StarLink Terminal Unit Firmware Dumped
There’s a lot of expense in what telephone companies call “the last mile” — delivering service from the main trunks to your home or business. StarLink wants to avoid that cost by connecting you via an array of low-orbit satellites and some users are already using the service. In Belgium, [Lennert Wouters] managed to dump the terminal’s firmware and has some interesting observations.
The teardown is actually more than just a firmware dump. His “level 1” teardown involves exposing the board. This can be tricky because there are apparently different versions of the terminal out already, so advice from one source might not match your hardware, and that was the case here.
A UART connector revealed U-Boot log messages on startup. The boot messages gave instructions displayed for interrupting the boot process, but they didn’t appear to actually work. The next step was “level 2” which involved dislodging the board to directly access the eMMC chip.
Dumping the data from the chip wasn’t that hard. However, the chip also has error correcting codes that aren’t part of the actual data stream, so those had to go.
Analysis of the code proved interesting. There is a fuse that identifies development hardware and if that fuse isn’t present, you can’t log in. Further, the login flag is geofenced. You have to be in certain locations — some, but not all, SpaceX facilities — to log in.
Overall, an interesting tear down and we wonder what other secrets these terminals will give up as more people have access to them. We’ve covered the system before, including an X-ray view of the antenna.
Post a Comment