Hardware & Making

Adventures in Reverse Engineering Broadcom NIC Firmware

Unlocking a system with 100% open source firmware
Saal Granville
hlandau
In an era where vendors increasingly seek to use proprietary software in the devices around us to exert control over their users, the desire for open source software has expanded to the firmware that allows our machines to function, and platforms which individuals can trust and control have never been more important. However, changes to hardware platforms in recent years such as the Intel ME, vendor-supplied binary blobs and vendor-signed firmware images have repeatedly set back efforts to create open source firmware for the computers we use. The release of Power servers with 99% open source firmware excited many who had been searching for a computer they could trust, but one proprietary firmware blob remained: that of the Ethernet controller. This is the story of how that blob was reverse engineered and replaced with an open source replacement, delivering the first machine with desktop-class performance and 100% open source firmware in many years.
This talk is about how I reverse engineered the final remaining firmware blob on the Talos II/Blackbird POWER9 systems, enabling it to be replaced with an open source replacement, in an intensive reverse engineering effort that spanned several years. The talk will begin by introducing the open source firmware movement and its practical and ethical motivations, and note the obstacles to delivering fully open source firmware for contemporary x86 and other platforms and explaining the motive behind the project, before moving onto a more technical discussion of the adventure of firmware reverse engineering and the obstacles encountered. Subjects I intend to cover include: how the original proprietary firmware was reverse engineered from scratch with only limited knowledge of device internals; the long history of Broadcom NIC architecture and its evolution over time; the tools that had to be developed to enable the device probing, testing and reversing process; the story of a horrifying but necessary detour into reversing x86 real mode code and the novel methodology used to aid reversing; how modern NICs allow BMCs in servers to share network ports with the host, and the security hazards this creates; and how fully open source firmware was created legally using a clean room process. This talk will be accessible to audiences unfamiliar with POWER9 or the open source firmware community, but is also intended to cover some new ground and be of interest to those familiar with the project. The talk will mainly be of interest to those interested in open source firmware and issues such as owner control and the security and auditability issues caused by proprietary firmware, and to those interested in reverse engineering.

Additional information

Live Stream https://streaming.media.ccc.de/37c3/granville
Type lecture
Language English

More sessions

12/27/23
Hardware & Making
Thomas
Saal Zuse
After a brief introduction to digital circuits this talk will outline placement and routing algorithms used for creating digital integrated circuits.
12/27/23
Hardware & Making
Dolu1990
Saal Zuse
This lecture will cover many aspect of designing a RISC-V CPU, out-of-order execution, multi-core, memory coherency, security and running linux and debian on a FPGA.
12/27/23
Hardware & Making
Saal Granville
Ein Vortrag über den erfolgreichen Kinder-Audioplayer „Toniebox“ mit Content-Hosting in der Cloud, der nicht nur Einblicke in die (un-)heimliche Datensammlungspraxis bietet, sondern auch gleich passende Lösungen dazu. Custom-Firmware, selfhosted Cloud-Ersatz und Tools zum Erzeugen von Inhalten ohne Herstellercloud.
12/27/23
Hardware & Making
Saal Granville
Embark on Libre Space Foundation's journey into the world of open-source space exploration, where a passionate community of hackers and makers is challenging the traditional defense-driven approach to spacefaring. Discover how we are democratizing space by embracing open-source technologies, community collaboration, and a commitment to sustainability.
12/27/23
Hardware & Making
Jan Goslicki
Saal Zuse
I am paralysed from the chest down, have no hand functions and sit in a power wheelchair. I will share some insights on spinal cord injury and my experiences of how I work, live and travel using a power wheelchair. There are millions of people who cannot control a computer, tablet, or smartphone with their hands. Assistive technology supports the main functionalities which are needed: mouse movement and different kinds of clicks. My portfolio of hands-free assistive technology enables me every ...
12/27/23
Hardware & Making
Jakob Kilian
Saal Zuse
The Unfolding Space Glove transmits the relative position and distance of nearby objects as vibratory stimuli to the back of the hand, enabling blind people to haptically explore the depth of their surroundings. The talk will give a brief overview of the design research project, from the first prototypes to an empirical study and its publication, and provide insights into the underlying hardware and software.
12/27/23
Hardware & Making
Saal 1
We've all been there: the trains you're servicing for a customer suddenly brick themselves and the manufacturer claims that's because you've interfered with a security system. This talk will tell the story of a series of Polish EMUs (Electric Multiple Unit) that all refused to move a few days after arriving at an “unauthorized” service company. We'll go over how a train control system actually works, how we reverse-engineered one and what sort of magical “security” systems we actually ...