Techly NewsGet the app

Get the latest tech news

Remote code execution via MIDI messages


Blog post about a reverse engineering project

What sparked that curiosity was a service manual for a similar synth (the E443, I own an E433) that I found online, which among other things featured a pinout of that main chip that listed pin descriptions so enticing (“TESTN – Test Mode”, “PROTN – Determines if the product is a prototype”) that I just had to get a look at what was going on. On the other hand, incorrectly talking to a device via JTAG risks catastrophic damage, as some implementations of the interface grant very low-level access to the hardware, even lower than the machine code that CPU cores execute have. These global variables are referenced by other pieces of code (both in the flash and internal ROM) which write data into mysterious addresses located at 0xfxxxxxxx, which I’m assuming is the memory region that’s used to talk to various peripherals inside of the chip.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of MIDI messages

MIDI messages

« Amazon is working on a Melania Trump documentary
Reverse Engineering the Constants in the Pentium FPU »