Schlagwort-Archive: nano

the theoretical Uefi / Bios backdoor removal How2

Bei ASUS Mainboards / Motherboards wurde das komplette EFI spi flash immer erfolgreich neu überschrieben. Bei Apple’s MacbookPro oder anderen Latop’s ist es 1 . die zu beschreibende BINARY images Dateien zu erhalten bzw. an einen quelle download zu haben die etwas schwierigere Hürde bei diesem und das anstecken der Kontakt stellen pins/ füsschen des chips das eigentliche Problem da diese chips um einiges kleiner und zeitweise nicht so gut errreichbar bzw. verbaut sin als die in den PC’s spi flash Chips sind.

install flashrom and its dependencies to build

1. get flashrom build depends
apt install -y libusb-dev zlib1g-dev git-core build-essential cmake libtool autoconf automake libpci-dev libpci3 pciutils libftdi-dev

2. get flashrom itself best isto get  latest from git tag
git clone
cd flashrom
make install
#ready to use check command 
flashrom -h

Connecting programmer with your 8soic clip nd the chip FLASH

3. get your flashrom connector if you aint got an ftdi or flasher( i always wanted to have an catflash but i hadnt so much money for that and now they aitn more actual bus pirate is an good allternate)  you can build one from arduino they aint so fast but its enough to get  a new uefi flash

4. get an 8soic or 8dio clip at

5. connect 8soic clip with the flasher and with the chi to get flashed together

Description Bus Pirate Dir. Flash chip Dir. Bus Pirate Description
(not) Chip Select CS 1 /CS VCC 8 +3.3v Supply
Master In, Slave Out MISO 2 DO (IO1) /HOLD (IO3) 7 +3.3v (not) hold (see datasheets)
(not) Write Protect +3.3v 3 /WP (IO2) CLK 6 CLK The SPI clock
Ground GND 4 GND DI (IO0) 5 MOSI Master Out, Slave In

Usage of flashrom with your programmer

6. start dumping and flashing
flashrom -p buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M -V

with -V you get info about chip connected
if all goes good and chip ist recognized you can start to dump flashrom with
this will read the chip and save the content as BIOS.DUMP filenname. before you wirte the cip you should read it 2 – 3 times and diff it if they are equal to know if an read errror has been made if alla are same you can start writing to flash chip with
you can add
-o logfilename.log
for saving the logoutput to an give filename 

  • beim start des os wird irgen ein proces bzw service willkürlich asugewählt dieser wird dann injektioert und hat einen listetinger lauschport offen

Related posts


Lost my pineapple mark5 alias mk5 in peru

so i wanted to get a new one and saw there is an pienapple nano and tera avaible at hak5

i grabbed  the firmware, binwalked it .
(get it from github or via apt)

cut kernel, rootfs etc out from the upgrade file and here ist the roofs  as bin just swquah it with or get it extraced her:

bought me an hornet board with 64 named x2

there is also the original hornet x board firmware avaiable in all parts  rootfs kernel etc also from firmware udprage file


Related posts


Available through pineapple repository from hak5

some missing  packages in normal openwrt


Related posts