Reverse engineering the DMM4050

Stuff I am working on
Post Reply
Daniel Wee
Site Admin
Posts: 2449
Joined: Wed 25 Feb 25 2009 8:00 pm

Reverse engineering the DMM4050

Post by Daniel Wee »

Hacking the Tektronix DMM4050 (Fluke 8846A)

1. Get hold of the firmware update installer from:-
http://www.tooms.dk/?page=http%3A//www. ... C_ID%3D311
- this is the firmware for Fluke 8846A because it doesn’t appear that the Tektronix ever released any firmware updates for the DMM4050, we’ll have to make do

2. Install the file or extract out of the installer
- in the installed directory “Program Files (x86)/Fluke Precision Measurement”
- subdirectory instruments/884X/bin
- grab the jffs2.bin
- this is the flash image file that contains the root file system

3. On Ubuntu, mount the file as follows:-
du -sk jffs2.bin
- this will give you the filesize in kilobytes (4992) which you will need in the next step
- this assumes you are in the same directory where you put the jffs2.bin

sudo modprobe mtdram total_size=4992 erase_size=128
sudo modprobe mtdblock
sudo mkdir /media/mtdmp
sudo dd if=jffs2.bin of=/dev/mtdblock0
sudo mount -t jffs2 /dev/mtdblock0 /media/mtdmp

4. Now the image is mounted, you can cd into the directory
cd /media/mtdmp/etc
cat shadow
- grab the root password hash

5. Next we use hashcat to brute force the DES hash
- there might be MD5 involved
./hashcat64.bin -m 1500 iYNCcGcvYI0KI -a 3
- this will take quite a while even with GPU acceleration on the Titan X
- after about 2-hours = “Stratts5”
- but as this was for the Fluke 8846A, the password didn’t work for the Tek DMM4050
Daniel Wee
Site Admin
Posts: 2449
Joined: Wed 25 Feb 25 2009 8:00 pm

Re: Reverse engineering the DMM4050

Post by Daniel Wee »

Firmware file
Attachments
Fluke8846A-Firmware2.10.882.24.zip
(37.38 MiB) Downloaded 1236 times
FLUKE 8845A_8846A Calibration.pdf
(3.2 MiB) Downloaded 1262 times
Post Reply