Bit-banging

Bit-banging is a technique to use software to control hardware components. This can be very useful in security research.


Bit-banging

  • Techniques for data transmission software is used to generate and process signals instead of dedicated hardware
    • Communication process is handled via software
    • Dedicated hardware: FPGA, MCU, other chips

Encoding Data Into Signal

  • Use of software to encode the data into signals and pulses
    • Manipulate the state of an I/O pin of a microcontroller -> transmit data on Tx pin -> target device

Receiving Signal

  • Sampling the state of the Rx pin after certain intervals

Communication Parameters

  • The software sets all the communication parameters
    • synchronization
    • timing
    • levels

Usage

  • a microcontroller with the required interface is too expensive or not available

FT2232H

The FT2232H is FTDI’s 5th generation of USB devices. The FT2232H is a USB 2.0 Hi-Speed (480Mb/s) to UART/FIFO IC. It has the capability of being configured in a variety of industry standard serial or parallel interfaces.


FT2232H

FT2232H NAND flash reader - Hardware


FT2232HL


FT2232H

  • A chip for USB communication
    • Provides USB 2.0 Hi-Speed (480Mb/s) to UART/FIFO IC
    • Note: Put female pin headers on each port extension

FT2232HBreakoutBoardDiagram


MCU Host Bus Emulation Mode

  • FTDI FT2232H supports multiple modes
    • Use ‘MCU Host Bus Emulation Mode’ for this case
  • The FTDI chip emulates an 8048/8051 MCU host bus

MCU Host Bus Emulation Mode

  • The FT2232’s MCU Host Bus Emulation mode also uses the MPSSE technology to make the chip emulate a standard 8048/8051 MCU host bus

FT2232H Commands

  • By sending commands and retrieving results, the software reads or writes bits through I/O lines.

FT2232H Commands

Commands Operation Address
0x90 Read 8 bit address
0x91 Read 16 bit address
0x92 Write 8 bit address
0x93 Write 16 bit address
0x82 Set High byte (BDBUS6, 7)
0x83 Read High byte (BDBUS6, 7)

Windows Setup

  1. Install libusb
  2. Install PyUSB
pip install pyusb
  1. Install pyftdi
pip install pyftdi

pyftdi

  • pyftdi supports Bit-banging, UART, i2C, SPI. JTAG mode
  • Pinouts for pyftdi is available at FTDI device pinout.

pyftdi Example

  • Opening FTDI device and writing data
try:
      self.Ftdi.open(0x0403, 0x6010, interface = 1)
except:
      traceback.print_exc(file = sys.stdout)

if self.Ftdi.is_connected:
      self.Ftdi.set_bitmode(0, self.Ftdi.BITMODE_MCU)

      if self.Slow:
         # Clock FTDI chip at 12MHz instead of 60MHz
         self.Ftdi.write_data(Array('B', [ftdi.Ftdi.ENABLE_CLK_DIV5]))
      else:
         self.Ftdi.write_data(Array('B', [ftdi.Ftdi.DISABLE_CLK_DIV5]))

      self.Ftdi.set_latency_timer(self.Ftdi.LATENCY_MIN)
      self.Ftdi.purge_buffers()
      self.Ftdi.write_data(Array('B', [ftdi.Ftdi.SET_BITS_HIGH, 0x0, 0x1]))

DumpFlash flashdevice.py


References


DarunGrim Solution

  • DarunGrim provides hardware reverse engineering service for the unknown devices. We have team members who have long experience with physical hardware reverse engineering and firmware analysis. Please contact jeongoh@darungrim.com for more details.

  • 여기에 소개된 분석 기법을 비롯하여 실습을 통해서 하드웨어 리버스 엔지니어링 기법에 대해서 학습하고 분석하는 내용은 하드웨어 리버스 엔지니어링 코스를 통해서 수강하실 수 있습니다.

Comments