cBsQNcGL

· 7 years ago · Oct 11, 2018, 12:14 AM
1./hex2bin firmware.hex
2	
3strings firmaware.bin
4...
5WATT
6MODE 
7TEMP 
8MEMORY
9 MODE 
10 STRENGTH
11  MIN 
12SOFT
13NORM
14HARD
15 MAX 
16BLUETOOTH
17   ON    
18   OFF   
19   LED   
20STEALTH
21 OFF  
22  ON  
23  TODAY
24...
25	
26binwalk firmware.bin 
27
28    DECIMAL       HEXADECIMAL     DESCRIPTION
29    --------------------------------------------------------------------------------
30	
31binwalk -E firmware.bin
32	
33radare2 -A -arm -b 32 firmware.bin 
34[x] Analyze all flags starting with sym. and entry0 (aa)
35[x] Analyze len bytes of instructions for references (aar)
36[x] Analyze function calls (aac)
37[ ] [*] Use -AA or aaaa to perform additional experimental analysis.
38[x] Constructing a function name for fcn.* and sym.func.* functions (aan))
39 -- Step through your seek history with the commands 'u' (undo) and 'U' (redo)
40[0x00000000]> aa
41[x] Analyze all flags starting with sym. and entry0 (aa)
42[0x00000000]> afl
430x00000000    1 10           fcn.00000000
440x0000000a    3 108          fcn.0000000a
450x00000142    1 3            fcn.00000142
460x00000c02    1 2            fcn.00000c02
470x00002b0f    1 41           fcn.00002b0f
480x00004319    1 8            fcn.00004319
490x00004321    1 67           fcn.00004321
500x000055f0    1 3            fcn.000055f0
510x000059f0    1 11           fcn.000059f0
520x00005b0e    1 3            fcn.00005b0e
530x00006971    1 49           fcn.00006971
540x00006c9a    1 7            fcn.00006c9a
550x00007020    6 353  -> 356  fcn.00007020
560x00007663    5 70   -> 100  fcn.00007663
570x000082d3    1 110          fcn.000082d3
580x0000886b    3 56           fcn.0000886b
590x00009360   43 783  -> 716  fcn.00009360
600x0000990e    3 28   -> 34   fcn.0000990e
610x0000b7f0    7 230  -> 238  fcn.0000b7f0
620x0000c130    2 40           fcn.0000c130
630x0000e00c    9 393  -> 239  fcn.0000e00c
640x0000e017    9 382  -> 228  fcn.0000e017
65	
66~/firmware/e-cig/XCUBE II upgrading tool $ file *
67config.ini:                                            ASCII text, with CRLF line terminators
68NuMicro ISP Programming Tool.exe:                      PE32 executable (GUI) Intel 80386, for MS Windows
69NuMicro ISP Programming Tool User's Guide.pdf:         PDF document, version 1.5
70XCUBE II-VIVI-52 (160616)V.1.098(checksum=0x28F9).hex: ASCII text, with CRLF line terminators
71	
72$ cat config.ini | grep NUC200LE3AN -B2 -A3
73
74[0x00020000]
75NAME_STRING = NUC200LE3AN
76RAM_SIZE = 16
77FLASH_SIZE = 128
78	
7900002ed0  01 21 1b 20 fd f7 6e fe  21 46 38 6a 09 f0 16 fd  |.!. ..n.!F8j....|
8000002ee0  64 21 09 f0 13 fd 08 46  0a 21 09 f0 0f fd 10 30  |d!.....F.!.....0|
8100002ef0  14 21 48 43 42 19 01 21  25 20 fd f7 5b fe 73 e0  |.!HCB..!% ..[.s.|
8200002f00  68 e2 88 e0 57 41 54 54  0a 00 00 00 4d 4f 44 45  |h...WATT....MODE|
8300002f10  0a 00 00 00 7c db 00 00  88 db 00 00 54 45 4d 50  |....|.......TEMP|
8400002f20  0a 00 00 00 4d 45 4d 4f  52 59 0a 00 20 4d 4f 44  |....MEMORY.. MOD|
8500002f30  45 20 0a 00 ac 01 00 20  53 54 52 45 4e 47 54 48  |E ..... STRENGTH|
8600002f40  0a 00 00 00 3c 0b 00 20  20 4d 49 4e 20 0a 00 00  |....<..  MIN ...|
8700002f50  53 4f 46 54 0a 00 00 00  4e 4f 52 4d 0a 00 00 00  |SOFT....NORM....|
8800002f60  48 41 52 44 0a 00 00 00  20 4d 41 58 20 0a 00 00  |HARD.... MAX ...|
8900002f70  ea cf 00 00 42 4c 55 45  54 4f 4f 54 48 0a 00 00  |....BLUETOOTH...|
9000002f80  20 20 20 4f 4e 20 20 20  20 0a 00 00 20 20 20 4f  |   ON    ...   O|
9100002f90  46 46 20 20 20 0a 00 00  ea d0 00 00 20 20 20 4c  |FF   .......   L|
9200002fa0  45 44 20 20 20 0a 00 00  6a d1 00 00 53 54 45 41  |ED   ...j...STEA|
9300002fb0  4c 54 48 0a 00 00 00 00  20 4f 46 46 20 20 0a 00  |LTH..... OFF  ..|
9400002fc0  20 20 4f 4e 20 20 0a 00  20 20 54 4f 44 41 59 20  |  ON  ..  TODAY |
9500002fd0  20 0a 00 00 80 96 98 00  f6 e1 00 00 83 e5 00 00  | ...............|
9600002fe0  a0 86 01 00 10 27 00 00  21 46 38 6a 09 f0 8e fc  |.....'..!F8j....|
9700002ff0  0a 21 09 f0 8b fc 10 31  14 20 41 43 4a 19 01 21  |.!.....1. ACJ..!|
98	
9900004f70  84 e0 04 f0 40 fe 00 28  13 d0 00 20 03 f0 ec ff  |....@..(... ....|
10000004f80  1e 49 80 31 08 69 88 61  35 4a 90 42 00 d3 8c 61  |.I.1.i.a5J.B...a|
10100004f90  88 69 08 62 33 48 06 23  04 22 00 90 19 46 00 20  |.i.b3H.#."...F. |
10200004fa0  62 e0 6b e0 20 43 48 45  43 4b 20 20 0a 00 00 00  |b.k. CHECK  ....|
10300004fb0  41 54 4f 4d 49 5a 45 52  0a 00 00 00 f6 e0 00 00  |ATOMIZER........|
10400004fc0  28 03 00 20 ac 01 00 20  7a e0 00 00 20 20 43 48  |(.. ... z...  CH|
10500004fd0  45 43 4b 20 20 0a 00 00  10 4b 00 00 ba e0 00 00  |ECK  ....K......|
10600004fe0  44 4f 4e 27 54 0a 00 00  41 42 55 53 45 0a 00 00  |DON'T...ABUSE...|
10700004ff0  50 52 4f 54 45 43 54 53  21 0a 00 00 3c 0b 00 20  |PROTECTS!...<.. |
10800005000  20 57 41 54 54 20 0a 00  2c 2f 00 00 60 ea 00 00  | WATT ..,/..`...|
10900005010  36 e1 00 00 2d 53 48 4f  52 54 2d 20 0a 00 00 00  |6...-SHORT- ....|
11000005020  b2 eb 00 00 88 13 00 00  20 53 48 4f 52 54 20 20  |........ SHORT  |
11100005030  0a 00 00 00 81 0b 00 00  49 53 20 4e 45 57 0a 00  |........IS NEW..|
11200005040  43 4f 49 4c 3f 20 0a 00  59 0a 00 00 4e 0a 00 00  |COIL? ..Y...N...|
11300005050  7c db 00 00 88 db 00 00  dc 05 00 00 a0 db 00 00  ||...............|
11400005060  0f 27 00 00 94 db 00 00  fb f7 e0 fd 28 46 fd f7  |.'..........(F..|
11500005070  a1 f8 fb f7 f0 fe 07 20  fd f7 08 fb af 20 fb f7  |....... ..... ..|
11600005080  2f ff 00 20 fb f7 30 ff  38 bd ff 49 08 60 70 47  |/.. ..0.8..I.`pG|
11700005090  fe 49 88 72 70 47 fd 48  80 7a 70 47 10 b5 13 24  |.I.rpG.H.zpG...$|
118	
11900005490  44 2f 00 00 34 0c 00 20  a0 db 00 00 88 db 00 00  |D/..4.. ........|
120000054a0  94 db 00 00 7c db 00 00  ea d5 00 00 36 0a 00 00  |....|.......6...|
121000054b0  2e 0a 00 00 50 4f 57 45  52 0a 00 00 20 4f 46 46  |....POWER... OFF|
122000054c0  20 0a 00 00 20 20 4f 4e  20 0a 00 00 e7 03 00 00  | ...  ON .......|
123000054d0  0f 27 00 00 9f 86 01 00  33 08 00 00 5f db 00 00  |.'......3..._...|
124000054e0  fb f7 a4 fb fd 49 20 68  07 f0 10 fa 7d 27 08 46  |.....I h....}'.F|
125000054f0  ff 00 39 46 07 f0 0a fa  f9 4e 00 01 80 19 01 22  |..9F.....N....."|
126	
12700009d00  21 b0 f0 bd 00 01 00 50  00 ff 01 00 b4 ed 00 00  |!......P........|
12800009d10  43 12 67 00 45 52 52 4f  52 3a 20 20 20 0a 00 00  |C.g.ERROR:   ...|
12900009d20  4e 4f 20 53 45 43 52 45  54 0a 00 00 2d 4b 45 59  |NO SECRET...-KEY|
13000009d30  21 20 20 20 20 0a 00 00  ef 48 00 68 c0 07 c0 0f  |!    ....H.h....|
131	
132$ r2 ihex://SMOK_X_CUBE_II_firmware_v1.07.hex
133 -- I am Pentium of Borg. Division is futile. You will be approximated.
134[0x00000000]> izz
135Do you want to print 1444 lines? (y/N)   <--- enter "y", obviously
136	
137vaddr=0x0000aa95 paddr=0x0000aa95 ordinal=1093 sz=28 len=13 section=unknown type=wide string=h(èƒæ‡Ô‡Ó•æ  ã i(èƒâ‡Ô‡
138vaddr=0x0000aab5 paddr=0x0000aab5 ordinal=1094 sz=54 len=26 section=unknown type=wide string=i(èƒâ±‡æ½©î©á„†î•HhÐ¨â£î‰©à¡‰â¡€Ñ¡â£ Å©à¤¡è …â¡ƒç¡h(èƒî‡
139vaddr=0x0000aaef paddr=0x0000aaef ordinal=1095 sz=10 len=4 section=unknown type=wide string=HhÌ¨â£
140vaddr=0x0000ab07 paddr=0x0000ab07 ordinal=1096 sz=62 len=30 section=unknown type=wide string=h(èƒï¡‡á„†íƒ•HhÐ¨æ£ì¹©à¡‰æ¡€Ñ¡æ£ Å©à¤¡è …æ¡ƒç¡i(èƒï¡‡à¼‚ì›•HhÌ¨æ£
141vaddr=0x0000ab53 paddr=0x0000ab53 ordinal=1097 sz=70 len=34 section=unknown type=wide string=i(èƒï¡‡ï¢½ì‚µæ±ì¨îŽÔ‡Çæ  ã h(èƒê‡Ô‡Ë•æ  ë h(èƒæ‡Ô‡Ó•æ  ã i(èƒâ‡Ô‡
142vaddr=0x0000ab9d paddr=0x0000ab9d ordinal=1098 sz=58 len=28 section=unknown type=wide string=i(èƒâ±‡æ½©î©á„†ê§•HhÐ¨â£ê¡©à¡‰â¡€Ñ¡â£ Å©à¤¡è …â¡ƒç¡h(èƒî‡êˆ‚à½Œ
143vaddr=0x0000abd7 paddr=0x0000abd7 ordinal=1099 sz=10 len=4 section=unknown type=wide string=HhÌ¨â£
144vaddr=0x0000abef paddr=0x0000abef ordinal=1100 sz=62 len=30 section=unknown type=wide string=h(èƒï¡‡á„†é›•HhÐ¨æ£é‘©à¡‰æ¡€Ñ¡æ£ Å©à¤¡è …æ¡ƒç¡i(èƒï¡‡à¼‚è³•HhÌ¨æ£
145vaddr=0x0000ac3b paddr=0x0000ac3b ordinal=1101 sz=22 len=10 section=unknown type=wide string=i(èƒï¡‡è¢½è…ˆà½¨áˆ¢á„…è…ƒ