Pierluigi Paganini
December 08, 2019
Security firm SEC Consult announced the release of an open-source hardware analysis tool dubbed SEC Xtractor. The tool was initially designed for internal
The tool relies on an easy to use and configurable memory reading concept that supports multiple ways to read flash chips (e.g. NAND chips). Both, the firmware and hardware of the tools are completely open-source, this means that researchers can extend their
The SEC Xtractor tool was initially used as a memory extraction and UART (Universal Asynchronous Receiver/Transmitter) interface project.
The experts decided to develop the tool for the test of embedded devices (hardware and firmware) because many other tools available on the market did not completely respond to their needs.
SEC Xtractor could be used to dump the content of NAND, NOR, SPI and I2C flash memory without the need for soldering chip.
“Most projects concluded without any solution since the chips couldn’t be inserted without soldering. This can be frustrating for those who do not want to solder SMD. Only commercial tools (that are expensive) can read memory in that way. The problem remains that they cannot read every chip. This means that different tools for different flash chips are needed and that every new part must be implemented.” reads the post published by the company.
SEC Xtractor was developed in C, the JTAG brute forcing component was based on the project JTAGenum and the Xmega Bootloader was used.
“Version 1.31 comes with improvements like a boot button and additional labels three years after the initial hardware version. An open-source
SEC Consult plans to continue to maintain the tool, it published technical details to build the hardware analysis tool on GitHub.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]
