Hi all of you!

I read about PS3 , iPhone etc cracking and i was watching these videos http://www.pagetable.com/?p=517 earlyer and i have a question.

How someone can read the code from a microcontroller ?
How you can disassemble its code ?

Ok i understand the way that this happened with applications but with hardware?
How they read the asm from tsips ?
Where this code been stored ?

I search at the internet but couldn't find something helpfull.

Have you got any good article / link on this method ?

Thanks in advance!

Hardware is typically approached by finding out what processor the code is running on. Once that is figured out you can download the developer manuals for this chipset to familiarize yourself with the opcodes/syntax/architecture of the chip. IDA will more than likely support the chipset that the code was written in unless it's extremely obscure. If that's the case try looking around for development kits for that chipset which should have development tools to help with debugging/disassembling etc.

Disassembling an embedded device usually involves finding target chip manufacturer and obtaining programming devices and tools, as mentioned above. From there it is a simple as reading the chip from a programmer or an in circuit serial programmer. Most chips come with a bit that prevents reading of the ROM (to keep people from copying their code) so you may have some frustration at first. Sometimes a high voltage shock can reset this protection bit but is tricky to get right.

I Might also add that code is also stored in various places as well depending on the complexity of the device. is... sat tv... you have code on the smart card, then in the box its self you have code in the tsop as well as eeprom 2 separate chips containing the firm ware tsop is hardware protected . having one of its pins tied to ground to prevent writing. however a simple trace cut can undo this simple protection method.

It's been a while since this thread saw any action, but I've been away for a while, so I'm going to answer anyway.

You specifically asked about a micro-controller. If you have a LARGE budget, there are companies with a device called a "Focusable Ion Beam" or FIB machine. Using this machine, they can burn the top of the chip off, and using a microscope read the individual bits (one at a time!), and generate you a ROM image.

Once you have the ROM image, just load it into IDA, or similar disassembler, and have at it!

(Yes, I've worked on disassemblies obtained in this fashion, no I won't tell you the devices).