Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/loop333/pioneer-x-smc55
Pioneer X-SMC55-S Reverse Engineering
https://github.com/loop333/pioneer-x-smc55
avr blowfish decryption encryption firmware firmware-image pioneer reverse-engineering telnet
Last synced: about 2 months ago
JSON representation
Pioneer X-SMC55-S Reverse Engineering
- Host: GitHub
- URL: https://github.com/loop333/pioneer-x-smc55
- Owner: loop333
- License: mit
- Created: 2018-03-03T08:26:36.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2018-05-12T14:45:14.000Z (over 6 years ago)
- Last Synced: 2023-10-15T13:41:47.570Z (about 1 year ago)
- Topics: avr, blowfish, decryption, encryption, firmware, firmware-image, pioneer, reverse-engineering, telnet
- Language: C
- Size: 45.9 KB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# pioneer-x-smc55-s micro system
Pioneer X-SMC55-S Reverse Engineering
Enable telnet command line interface:
http://\/service_term_sw_nmp.asp
select TELNET, then Apply
now you can power off/on and "telnet \ 9000"
Enable tftp bootloader console:
power on device
http://\/1000/firmware_update_start.asp
press Start
telnet \ 5001
Memory dump:
sys memdump 0x00400000 0x0000fa00 ; system code, contains code chunk from 0x60000000 and stack
sys memdump 0x00500000 0x0000fa00 ; same as 0x00400000 but non-cached
sys memdump 0x60000000 0x0aa80000 ; code
sys memdump 0x60aa8000 0x01458000 ; heap & stack
sys memdump 0x71f00000 0x00100000 ; heap & stack
Firmware file encryption (BCD or bCoD) looks like Blowfish ECB, but password and initialization vector from dump didn't match maybe non-standard s-boxes