HITB Amsterdam

Similar documents
Malware

Spring 2017 :: CSE 506. Device Programming. Nima Honarmand

Intel Graphics Virtualization on KVM. Aug KVM Forum 2011 Rev. 3

Metasm. a ruby (dis)assembler. Yoann Guillot. 20 october 2007

AMT vpro ME. How to Become the Sole Owner of Your PC. ptsecurity.com

2018/04/11 00:10 1/6 NuttX Protected Build

Memory Analysis. CSF: Forensics Cyber-Security. Part II. Basic Techniques and Tools for Digital Forensics. Fall 2018 Nuno Santos

Real Safe Times in the Jailhouse Hypervisor Unrestricted Siemens AG All rights reserved

Graphics Pass-through with VT-d

VGA Assignment Using VFIO. Alex Williamson October 21 st, 2013

Virtualization Overview NSRC

The Kernel Abstraction

Reverse Engineering Malware Dynamic Analysis of Binary Malware II

CPSC 213. Introduction to Computer Systems. I/O Devices, Interrupts and DMA. Unit 2a Oct 27, 29, 31. Winter Session 2014, Term 1

Hardware OS & OS- Application interface

Wind River. All Rights Reserved.

Common Computer-System and OS Structures

Eight ou two eleven. Dynamic inspec5on of Broadcom Wi- Fi cards on mobile devices. Ma5as Eissler HITBAMS2015

The Early System Start-Up Process. Group Presentation by: Tianyuan Liu, Caiwei He, Krishna Parasuram Srinivasan, Wenbin Xu

XE 900: Fastest EPIC board now available with Windows XPe

Lecture 2: September 9

Development of I/O Pass-through: Current Status & the Future. Nov 21, 2008 Yuji Shimada NEC System Technologies, Ltd.

MASSIVE SCALE USB DEVICE DRIVER FUZZ WITHOUT DEVICE. HC Tencent s XuanwuLab

OPERATING SYSTEMS CS136

Input-Output (I/O) Input - Output. I/O Devices. I/O Devices. I/O Devices. I/O Devices. operating system must control all I/O devices.

Device I/O Programming

19: I/O. Mark Handley. Direct Memory Access (DMA)

Introduction to OS. Introduction MOS Mahmoud El-Gayyar. Mahmoud El-Gayyar / Introduction to OS 1

Firmware Rootkits: The Threat to the Enterprise. John Heasman, Director of Research

1/6. Main. Bios Version System Time System Date Hide Diagnostic Messages During Enabled Disabled POST Error Pause. Processor.

A Primitive for Revealing Stealthy Peripheral-Based Attacks on the Computing Platform s Main Memory

Four Components of a Computer System

ECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017

Xen VT status and TODO lists for Xen-summit. Arun Sharma, Asit Mallick, Jun Nakajima, Sunil Saxena

I/O and Device Drivers

1.1 For Fun and Profit. 1.2 Common Techniques. My Preferred Techniques


64 bit Bare Metal Programming on RPI-3. Tristan Gingold

About unchecked management SMM & UEFI. Vulnerability. Patch. Conclusion. Bruno Pujos. July 16, Bruno Pujos

Development Tools. 8-Bit Development Tools. Development Tools. AVR Development Tools

Hardware Involved Software Attacks

What Operating Systems Do An operating system is a program hardware that manages the computer provides a basis for application programs acts as an int

CODEBLUE Takahiro Matsuki (FFRI) Dennis Kengo Oka (ETAS)

UEFI and PCI bootkits. Pierre Chifflier PacSec 2013

Demystifying Network Cards

Making Dynamic Instrumentation Great Again

Designing Embedded Processors in FPGAs

Process Dump Analyses

Advances in Linux process forensics with ECFS

Memory Forensics. Presented at VolgaCTF, Russia Inter-Regional Inter-University Open Computer Security Contest

CSCI-GA Operating Systems I/O. Hubertus Franke

Exploring Qualcomm Baseband via ModKit. Tencent Blade Team Tencent Security Platform Department

Linux on Sun Logical Domains

Debugging code snippets in IDA Pro 5.6 using QEMU emulator Copyright 2010 Hex-Rays SA

Chapter 2: Operating-System Structures. Operating System Concepts 9 th Edit9on

Knut Omang Ifi/Oracle 20 Oct, Introduction to virtualization (Virtual machines) Aspects of network virtualization:

VORAGO VA108x0 Bootloader application note

Troubleshoot IOS Hypervisor and System Image Recovery for CGR 1000

Chapter 2. Operating-System Structures

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

)8-,768'HY.LW 2YHUYLHZ. )XMLWVX0LNURHOHNWURQLN*PE+ Am Siebenstein Dreieich-Buchschlag, Germany

CS 416: Operating Systems Design April 22, 2015

RESOURCE MANAGEMENT MICHAEL ROITZSCH

Chapter 2: Operating-System Structures

Openvpn Client Do Not Change Default Gateway

_ V Renesas R8C In-Circuit Emulation. Contents. Technical Notes

Engineer-to-Engineer Note

Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems

... Application Note AN-531. PCI Express System Interconnect Software Architecture. Notes Introduction. System Architecture.

Efficient and Large Scale Program Flow Tracing in Linux. Alexander Shishkin, Intel

PCI to SH-3 AN Hitachi SH3 to PCI bus

19: Networking. Networking Hardware. Mark Handley

Input/Output Problems. External Devices. Input/Output Module. I/O Steps. I/O Module Function Computer Architecture

Boot Loader. Bootloader

Designing with ALTERA SoC Hardware

OS: An Overview. ICS332 Operating Systems

A Hardware-Assisted Virtualization Based Approach on How to Protect the Kernel Space from Malicious Actions

Chapter 13: I/O Systems

PCI-HPDI32A-COS User Manual

Programmed I/O accesses: a threat to Virtual Machine Monitors?

Che-Wei Chang Department of Computer Science and Information Engineering, Chang Gung University

Introduction to Operating Systems. Chapter Chapter

Renesas 78K/78K0R/RL78 Family In-Circuit Emulation

Debugging uclinux on Coldfire

Today: I/O Systems. Architecture of I/O Systems

Lecture 2 - Fundamental Concepts

L4/Darwin: Evolving UNIX. Charles Gray Research Engineer, National ICT Australia

24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.

Chapter 6: Network Layer

ECE 471 Embedded Systems Lecture 6

Review: Hardware user/kernel boundary

Generic Model of I/O Module Interface to CPU and Memory Interface to one or more peripherals

ECE 598 Advanced Operating Systems Lecture 10

PathFinder-XD for MIPS Powered Devices. Simulator

Software Development Using Full System Simulation with Freescale QorIQ Communications Processors

Runtime Process Insemination

Introduction to Embedded Bootloader. Intel SSG/SSD/UEFI

Lecture 5: February 3

Mike Anderson. TCP/IP in Embedded Systems. CTO/Chief Scientist The PTR Group, Inc.

EPIC board ensures reliability in the toughest environment

Transcription:

Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware Guillaume Delugré Sogeti / ESEC R&D guillaume(at)security-labs.org HITB 2011 - Amsterdam

Purpose of this presentation G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 2/45 Hardware trust? Hardware manufacturers are reluctant to disclose their specifications You do not really know what firmwares do behind your back Consequently you cannot really trust them... Previous works A SSH server in your NIC, Arrigo Triulzi, PacSec 2008 Can you still trust your network card?, Y-A Perez, L. Duflot, CanSecWest 2010 Reversing the Broadcom NetExtreme firmware, G. Delugre, Hack.lu 2010 Runtime Firmware Integrity Verification: What Can Now Be Achieved, Y-A Perez, L. Duflot, CanSecWest 2011

Purpose of this presentation G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 3/45 What is this presentation about? Why? Reverse engineering of the Broadcom Ethernet NetExtreme firmware Building an instrumentation toolset for the device Developing a new firmware from scratch To have a better understanding of the device internals To look for vulnerabilities inside the firmware code To develop an open-source alternative firmware for the community To develop a rootkit firmware embedded in the network card!

. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 4/45 Plan Overview of the NIC architecture 1 Overview of the NIC architecture 2 3

Where should we begin? G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 5/45 About the target Sources Targeted hardware: Broadcom Ethernet NetExtreme NIC Standard range of Ethernet cards family from Broadcom Massively installed on personal laptops, home computers, enterprises... Broadcom device specifications (incomplete, sometimes erroneous) Linux open-source kernel module (tg3) A firmware code is published as a binary blob in the kernel tree It is actually not loaded by the Linux driver

The targeted device G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 6/45

NIC overview G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 7/45

Device overview G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 8/45 Core blocks The PHY block DSP on the Ethernet link Passes raw data to the MAC block The MAC block Processes and queues network frames Passes them to the driver MAC components one or two MIPS CPU a non-volatile EEPROM memory a volatile SRAM memory a set of registers to configure the device

Communicating with the device G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 9/45 PCI interface Cards are connected to the PCI bus Device is accessible using memory-mapped I/O Mapped on 16 bits (64 KB) First 32 KB are a direct mapping onto the device registers Last 32 KB constitute a R/W window into the internal volatile memory The base of the window can be set using a register EEPROM memory can be accessed in R/W using a dedicated set of registers We have access to registers, volatile and EEPROM memory through the PCI bus.

Physical PCI view G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 10/45

Different kinds of memory G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 11/45 EEPROM Manufacturer s information, MAC address,... Firmware images Non-documented format Volatile memory Registers Copy of the firmware image executed by the CPU Network packet structures, temporary buffers MANY registers to configure and control the device Some of them are non-documented

. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 12/45 Plan Overview of the NIC architecture Accessing the device s internal memory Getting to debug firmware code 1 Overview of the NIC architecture 2 3

Instrumenting the device Accessing the device s internal memory Getting to debug firmware code We want to Get easy access to all kinds of memory Dump the executing firmware code Inject and execute some code Test it Debug it At first we have to easily access the device s memory, so we are going to write a little kernel module. G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 13/45

. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 14/45 Plan Overview of the NIC architecture Accessing the device s internal memory Getting to debug firmware code 1 Overview of the NIC architecture 2 Accessing the device s internal memory Getting to debug firmware code 3

Linux Kernel Module Accessing the device s internal memory Getting to debug firmware code Basics At boot time, the BIOS assigns each device a physical memory range The OS maps this range onto a virtual address range In MMIO mode, we have to get the device s base virtual address then just access it like any other memory A kernel proxy between the NIC and userland The module provides primitives for reading and writing inside the NIC (registers, volatile, EEPROM) It exposes them to userland by creating a virtual char device Processes can then use open, read, write, seek syscalls G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 15/45

Extracting the firmware code Accessing the device s internal memory Getting to debug firmware code Firmware dump We can dump the executed firmware code from userland Based at address 0x10000 in volatile memory (refering to the specs) We can directly disassemble MIPS code, obviously it is not encrypted, nor obfuscated Static analysis Static disassembly analysis already made possible We will focus on how to dynamically analyze the executed code G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 16/45

. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 17/45 Plan Overview of the NIC architecture Accessing the device s internal memory Getting to debug firmware code 1 Overview of the NIC architecture 2 Accessing the device s internal memory Getting to debug firmware code 3

Going further Overview of the NIC architecture Accessing the device s internal memory Getting to debug firmware code Plan Using this kernel proxy, we can easily dump and modify the device s memory from userland Now we have to control what is executed on the NIC, the firmware code Two firmware debuggers InVitroDbg is a firmware emulator based on a modified Qemu InVivoDbg is a real firmware debugger to control code executed on the NIC Both use the kernel proxy to interact with the NIC. G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 18/45

G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 19/45 InVitroDbg Overview of the NIC architecture Accessing the device s internal memory Getting to debug firmware code A firmware emulator Emulates the NIC MIPS CPU Interacts with the physical NIC memory Mechanism Based on a modified Qemu Firmware code embedded in a userland ELF executable Code segment mapped at the firmware base address Catches memory faults and redirects accesses to the real device Debugging made possible using the GDB stub of Qemu

Architecture de InVitroDbg Accessing the device s internal memory Getting to debug firmware code G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 20/45

G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 21/45 InVitroDbg Overview of the NIC architecture Accessing the device s internal memory Getting to debug firmware code InVitro Firmware code executed in userland No injection in the device memory Architecture can be reused for other devices A lot of transactions on the PCI bus Fake memory view from the PCI bus

G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 22/45 InVivoDbg Overview of the NIC architecture Accessing the device s internal memory Getting to debug firmware code Firmware debugger Firmware code really executed on the NIC Controlling the CPU using dedicated registers Mechanism CPU control with NIC registers: halt, resume, hbp CPU registers found in non-documented NIC registers Debugger core written in Ruby Integrated with the Metasm dissassembly framework Real-time IDA-like graphical interface for debugging

G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 23/45 InVivoDbg Overview of the NIC architecture Accessing the device s internal memory Getting to debug firmware code InVivo IDA-like GUI Easily extensible with Ruby scripts Few PCI transactions required Real memory view from the NIC CPU

Extending InVivoDbg Accessing the device s internal memory Getting to debug firmware code Execution flow tracing Reuse the Metasm plugin BinTrace (A. Gazet & Y. Guillot) Log every basic block executed Save a trace which can be visualized offline Support differential analysis of different traces Interest Quickly visualize the default execution path of the code Monitor the effect of various stimuli (received packet, driver communication... ) on execution G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 24/45

Execution flow trace Accessing the device s internal memory Getting to debug firmware code G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 25/45

Extending InVivoDbg Accessing the device s internal memory Getting to debug firmware code Memory access tracing Step-by-step firmware code Log each memory access (lw, sw, lh, sh, lb, sb) Save the generated trace Replay the trace Interest Does not rely on firmware code analysis Extracts the very core behavior of the firmware Logs every register access tells us what the firmware is actually doing, e.g. how it configures the device G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 26/45

Memory access trace Accessing the device s internal memory Getting to debug firmware code G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 27/45

. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 28/45 Plan Overview of the NIC architecture Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper 1 Overview of the NIC architecture 2 3

Creating a new firmware: what for? Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper Multiple purposes Provides an open-source alternative to proprietary firmware Creates a rootkit firmware resident in the NIC Turns a network card into a physical memory dumper (forensics) How to get code execution? Writing the firmware in memory and redirecting $pc Writing the firmware in EEPROM so that it runs at bootstrap We can then use the previous debuggers to debug our own code! G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 29/45

. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 30/45 Plan Overview of the NIC architecture Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper 1 Overview of the NIC architecture 2 3 Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper

Understanding the EEPROM layout Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper EEPROM Contains non-volatile data Memory layout is not documented by Broadcom Layout uncovered by analyzing firmware code Memory structure Bootstrap header Device metadata (revision, manufacturer s id) Device configuration (MAC address, power, PCI config,... ) Firmware images Each structure is followed by a CRC32 G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 31/45

Description of the bootstrap process Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper Firmware bootstrap So? How is the firmware loaded from EEPROM to volatile memory? Method: reset the device and stop the CPU as quick as possible! Result: CPU executes code at unknown address 0x4000 0000 This memory zone is execute-only (not read/write), probably a ROM Hack: An non-documented device register holds the current dword pointed by $pc We can dump the ROM by modifying $pc and polling this register! G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 32/45

Description of the bootstrap process Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 33/45

G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 34/45 Overview of the NIC architecture Description of the bootstrap process Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper Bootstrap No trusted bootstrap sequence! Every time the source power is plugged-in, or a PCI reset signal is issued, or the reset register is set: 1 CPU starts on a boot ROM Initializes EEPROM access Loads bootstrap firmware in memory from EEPROM 2 Execution of the bootstrap firmware Configures the core of the device (power, clocks... ) Loads a second-stage firmware from EEPROM 3 Execution of the second-stage firmware Sets up networking (Ethernet link, MAC,... ) Can load another firmware if requested Tells the driver the device is ready

Developing your own firmware Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper Coding environment All we need is A cross-compiled binutils for MIPS We can start developing our firmware in C Inject our firmware in the EEPROM CPU memory mapping Volatile memory is accessible from address 0 Memory greater than 0xC000 0000 maps into device registers G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 35/45

Developing your own firmware Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper Size requirements Code can reside between 0x10000 and 0x1c000 48 KB memory shared by code, stack, and incoming packet buffers Firmware initialization Initialize the stack pointer Configure the device for working (PHY/MAC init) Then you can add whatever feature you wish G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 36/45

. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 37/45 Plan Overview of the NIC architecture Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper 1 Overview of the NIC architecture 2 3 Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper

Network connectivity Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper Networking capability It is active on the network even if the machine is shut down It can listen for incoming packets and forge new packets But first it needs to detect network configuration (our own IP address, router address, DNS... ) Dynamic network configuration detection Embeds a very light DHCP client If no DHCP, tries to catch DNS packets contain router MAC, DNS server IP and our own IP Everything can be sent using a fake MAC address G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 38/45

Direct Memory Access Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper DMA PCI supports Direct Memory Access The NIC transfers frames from/to physical memory with DMA Arbitrary DMAs compromise the OS memory How to do arbitrary DMA 1 Modify the physical address where packets are read/written 2 Modify the packet contents in the device memory on-the-fly 3 Force the device to operate a network operation (recv/send) 4 An arbitrary read/write to physical memory is then triggered Actually MUCH more complicated in practice, but this is the idea G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 39/45

Counter-measures Overview of the NIC architecture Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper Counter-measures Rootkit is active before the system boot Use a trusted boot technology, like Intel TXT Rootkit can corrupt kernel code Use an IOMMU technology, like Intel VT-d Qubes seems to make use of these features Also check Loic Duflot & Y-A. Perez talk about runtime firmware integrity verification (CSW 2011) G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 40/45

. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 41/45 Plan Overview of the NIC architecture Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper 1 Overview of the NIC architecture 2 3 Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper

. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 42/45 Forensics Overview of the NIC architecture Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper Using the NIC for forensics purpose 1 The target system is up and running 2 The NIC is hotplugged on a free PCI slot 3 The device is powered up and the firmware starts 4 The whole physical memory is dumped over the Gigabit link Device base address Our device has no base address (normally assigned by BIOS) We cannot safely retrieve the PCI-bridge physical address Hopefully we don t need one, all DMA transactions are initiated by the NIC

G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 43/45 Forensics Overview of the NIC architecture Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper Getting DMA to work OS will not crash if we prevent any interrupts to spawn The firmware has to configure the NIC as would do the driver We need to write structures in memory for DMAs to work...... but we cannot taint physical memory (forensics)... and we cannot use the NIC memory (no base address) So I use the VGA framebuffer as a temporary memory zone It has a fixed base address (0xa0000) Just a few pixels needed Safe as long as nothing moves above these pixels This is still a work in progress, no operational demo yet

G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 44/45 Conclusion Overview of the NIC architecture Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper In a nutshell... Reverse engineering of a proprietary firmware for security purpose Made possible with a few free open-source tools (Qemu, Ruby, Metasm, binutils,... ) Real-time firmware debugging! But depends on targeted device (here Broadcom NICs) No firmware signature/encryption in Broadcom Ethernet NICs One can build and load its own firmware To offer an open-source alternative for the community To build a stealthy rootkit embedded in the NIC To turn a NIC into a high-speed physical memory dumper

Thank you for your attention! Flashing the NIC with a custom firmware Example #1: Rootkit Example #2: Physical memory dumper Questions? G. Delugré Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware 45/45

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback