Hovatek Forum MOBILE Android Reverse engineering a feature phone firmware
Try our Online TWRP Builder..its free!
Can't login? Please, reset your password.


Reverse engineering a feature phone firmware

Reverse engineering a feature phone firmware

Koken2003
Koken2003
Koken2003
Newbie
2
29-12-2019, 03:57 AM
#1



Hi. I have a feature phone it5081 and it is a spd chip based device. I want to make some modifications in its firmware so i downloaded its binary firmware which was available on internet. I came to know about some programs like binwalk, firmware mod kit etc used for reverse engineering. But, all the guidelines and discussions available on internet is all about binary firmware of  routers, smart tvs, android phones etc. So, is it possible to extract a feature phone binary firmware somehow?
X3non
X3non
X3non
Recognized Contributor
22,062
29-12-2019, 11:16 PM
#2
(29-12-2019, 03:57 AM)Koken2003 Hi. I have a feature phone it5081 and it is a spd chip based device. I want to make some modifications in its firmware so i downloaded its binary firmware which was available on internet. I came to know about some programs like binwalk, firmware mod kit etc used for reverse engineering. But, all the guidelines and discussions available on internet is all about binary firmware of  routers, smart tvs, android phones etc. So, is it possible to extract a feature phone binary firmware somehow?

no, not that i'm aware off any methods to achieve this
SachinBorkar
SachinBorkar
SachinBorkar
Senior Member
218
26-06-2020, 05:19 PM
#3
(29-12-2019, 11:16 PM)X3non
(29-12-2019, 03:57 AM)Koken2003 Hi. I have a feature phone it5081 and it is a spd chip based device. I want to make some modifications in its firmware so i downloaded its binary firmware which was available on internet. I came to know about some programs like binwalk, firmware mod kit etc used for reverse engineering. But, all the guidelines and discussions available on internet is all about binary firmware of  routers, smart tvs, android phones etc. So, is it possible to extract a feature phone binary firmware somehow?

no, not that i'm aware off any methods to achieve this
Hex @X3non, I know I am late for this thread but i also working for same thing.
I personally myself think that it is possible to modify feature phone firmware.
Most of feature phones based on ARM 9 or ARM Cortex platform, we have to find base address for IDA Pro to reverse engineer it.If you did all still there are CRC32 Checksome which prevent to modify firmware.
We have to disable it.

I also need someone to teamwork for it, if you have time or you did read this message @Koken2003 then contact me.
X3non
X3non
X3non
Recognized Contributor
22,062
27-06-2020, 10:03 AM
#4
(26-06-2020, 05:19 PM)SachinBorkar Hex @X3non, I know I am late for this thread but i also working for same thing.
I personally myself think that it is possible to modify feature phone firmware.
Most of feature phones based on ARM 9 or ARM Cortex platform, we have to find base address for IDA Pro to reverse engineer it.If you did all still there are CRC32 Checksome which prevent to modify firmware.
We have to disable it.

I also need someone to teamwork for it, if you have time or you did read this message @Koken2003 then contact me.

hey, it's been long and good to know you're still here Smile
maybe you could try reaching out to the OP via email if he's still interested
SachinBorkar
SachinBorkar
SachinBorkar
Senior Member
218
05-07-2020, 04:36 PM
#5



(27-06-2020, 10:03 AM)X3non
(26-06-2020, 05:19 PM)SachinBorkar Hex @X3non, I know I am late for this thread but i also working for same thing.
I personally myself think that it is possible to modify feature phone firmware.
Most of feature phones based on ARM 9 or ARM Cortex platform, we have to find base address for IDA Pro to reverse engineer it.If you did all still there are CRC32 Checksome which prevent to modify firmware.
We have to disable it.

I also need someone to teamwork for it, if you have time or you did read this message @Koken2003 then contact me.

hey, it's been long and good to know you're still here Smile
maybe you could try reaching out to the OP via email if he's still interested
Hey! nice to meet you again. Smile
I did mail him we will sort it out if he contacts.

But if someone (in future) found my post here are some points for you to reverse engineering firmware.

1) We don't know base address due to this IDA Pro can't able to detect it correctly also due to symbol table it also doesn't detect it.
Solution: Use Hopper, it detects all symbols if we use base adress as 0x8000000 (IDA not)

2) Binwalk utility shows wrong file signature and can't get any file inside firmware.
Solution: firmware is written in c/c++ language and for detecting and extracting images from firmware use "Ghidra". It shows all images embedded but not show good deasamble code.

3) Use Use google to find same phone via memory chip IE "Spansion"
 Why ? Ans: I found same phone and get firmware which my phone also can run and have new games :-)
Aside you can research and exploit it too.

4) For hardware reverse engineering there are memory I/O addresses ?
Ans: Yes, If you change any byte of that address then hardware get activated ie SIM card via "000001"
/* I cant remeber it corectly but maybe you get it from firmware */

If you still need information on ARM firmware reverse engineering then goto

1) https://www.youtube.com/watch?v=q4CxE5P6RUE&t=483s
2) https://www.youtube.com/watch?v=V6ZySLopflk&t=50s

If you want to contact me in future as I can't always online on this forum and want to contribute in feature phone firmware reverse engineering

Contact Me: Twitter @borkarsachin97
hernanperez
hernanperez
hernanperez
Newbie
1
23-09-2020, 02:09 PM
#6
good good
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
YtWhTl
live chat
whatsapp telegram instagram