Reverse engineering U-Boot for fun and profit (38c3)

A field guide to dumping and reverse engineering a bare-metal U-Boot binary, including all the good stuff like funky hardware setups, UART logs, a locked bootloader and unknown base addresses. Working on hacking a babyphone and encountering a locked bootloader, we were faced with a major roadblock. So, naturally, we bashed our head against said problem for 2 weeks, coming out the other side with a few fun challenges, solutions and tid-bits. I want to recreate this experience here in this talk, by doing the whole process all over again, but this time live, in front of an audience. Includes: - getting serial logs - dumping firmware - extracting firmware - reverse engineering the U-Boot bootloader, to extract the bootloader password together with some tips, tricks and snark remarks. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/reverse-engineering-u-boot-for-fun-and-profit/