Project

General

Profile

Webcams » History » Version 1

Karsten, 11/11/2014 03:28 PM

1 1 Karsten
h1. Webcams
2 1 Karsten
3 1 Karsten
h2. Disassembled devices
4 1 Karsten
5 1 Karsten
h3. Cheap SpeedLink Reflect LED Webcam
6 1 Karsten
7 1 Karsten
* EtronTech eSP268A7, no external flash/eeprom
8 1 Karsten
* http://www.etron.com/en/products/webcam_detial.php?Product_ID=3
9 1 Karsten
Embedded 8051 with 32KB mask ROM and 2KB SRAM
10 1 Karsten
* http://wenku.baidu.com/view/b5b6a2c25fbfc77da269b15b.html
11 1 Karsten
=> Would be vulnerable if it had an external SPI Flash, but the particular webcam has none
12 1 Karsten
=> %{color:green}Most likely not vulnerable%
13 1 Karsten
14 1 Karsten
h3. Creative Labs Live! Cam Sync HD Model VFO770
15 1 Karsten
16 1 Karsten
* RTS5822 with PM25LD512 SPI Flash (64 KiB)
17 1 Karsten
* http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=30&PFid=43&Level=4&Conn=3&ProdID=346
18 1 Karsten
The RTS5822 supports an internal MCU program ROM, external NOR-Flash interface, and external Serial-Flash interface. With the external Serial-Flash interface, the internal program ROM can be fully replaced and the control firmware can be easily accessed via the USB link.
19 1 Karsten
* Chip can be used with internal ROM only
20 1 Karsten
* Hacking the firmware probably allows disabling the recording LED (but this may also be possible by hacking the driver only)
21 1 Karsten
* We could dump the flash contents to check the firmware
22 1 Karsten
* Particular webcam has an SPI flash
23 1 Karsten
=> %{color:red}most likely vulnerable%.