Skip to content
This repository has been archived by the owner on Jun 25, 2024. It is now read-only.

component commands

Jump to bottom
Gwen edited this page Feb 11, 2016 · 3 revisions

COMPONENT COMMANDS

INTRODUCTION

Hardsploit was created to interact with components, chips of different sizes and purposes. All of them use specifics instructions to be able to communicate. Hardsploit offers the possibility to interact with different BUS. Trust us, it's just a beginning, more will come in the future ! Because every BUS is different we give you a different module for each BUS.

Be careful

It can seems obvious but you need two things to interact with a target:

  1. The Hardsploit board needs to be plugged to your computer and detected by the Hardsploit GUI
  2. The component you want to work with must be correctly wired to the Hardsploit board

PARALLEL BUS

Parallel Settings

The first step is to give Hardsploit some settings. You can find them with the help of your component datasheet.

component-cmd-para-set

component-cmd-data-para

  • Total size: Value in bytes, the total size of your component
  • Read / Write Latency: The maximum value is 1600 nanoseconds, you can use it or the one on your component datasheet
  • Word size: 8 or 16 bits
  • Page size in bytes

The write latency and page size aren't used for the moment as the "Import" action is not implemented yet

Once it's done save the settings by clicking on the "Save" button

Parallel Export

component-cmd-para-exp

  1. (Partial dump) Enter the start address
  2. (Partial dump) Enter the stop address
  3. Choose an emplacement on your disk to save the dump result
  4. Click the "Export" or "Full export" button
  5. Wait for Hardsploit to finish the dump !

Be careful

Total size, latency and word size fields must be given in the settings before executing a dump

SPI BUS

SPI Settings

component-cmd-spi-set

To avoid you re-writing the same data every time you launch Hardsploit to work on the same component, you can save some parameters in the database.

As always, you can find the right value by reading the datasheet of your SPI component

SPI Commands

Here you can find all the commands you saved with their names and global descriptions. You can filter the results by using the filter field in the top of the table.

component-cmd-spi

To create a new SPI command, click the "New Command" button at the bottom of the window.

component-cmd-characteristics

At the top you can find

1. The details about what chip we are currently working with, the bus and because it's a new command we have nothing in "Current command"
2. Name of the command
3. Description of the command

For the command bytes array:

1. The order represents the place of the byte in the array
2. The value in hexadecimal
3. The number of repetition to avoid creating a large number of row for the same byte
4. An optional description

Bottom of the window:

1. If a row is selected you can clone it by using the "Clone" button
2. "Minus" button: Remove the selected row
3. "Plus" button: Add a new row at the bottom of the array with default values
  * If you have entered a string in the field, it will convert it in bytes in the table:

When the command is ready, click the "Add" button to add it to the main table.

By clicking on your command name in the table you will have 4 options:

1. Execute: Send the command to Hardsploit
2. Edit: Edit your command
3. Delete: Delete your command and the associated bytes
4. Use as template: Use your command as a base to create another one

SPI Command Result

If your command is correctly formated and saved you can execute it. Select your command in the Command Table and in the bottom list select "Execute". Then click the "Next" button.

cmd-exec-result

You can then save the result in a binary file

cmd-export-result-file

SPI Import

Be careful
All the settings are required minus the read command
  1. (Partial import) Enter the start address
  2. Choose an emplacement on your disk to save the dump result
  3. Click the "Export" or "Full export" button
  4. Wait for Hardsploit to finish the dump !

SPI Export

Be careful
The mode, frequency, total size and SPI command read settings are required
  1. (Partial export) Enter the start address
  2. (Partial export) Enter the stop address
  3. Choose an emplacement on your disk to save the dump result
  4. Click the "Export" or "Full export" button
  5. Wait for Hardsploit to finish the dump !

I2C BUS

I2C Settings

cmd-i2c-set

To avoid re-writing the same thing again and again every time you launch Hardsploit to work on the same component, you can save some parameters in the database.

  1. The Write (W) base address
  2. The Read (R) base address
  3. The frequency
  4. The write page latency
  5. The page size
  6. The memory total size

As always, you can find the right parameters by reading the datasheet of your I2C component

I2C Bus Scan

The I2C Bus Scan is an easy way to get the two bases addresses (R/W) of your component. If your component is correctly wired and Hardsploit board connected, just click the "Bus scan" button. Hardsploit will return you the Read and Write addresses you save in the appropriate fields.

I2C Import

Be careful
All the settings minus the read base address are required
  1. (Partial import) Enter the start address
  2. Choose an emplacement on your disk to save the dump result
  3. Click the "Export" or "Full export" button
  4. Wait for Hardsploit to finish the dump !

I2C Export

Be careful
The write base address, the frequency and the total size settings are required
  1. (Partial export) Enter the start address
  2. (Partial export) Enter the stop address
  3. Choose an emplacement on your disk to save the dump result
  4. Click the "Export" or "Full export" button
  5. Wait for Hardsploit to finish the dump !

I2C Commands

cmd-i2c

To create a new I2C command, it's easy:

You want to READ bytes from your target
  • Verify that the Base address (R) settings is saved
  • Click on the "New Command" button
  • Enter the number of byte(s) you want to read in the "Payload size" field
  • Check "Read"
  • Click "Open"

cmd-i2c-read

In the new window, give your command a name and a description and take a look at the "Bytes" table:

cmd-i2c-read-tab

Nothing to do ! We have already complete the byte table for you, just click the "Add" button and your new command will appear in the Command Table, ready to execute.

You want to WRITE bytes on your target
  • Verify that the Base address (W) is saved
  • Enter the number of byte(s) you want to write in the "Payload size" field
  • Check "Write"
  • Click "Open". In the new window, give your command a name and a description and take a look at the "Bytes" table:

cmd-i2c-write-tab

You just need to complete the 5 (in this example) bytes you want to write then click the "Add" button and your new command will appear in the Command Table, ready to execute !

Of course you can always customize your command by adding / removing /cloning ("+" / "-" / "Clone" buttons) a byte row directly, but don't forget to update the payload size !

By clicking on your new command name in the Command table you will have 5 options:

  1. Execute: Send the command to Hardsploit
  2. Use as template: Use your command as a base to create another one
  3. Edit: Edit your command
  4. Delete: Delete your command and the associated bytes
Quick example of command concatenation

Let's assume you want to read something on your component. You first have to write the start pointer before reading anything right ? Well that's two commands:

  • One to write the pointer
  • One to read the bytes.

cmd-i2c-pointer

cmd-i2c-code

And maybe you will need to write this pointer with another commands. To avoid you re-writing a command every time just click on your "Pointer" command in the table then hold "Ctrl" and click on the command you want to concatenate with it. When both are selected, choose the "Concatenate" option and click "Next".

cmd-i2c-conc

Voila! You have a new command at the bottom of the table that write the pointer and then read content at the same time.

cmd-conc

Clone this wiki locally