| Thanks for this response, this is awesome! I agree with but extend your last point about breadcrumbs - it's not just that write-ups are hard to find, it's that even several great write-ups for adjacent projects may not be sufficient for a beginner to synthesize a path for his specific project. I spent a week watching YouTube videos and reading in preparation to dump the router firmware, and it still took me 3 days before I committed to actually soldering the wires to the UART contacts - the videos all had header pins! (Sounds dumb, but I'd never permanently altered hardware before.) In case people are curious, the router automatically gave me a root shell when I accidentally pressed a key during startup once I was connected to UART (using a [programmer board](https://a.co/d/0aVp22Mq)), and I was able to dump firmware using `dd` on one of the device partitions labeled "firmware", then `netcat`ing it out. I also tried dumping the SPI flash chip directly using tiny alligator clips and flashrom, but I think I literally didn't know to build the latest version of flashrom from source, and so couldn't connect. Maybe same issue with JTAG - old software couldn't find my new programmer board. But I wouldn't have known what to do with gdb access even if I had connected to JTAG! Oh, I also didn't know that I needed to solder together the 2 pins that were specified by the datasheet to activate JTAG - thought I could just hold a wire between them like stealing a car in the movies lol. Final example of "no breadcrumbs": I wanted to modify the firmware, then flash it back, but I couldn't for several days and the life of me figure out how to repack the firmware after using binwalk to unpack it. Ultimately I flashed something badly formatted out of desperation (maybe wrong size??) and bricked the router. Every guide mentioned "flashing back", but none showed how to do it - I am actually still curious haha, what was I missing? |