{"guid":"05f6851b-4892-51ba-a2d1-06a1a9896857","title":"Reverse engineering U-Boot for fun and profit","subtitle":null,"slug":"38c3-reverse-engineering-u-boot-for-fun-and-profit","link":"https://events.ccc.de/congress/2024/hub/event/reverse-engineering-u-boot-for-fun-and-profit/","description":"A field guide to dumping and reverse engineering a bare-metal U-Boot binary, including all the good stuff like funky hardware setups, UART logs, a locked bootloader and unknown base addresses.\n\nWorking on hacking a babyphone and encountering a locked bootloader, we were faced with a major roadblock. So, naturally, we bashed our head against said problem for 2 weeks, coming out the other side with a few fun challenges, solutions and tid-bits.\n\nI want to recreate this experience here in this talk, by doing the whole process all over again, but this time live, in front of an audience.\nIncludes:\n    - getting serial logs\n    - dumping firmware\n    - extracting firmware\n    - reverse engineering the U-Boot bootloader, to extract the bootloader password\ntogether with some tips, tricks and snark remarks.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["zeno"],"tags":["38c3","723","2024","Stage HUFF"],"view_count":2692,"promoted":false,"date":"2024-12-27T16:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T22:15:06.209+02:00","length":3069,"duration":3069,"thumb_url":"https://static.media.ccc.de/media/congress/2024/723-05f6851b-4892-51ba-a2d1-06a1a9896857.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/723-05f6851b-4892-51ba-a2d1-06a1a9896857_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/723-05f6851b-4892-51ba-a2d1-06a1a9896857.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/723-05f6851b-4892-51ba-a2d1-06a1a9896857.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-reverse-engineering-u-boot-for-fun-and-profit","url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[],"recordings":[{"size":1144,"length":3069,"mime_type":"video/mp4","language":"eng-deu","filename":"38c3-723-eng-deu-Reverse_engineering_U-Boot_for_fun_and_profit_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-01-26T18:59:05.535+01:00","recording_url":"https://cdn.media.ccc.de/congress/2024/h264-hd/38c3-723-eng-deu-Reverse_engineering_U-Boot_for_fun_and_profit_hd.mp4","url":"https://api.media.ccc.de/public/recordings/83407","event_url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_url":"https://api.media.ccc.de/public/conferences/38c3"},{"size":583,"length":3069,"mime_type":"video/webm","language":"eng-deu","filename":"38c3-723-eng-deu-Reverse_engineering_U-Boot_for_fun_and_profit_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-03-17T18:52:50.016+01:00","recording_url":"https://cdn.media.ccc.de/congress/2024/webm-hd/38c3-723-eng-deu-Reverse_engineering_U-Boot_for_fun_and_profit_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/84210","event_url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_url":"https://api.media.ccc.de/public/conferences/38c3"},{"size":170,"length":3069,"mime_type":"video/webm","language":"eng-deu","filename":"38c3-723-eng-deu-Reverse_engineering_U-Boot_for_fun_and_profit_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-03-17T18:31:34.507+01:00","recording_url":"https://cdn.media.ccc.de/congress/2024/webm-sd/38c3-723-eng-deu-Reverse_engineering_U-Boot_for_fun_and_profit_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/84209","event_url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_url":"https://api.media.ccc.de/public/conferences/38c3"},{"size":215,"length":3069,"mime_type":"video/mp4","language":"eng-deu","filename":"38c3-723-eng-deu-Reverse_engineering_U-Boot_for_fun_and_profit_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2024-12-30T22:59:16.300+01:00","recording_url":"https://cdn.media.ccc.de/congress/2024/h264-sd/38c3-723-eng-deu-Reverse_engineering_U-Boot_for_fun_and_profit_sd.mp4","url":"https://api.media.ccc.de/public/recordings/83706","event_url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_url":"https://api.media.ccc.de/public/conferences/38c3"},{"size":32,"length":3069,"mime_type":"audio/opus","language":"eng","filename":"38c3-723-eng-Reverse_engineering_U-Boot_for_fun_and_profit_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2025-03-17T16:53:53.919+01:00","recording_url":"https://cdn.media.ccc.de/congress/2024/opus/38c3-723-eng-Reverse_engineering_U-Boot_for_fun_and_profit_opus.opus","url":"https://api.media.ccc.de/public/recordings/83705","event_url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_url":"https://api.media.ccc.de/public/conferences/38c3"},{"size":46,"length":3069,"mime_type":"audio/mpeg","language":"deu","filename":"38c3-723-deu-Reverse_engineering_U-Boot_for_fun_and_profit_mp3-2.mp3","state":"new","folder":"mp3-translated","high_quality":false,"width":0,"height":0,"updated_at":"2024-12-30T22:59:04.279+01:00","recording_url":"https://cdn.media.ccc.de/congress/2024/mp3-translated/38c3-723-deu-Reverse_engineering_U-Boot_for_fun_and_profit_mp3-2.mp3","url":"https://api.media.ccc.de/public/recordings/83704","event_url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_url":"https://api.media.ccc.de/public/conferences/38c3"},{"size":46,"length":3069,"mime_type":"audio/mpeg","language":"eng","filename":"38c3-723-eng-Reverse_engineering_U-Boot_for_fun_and_profit_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2025-03-17T16:54:57.348+01:00","recording_url":"https://cdn.media.ccc.de/congress/2024/mp3/38c3-723-eng-Reverse_engineering_U-Boot_for_fun_and_profit_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/83703","event_url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_url":"https://api.media.ccc.de/public/conferences/38c3"},{"size":28,"length":3069,"mime_type":"audio/opus","language":"deu","filename":"38c3-723-deu-Reverse_engineering_U-Boot_for_fun_and_profit_opus-2.opus","state":"new","folder":"opus-translation","high_quality":false,"width":0,"height":0,"updated_at":"2025-03-17T16:53:49.833+01:00","recording_url":"https://cdn.media.ccc.de/congress/2024/opus-translation/38c3-723-deu-Reverse_engineering_U-Boot_for_fun_and_profit_opus-2.opus","url":"https://api.media.ccc.de/public/recordings/83702","event_url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_url":"https://api.media.ccc.de/public/conferences/38c3"},{"size":786,"length":3069,"mime_type":"video/mp4","language":"deu","filename":"38c3-723-deu-Reverse_engineering_U-Boot_for_fun_and_profit.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2024-12-30T13:02:50.129+01:00","recording_url":"https://cdn.media.ccc.de/congress/2024/h264-hd/38c3-723-deu-Reverse_engineering_U-Boot_for_fun_and_profit.mp4","url":"https://api.media.ccc.de/public/recordings/83406","event_url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_url":"https://api.media.ccc.de/public/conferences/38c3"},{"size":789,"length":3069,"mime_type":"video/mp4","language":"eng","filename":"38c3-723-eng-Reverse_engineering_U-Boot_for_fun_and_profit.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2024-12-30T13:02:33.137+01:00","recording_url":"https://cdn.media.ccc.de/congress/2024/h264-hd/38c3-723-eng-Reverse_engineering_U-Boot_for_fun_and_profit.mp4","url":"https://api.media.ccc.de/public/recordings/83405","event_url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_url":"https://api.media.ccc.de/public/conferences/38c3"}]}