#!/bin/bash # this tool will automate firmware extraction and unpacking using FT232R-type adaptors (like BusPirate) and a SOIC clip placed on a chip to dump # install the necessary software: #$ sudo apt install flashrom binwalk || echo 'git clone?' # pump up binwalk with additional packages and libraries #$ bash <(curl -s https://raw.githubusercontent.com/devttys0/binwalk/master/deps.sh) # place the clip on the chip, connect it to the adaptor, which sould be connected to your PC (with drivers installed) and launch the script: # chip => clip => adaptor => PC => script # the placement for clips may wary, but in most cases it should be like this: # 5Vorange purple grey # VCC _ CLK MOSI # | | | | # *------------* # | ModelName | # | o | # *------------* # | | | | # CS MISO _ GND # white black brown # for 16-24 SOIC pins, just skip the middle pins and invert connections: # CLK MOSI ... GND _ # | | ... | | # *------ ... ------* # | ModelName | # | o | # *------ ... ------* # | | ... | | # _ VCC ... CS MISO FILE=firmware.bin FILES=_$FILE.extracted FS=filesystem DEVICE=/dev/serial/by-id/usb-FTDI_FT232R_USB* DEVICE=$(ls $DEVICE) &>/dev/null echo -e "\033[01;32m" echo ' .---------------------------------.' echo ' | .---------------------------. |' echo ' |[]| |[]|' echo ' | | | |' echo ' | | | |' echo ' | | ╔═╗┬┬─┐┌┬┐╔═╗╔╦╗ | |' echo ' | | ╠╣ │├┬┘│││╠═╣ ║║ | |' echo ' | | ╚ ┴┴└─┴ ┴╩ ╩═╩╝ | |' echo ' | | | |' echo ' | | | |' echo ' | | | |' echo ' | `---------------------------'' |' echo ' | __________________ _____ |' echo ' | | ___ | | |' echo ' | | | | | | |' echo ' | | | | | | |' echo ' | | | | | | |' echo ' | | |___| | | |' echo ' \_____|__________________|_____|__|' echo '' echo ' Firmware Automatic Dumping & Extraction Tool' echo '' echo -e "\e[0m" echo 'VERIFYING ROOT PERMISSIONS ...' if [[ $UID -ne 0 ]] then echo 'sudo !!' exit 1 fi echo 'SEARCHING FOR DEVICES ...' if [[ ! "$DEVICE" ]] then echo '!!! NO DEVICE FOUND !!!' echo 'ENSURE THAT THE DEVICE IS PLUGGED IN AND THE KERNEL HAS THE APPROPRIATE DRIVERS' exit 2 fi echo "*** FOUND $DEVICE ***" echo 'SEARCHING FOR SERIAL FLASH EEPROM CHIP ...' CHIP=$(flashrom -p buspirate_spi:dev=$DEVICE | grep Found | cut -d ')' -f -2) echo $CHIP | grep -v '0 kB' if [ $? -ne 0 ] || [ "$CHIP" = "" ] then echo '!!! NO CHIPSET FOUND !!!' echo 'ENSURE THAT THE CLIP IS PLACED PROPERLY AND THE CABLES ARE CONNECTED CORRECTLY ACCORDING TO THE SERIAL PROTOCOL' echo 'YOU CAN ALSO SPECIFY THE MODEL MANUALLY : (blank to quit)' read CHIP if [[ ! "$CHIP" ]] then exit 3 fi fi CHIP=$(echo $CHIP | cut -d '.' -f 2) if [[ ! "$CHIP" ]] then CHIP=$(echo $CHIP | cut -d '.' -f 1) fi echo "*** ${CHIP^^}) ***" CHIP=$(echo $CHIP | cut -d '"' -f 2) echo "DUMPING THE FIRMWARE TO $FILE (<10 minutes) ..." #flashrom -p buspirate_spi:dev=$DEVICE -c $CHIP -r $FILE 2>&1 >/dev/null | tr [[:lower:]] [[:upper:]] flashrom -p buspirate_spi:dev=$DEVICE -c $CHIP -r $FILE >/dev/null # TODO timeout if [[ $? -ne 0 ]] then echo "!!! ERROR WHILE DUMPING !!!" echo 'ENSURE THAT THE CONTACTS WERENT DISRUPTED AND THE CHIP MODEL IS CORRECT' exit 4 fi echo "*** DUMPED TO $FILE ***" echo "EXTRACTING FILE SYSTEM TO $FS ..." binwalk -Me -d 256 $FILE >/dev/null if [[ $? -ne 0 ]] then echo "!!! ERROR WHILE EXTRACTING !!!" echo 'ENSURE THAT THE DEPENDENCIES WERE PROPERLY INSTALLED AND FUNCTIONAL' exit 5 fi mv $FILES/squashfs-root $FS || mv $FILES/_*.extracted $FS 2>/dev/null rm -r $FILES ls -F1 $FS echo "*** EXTRACTED TO $FS ***"