\" data-srcset=\"https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2020\/01\/woot.png 1322w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2020\/01\/woot-300x168.png 300w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2020\/01\/woot-1024x572.png 1024w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2020\/01\/woot-768x429.png 768w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2020\/01\/woot-600x335.png 600w\" data-sizes=\"(max-width: 1322px) 100vw, 1322px\" \/><\/figure><\/a><\/div><div class=\"pl-content\"><h1>STM32F1 Readout Protection Bypass<\/h1><p>I have created a three stage exploit-chaining payload that, combined with hardware glitching, allows for bypassing RDP on all STM32F1 devices (and some counterfeits\/clones). The main exploit uses a novel self-debugging technique that's potentially useful against all ARM devices utilizing the standard Cortex-M FPB unit. The glitcher\/debugger board has been affectionally dubbed stm32f1uck, for STM32F1 Unauthorized Copying Kit. The complete setup was covered in detail in the USENIX WOOT 20 paper<\/p><div class=\"btn-container\"><a href=\"https:\/\/www.usenix.org\/conference\/woot20\/presentation\/obermaier\" target=_blank >View Project<\/a><\/div><\/div><\/div><\/div><div class=\"portfolio-list\"><div class=\"pl-content-wrap\"><div class=\"pl-media\"><a href=\"https:\/\/github.com\/kosma\/hexar-resurrection\" target=_blank ><figure class=\"lazyload portfolio-thumbnail\" ><img loading=\"lazy\" width=\"913\" height=\"758\" data-src=\"https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/hexar.png\" class=\"lazyload attachment-full size-full wp-post-image\" alt=\"\" data-srcset=\"https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/hexar.png 913w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/hexar-300x249.png 300w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/hexar-768x638.png 768w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/hexar-600x498.png 600w\" data-sizes=\"(max-width: 913px) 100vw, 913px\" \/><\/figure><\/a><\/div><div class=\"pl-content\"><h1>Konica Hexar AF Flex-PCB<\/h1><p>One of the best compact analog cameras ever made - and also one that unfortunately suffers from leaky capacitors that cause massive corrosion of a very complex flex PCB. While some cameras can be saved if the capacitors are replaced in time, many have extensive corrosion damage after 20-30 years of use and require a replacement PCB if they are to continue to work. I have taken up the complex but rewarding work of recreating the entire flex PCB design, along with schematics and documentation that will (hopefully) aid people in fixing their precious cameras.<\/p><div class=\"btn-container\"><a href=\"https:\/\/github.com\/kosma\/hexar-resurrection\" target=_blank >View Project<\/a><\/div><\/div><\/div><\/div><div class=\"portfolio-list\"><div class=\"pl-content-wrap\"><div class=\"pl-media\"><a href=\"https:\/\/github.com\/kosma\/coolscan-mods\" target=_blank ><figure class=\"lazyload portfolio-thumbnail\" ><img loading=\"lazy\" width=\"632\" height=\"545\" data-src=\"https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/nikon.png\" class=\"lazyload attachment-full size-full wp-post-image\" alt=\"\" data-srcset=\"https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/nikon.png 632w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/nikon-300x259.png 300w, https:\/\/kosma.pl\/kosmopol\/wp-content\/uploads\/2024\/11\/nikon-600x517.png 600w\" data-sizes=\"(max-width: 632px) 100vw, 632px\" \/><\/figure><\/a><\/div><div class=\"pl-content\"><h1>Nikon Coolscan Adapter Unlock<\/h1><p>While no longer manufactured nor supported, the famous Nikon Coolscan dedicated film scanners remain one of the best, most affordable options for digitizing negatives. Years ago, Nikon decided to segment the market by artificially limiting the ability of the lower-end models to scan entire rolls of film - in spite of the fact that the hardware is perfectly capable of doing it. My modification removes adapter ID checks from the firmware - which, together with cutting a hole in the back of the device, effectively upgrades its batch scanning capability to that of a professional lab scanner, taking entire 36 exposure rolls at once.<\/p><div class=\"btn-container\"><a href=\"https:\/\/github.com\/kosma\/coolscan-mods\" target=_blank >View Project<\/a><\/div><\/div><\/div><\/div>\t\r\n<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Services Firmware services Memory chip readout\/copying Readout protection bypass Disassembly and annotation Memory\/peripheral mapping Firmware blob modification Protocol reverse engineering Firmware reimplementation Hardware services Component identification Schematic and PCB re-engineering Hardware modification and retrofitting Project Portfolio Konica Hexar AF Flex-PCB One of the best compact analog cameras ever made &#8211; and also one that unfortunately [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1069","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/kosma.pl\/kosmopol\/wp-json\/wp\/v2\/pages\/1069","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kosma.pl\/kosmopol\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/kosma.pl\/kosmopol\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/kosma.pl\/kosmopol\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kosma.pl\/kosmopol\/wp-json\/wp\/v2\/comments?post=1069"}],"version-history":[{"count":25,"href":"https:\/\/kosma.pl\/kosmopol\/wp-json\/wp\/v2\/pages\/1069\/revisions"}],"predecessor-version":[{"id":1248,"href":"https:\/\/kosma.pl\/kosmopol\/wp-json\/wp\/v2\/pages\/1069\/revisions\/1248"}],"wp:attachment":[{"href":"https:\/\/kosma.pl\/kosmopol\/wp-json\/wp\/v2\/media?parent=1069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}