Reverse Engineering keyboard firmware with Ghidra
13 hours ago
- #firmware
- #reverse-engineering
- #ghidra
- NSA released Ghidra, a free and powerful reverse engineering tool in March 2019.
- Author modified a non-backlit Ducky One TKL keyboard to a backlit version by soldering LEDs and flashing firmware.
- Ducky's firmware update tool is Windows-only, prompting the author to extract firmware for use on Linux.
- Sprite_tm's reverse engineering of a Coolermaster keyboard inspired the author.
- Ghidra was used to analyze the Ducky firmware updater, revealing obfuscated firmware within the .exe file.
- The firmware decryption process involves XOR operations with a secret key found in the binary.
- The author successfully decrypted part of the firmware, revealing version and keyboard details.
- Future steps include using the discovered secret key to further decrypt and analyze the firmware.