Hacking

SEC Xtractor – Experts released an open-source hardware analysis tool

Security and consulting company SEC Consult announced the release of an open-source hardware analysis tool dubbed SEC Xtractor

Security firm SEC Consult announced the release of an open-source hardware analysis tool dubbed SEC Xtractor. The tool was initially designed for internal use, and was then adopted for several research projects over the years.

The tool relies on an easy to use and configurable memory reading concept that supports multiple ways to read flash chips (e.g. NAND chips). Both, the firmware and hardware of the tools are completely open-source, this means that researchers can extend their functionalities according to their needs. 

The SEC Xtractor tool was initially used as a memory extraction and UART (Universal Asynchronous Receiver/Transmitter) interface project.

The experts decided to develop the tool for the test of embedded devices (hardware and firmware) because many other tools available on the market did not completely respond to their needs.

SEC Xtractor could be used to dump the content of NAND, NOR, SPI and I2C flash memory without the need for soldering chip.

“Most projects concluded without any solution since the chips couldn’t be inserted without soldering. This can be frustrating for those who do not want to solder SMD. Only commercial tools (that are expensive) can read memory in that way. The problem remains that they cannot read every chip. This means that different tools for different flash chips are needed and that every new part must be implemented.” reads the post published by the company.

SEC Xtractor was developed in C, the JTAG brute forcing component was based on the project JTAGenum and the Xmega Bootloader was used.

“Version 1.31 comes with improvements like a boot button and additional labels three years after the initial hardware version. An open-source bootloader was used to program the device via USB. No external programmer is needed to reflash the ATXmega microcontroller. The black color for the main PCB and the NAND/NOR adapters were chosen because the launch was made during Black Hat Europe 2019 Arsenal.” continues the post.

SEC Consult plans to continue to maintain the tool, it published technical details to build the hardware analysis tool on GitHub.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – SEC Xtractor, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

2 hours ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

6 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

20 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.