Dumping firmware from hardware is usually quite obscure for the uninitiated and requires some specific hardware (but don't worry; it's mostly cheap).This talk hopes to shed some light on the steps, difficulties and gotchas that can be encountered during hardware reverse engineering by using a SATA SSD as an example. It also briefly explains what needs to be done, after dumping, in order to get started on reverse engineering and hopefully find some golden security vulnerabilities in embedded firmware.Dumping firmware from an SSD isn't a straightforward process, from being able to recognize the SPI chips to bottlenecks related to the hardware at your disposal and specifics of your target board.
At first, a way to identify the SPI chips on an example target board will be showcased, as well as pointers on how to read the technical documentation.We'll show a simple way to dump an SSD's firmware by using low-cost hardware, as well as a quick explanation on Flashrom usage, the software I used to interact with the chip. We'll also be diving into some issues that can arise when dumping an SPI firmware and how to troubleshoot them, namely, hardware issues leading to garbage being dumped, or even bricking the hardware in rare cases !
Finally, we'll show how some details can help us find the correct architecture of the target machine, necessary for starting reversing the firmware in tools such as Ghidra or any other reverse engineering software.