Firmware Reverse Engineering II (Briot Example)

In this post I will continue what I started in the previous post in which I presented how to import and prepare Ghidra to analyze the Biot Tracer firmware, whose circuit was also reversed engineered.

The Briot Tracer is used as an example to show (at least partially) the firmware reverse engineering process. Since it uses an external memory (EPROM) the process for obtaining the firmware is simple which makes it ideal as a test case.

As it is not the purpose of this post to study the complete firmware, only the RS232 communication is analyzed in order to gain some insight into how this communication occurs.

Firmware Reverse Engineering I (Briot Example)

Understanding how a device's firmware work could be helpfull for many activities: to discover features that you were not aware of, to find the way to enable a device feature you should otherwise paid for, to discover how to install an alternative firmware, to conduct a security audit, etc.

You can also do this to identify the cause of a strange failure in a device as it provides the full picture of a device operation priciple from a logic point of view. This is the case of the Briot Tracer as this was my first contact with this device and I had absolutelly no clue how it operates or what its normal behaviour is.

In this post I will use the Briot Tracer as an example to show (at least partially) the firmware reverse engineering process and what information we can expect from it. It is selected as it uses an external memory (EPROM type) so the process of obtaining the firmware is straight forward, in other cases the process required to obtain the firmware could me more complicated.