flashrom

Theory

Flashrom is an open-source tool used for reading, writing, verifying, and erasing flash memory chips. It supports a wide range of chipsets and is primarily used for flashing BIOS, firmware, and embedded systems. Flashrom is essential for penetration testers and hardware hackers, as it enables low-level access to the firmware of devices, allowing for potential vulnerabilities to be identified and exploited.

Key Features

  • Cross-Platform

    • Available on Linux, Windows, and macOS.

  • Wide Chip Support

    • Compatible with various flash chips and devices.

  • Read/Write Operations

    • Allows for easy backup and flashing of firmware.

  • Verification

    • Ensures that the flashing process was successful by comparing the written data with the source.

  • Live Flashing

    • Can be used to flash a system while it is running.

Cheat Sheet

# Install Flashrom on Linux
sudo apt-get update
sudo apt-get install flashrom

# Install Flashrom on macOS (using Homebrew)
brew install flashrom

# Detect the flash chip on your device
sudo flashrom -p <programmer>

# Example with Bus Pirate
flashrom -p buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M

# Read flash memory and save it to a file
sudo flashrom -p <programmer> -r backup.bin

# Write a new firmware image to the flash chip
sudo flashrom -p <programmer> -w firmware.bin

Installation

To install Flashrom on different platforms, you can follow these commands:

sudo apt-get update
sudo apt-get install flashrom

Usage

Detecting the Chip

To detect the flash chip on a device, use:

sudo flashrom -p <programmer>

Replace <programmer> with the appropriate programmer (e.g., linux_spi, internal, etc.).

Example Bus Pirate:

flashrom -p buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M

Reading the Flash

To read the flash memory and save it to a file:

sudo flashrom -p <programmer> -r backup.bin

Writing to the Flash

To write a new firmware image to the flash:

sudo flashrom -p <programmer> -w firmware.bin

Expected Output

When the command executes successfully, you might see output similar to the following:

Flashrom v1.2.3-r1234 on Linux 5.4.0-74-generic (x86_64), built with libpci 3.6.4, gcc 9.3.0, little endian
   
Calibrating delay loop... OK.
Detected chipset: Intel H61
Found chip "W25Q64.V" (8192 KB, SPI) at physical address 0x00000000.
Reading flash... done.
Size: 8192 KB
Saved to backup.bin

Important Notes

  • Always ensure you have a valid backup of the current firmware before attempting to flash a new image.

  • Incorrectly flashing firmware can lead to bricking the device, making it inoperable.

  • Consult the Flashrom documentation for more detailed information and supported hardware.

Resources

https://www.flashrom.org/ https://github.com/flashrom/flashrom

Last updated