FREE Reverse Engineering Self-Study Course HERE
This tutorial will discuss boot sector basics.
-> Click HERE to read the FREE ebook.
A FREE comprehensive step-by-step embedded hacking course covering Embedded Software Development to Reverse Engineering.
VIDEO PROMO HERE
FREE Book Download
Raspberry Pi Pico 2 w/ Header BUY
USB A-Male to USB Micro-B Cable BUY
Raspberry Pi Pico Debug Probe BUY
Complete Component Kit for Raspberry Pi BUY
10pc 25v 1000uF Capacitor BUY
Introduction and Overview of Embedded Reverse Engineering: Ethics, Scoping, and Basic Concepts
Week 1 Slides HERE
Week 1 Notebook HERE
Non-Credit Practice Exercise 1: Explore in Ghidra HERE
Non-Credit Practice Exercise 1 Solution: Explore in Ghidra HERE
Non-Credit Practice Exercise 2: Find Strings in Ghidra HERE
Non-Credit Practice Exercise 2 Solution: Find Strings in Ghidra HERE
Non-Credit Practice Exercise 3: Find Cross-References in Ghidra HERE
Non-Credit Practice Exercise 3 Solution: Find Cross-References in Ghidra HERE
Non-Credit Practice Exercise 4: Connect GDB & Basic Exploration HERE
Non-Credit Practice Exercise 4 Solution: Connect GDB & Basic Exploration HERE
This chapter covers the basics of setting up a dev environment and basic template firmware for the Pico 2 MCU in addition to printing hello, world.
-> Click HERE to read the FREE pdf book.
This chapter covers the debugging of our firmware for the Pico 2 MCU hello, world program.
-> Click HERE to read the FREE pdf book.
Hello, World - Debugging and Hacking Basics: Debugging and Hacking a Basic Program for the Pico 2
Week 2 Slides HERE
Week 2 Notebook HERE
Non-Credit Practice Exercise 1: Change the Message HERE
Non-Credit Practice Exercise 1 Solution: Change the Message HERE
Non-Credit Practice Exercise 2: Use a Different SRAM Address HERE
Non-Credit Practice Exercise 2 Solution: Use a Different SRAM Address HERE
Non-Credit Practice Exercise 3: Examine Memory Around Your String HERE
Non-Credit Practice Exercise 3 Solution: Examine Memory Around Your String HERE
Non-Credit Practice Exercise 4: Automate the Hack HERE
Non-Credit Practice Exercise 4 Solution: Automate the Hack HERE
This chapter covers the hacking of our firmware for the Pico 2 MCU hello, world program.
-> Click HERE to read the FREE pdf book.
Embedded System Analysis: Understanding the RP2350 Architecture w/ Comprehensive Firmware Analysis
Week 3 Slides HERE
Week 3 Notebook HERE
Non-Credit Practice Exercise 1: Trace a Reset HERE
Non-Credit Practice Exercise 1 Solution: Trace a Reset HERE
Non-Credit Practice Exercise 2: Find the Stack Size HERE
Non-Credit Practice Exercise 2 Solution: Find the Stack Size HERE
Non-Credit Practice Exercise 3: Examine All Vectors HERE
Non-Credit Practice Exercise 3 Solution: Examine All Vectors HERE
Non-Credit Practice Exercise 4: Find Your Main Function and Trace Back HERE
Non-Credit Practice Exercise 4 Solution: Find Your Main Function and Trace Back HERE
This chapter covers a comprehensive embedded system analysis reviewing parts of the RP2350 datasheet and helpful firmware analysis tools.
-> Click HERE to read the FREE pdf book.
Variables in Embedded Systems: Debugging and Hacking Variables w/ GPIO Output Basics
Week 4 Slides HERE
Week 4 Notebook HERE
Non-Credit Practice Exercise 1: Analyze Variable Storage in Ghidra HERE
Non-Credit Practice Exercise 1 Solution: Analyze Variable Storage in Ghidra HERE
Non-Credit Practice Exercise 2: Patch Binary to Change Variable Value HERE
Non-Credit Practice Exercise 2 Solution: Patch Binary to Change Variable Value HERE
Non-Credit Practice Exercise 3: Analyze and Understand GPIO Control HERE
Non-Credit Practice Exercise 3 Solution: Analyze and Understand GPIO Control HERE
Non-Credit Practice Exercise 4: Patch GPIO Binary to Change LED Pin HERE
Non-Credit Practice Exercise 4 Solution: Patch GPIO Binary to Change LED Pin HERE
This chapter covers an introduction to variables as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging an introduction to variables as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking an introduction to variables as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers uninitialized variables as well as an intro to GPIO outputs as we blink an LED as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging uninitialized variables as well as an intro to GPIO outputs as we blink an LED as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking uninitialized variables as well as an intro to GPIO outputs as we blink an LED as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
Integers and Floats in Embedded Systems: Debugging and Hacking Integers and Floats w/ Intermediate GPIO Output Assembler Analysis
Week 5 Slides HERE
Week 5 Notebook HERE
Non-Credit Practice Exercise 1: Analyze the Float Binary in Ghidra HERE
Non-Credit Practice Exercise 1 Solution: Analyze the Float Binary in Ghidra HERE
Non-Credit Practice Exercise 2: Patch the Float Binary — Changing 42.5 to 99.0 HERE
Non-Credit Practice Exercise 2 Solution: Patch the Float Binary — Changing 42.5 to 99.0 HERE
Non-Credit Practice Exercise 3: Analyze the Double Binary in Ghidra HERE
Non-Credit Practice Exercise 3 Solution: Analyze the Double Binary in Ghidra HERE
Non-Credit Practice Exercise 4: Patch the Double Binary — Changing 42.52525 to 99.99 HERE
Non-Credit Practice Exercise 4 Solution: Patch the Double Binary — Changing 42.52525 to 99.99 HERE
This chapter covers the integer data type in addition to a deeper assembler dive into GPIO outputs as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging the integer data type in addition to a deeper assembler dive into GPIO outputs as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking the integer data type in addition to a deeper assembler dive into GPIO outputs as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers the floating-point data type as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging the floating-point data type as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking the floating-point data type as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers the double floating-point data type as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging the double floating-point data type as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking the double floating-point data type as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
Static Variables in Embedded Systems: Debugging and Hacking Static Variables w/ GPIO Input Basics
Week 6 Slides HERE
Week 6 Notebook HERE
Non-Credit Practice Exercise 1: Change the Static Variable Initial Value from 42 to 100 HERE
Non-Credit Practice Exercise 1 Solution: Change the Static Variable Initial Value from 42 to 100 HERE
Non-Credit Practice Exercise 2: Reverse Engineer gpio_set_pulls with GDB HERE
Non-Credit Practice Exercise 2 Solution: Reverse Engineer gpio_set_pulls with GDB HERE
Non-Credit Practice Exercise 3: Make the Overflow Happen Faster HERE
Non-Credit Practice Exercise 3 Solution: Make the Overflow Happen Faster HERE
Non-Credit Practice Exercise 4: Invert the Button Logic with XOR HERE
Non-Credit Practice Exercise 4 Solution: Invert the Button Logic with XOR HERE
This chapter covers static variables as well as an intro to GPIO inputs as we work with push buttons as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging static variables as well as an intro to GPIO inputs as we work with push buttons as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking static variables as well as an intro to GPIO inputs as we work with push buttons as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
Constants in Embedded Systems: Debugging and Hacking Constants w/ 1602 LCD I2C Basics
Week 7 Slides HERE
Week 7 Notebook HERE
Non-Credit Practice Exercise 1: Change Both LCD Lines HERE
Non-Credit Practice Exercise 1 Solution: Change Both LCD Lines HERE
Non-Credit Practice Exercise 2: Find All String Literals in the Binary HERE
Non-Credit Practice Exercise 2 Solution: Find All String Literals in the Binary HERE
Non-Credit Practice Exercise 3: Trace the I²C Struct Pointer Chain HERE
Non-Credit Practice Exercise 3 Solution: Trace the I²C Struct Pointer Chain HERE
Non-Credit Practice Exercise 4: Display Your Own Custom Message on the LCD HERE
Non-Credit Practice Exercise 4 Solution: Display Your Own Custom Message on the LCD HERE
This chapter covers constants as well as an intro to I2C as we work a 1602 LCD as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging constants as well as an intro to I2C as we work a 1602 LCD as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking constants as well as an intro to I2C as we work a 1602 LCD as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
Operators in Embedded Systems: Debugging and Hacking Operators w/ DHT11 Temperature & Humidity Sensor Single-Wire Protocol Basics
Week 9 Slides HERE
Week 9 Notebook HERE
Non-Credit Practice Exercise 1: Change the Sleep Duration HERE
Non-Credit Practice Exercise 1 Solution: Change the Sleep Duration HERE
Non-Credit Practice Exercise 2: Invert the Temperature Reading HERE
Non-Credit Practice Exercise 2 Solution: Invert the Temperature Reading HERE
Non-Credit Practice Exercise 3: Add a Fixed Temperature Offset HERE
Non-Credit Practice Exercise 3 Solution: Add a Fixed Temperature Offset HERE
Non-Credit Practice Exercise 4: Find All printf Format Strings HERE
Non-Credit Practice Exercise 4 Solution: Find All printf Format Strings HERE
This chapter covers operators as well as an intro to single-wire protocol as we work a DHT11 temperature and humidity sensor as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging operators as well as an intro to single-wire protocol as we work a DHT11 temperature and humidity sensor as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking operators as well as an intro to single-wire protocol as we work a DHT11 temperature and humidity sensor as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
Conditionals in Embedded Systems: Debugging and Hacking Static & Dynamic Conditionals w/ SG90 Servo Motor PWM Basics
Week 10 Slides HERE
Week 10 Notebook HERE
Non-Credit Practice Exercise 1: Change Servo Angle Range HERE
Non-Credit Practice Exercise 1 Solution: Change Servo Angle Range HERE
Non-Credit Practice Exercise 2: Add a Third Command HERE
Non-Credit Practice Exercise 2 Solution: Add a Third Command HERE
Non-Credit Practice Exercise 3: Reverse the Servo Direction HERE
Non-Credit Practice Exercise 3 Solution: Reverse the Servo Direction HERE
Non-Credit Practice Exercise 4: Speed Profile HERE
Non-Credit Practice Exercise 4 Solution: Speed Profile HERE
This chapter covers static conditionals as well as an intro to PWM as we work a SG90 servo motor as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging static conditionals as well as an intro to PWM as we work a SG90 servo motor as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking static conditionals as well as an intro to PWM as we work a SG90 servo motor as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers dynamic conditionals as well as additional PWM examples as we work a SG90 servo motor as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging dynamic conditionals as well as additional PWM examples as we work a SG90 servo motor as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking dynamic conditionals as well as additional PWM examples as we work a SG90 servo motor as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
Structures and Functions in Embedded Systems: Debugging and Hacking w/ IR Remote Control and NEC Protocol Basics
Week 11 Slides HERE
Week 11 Notebook HERE
Non-Credit Practice Exercise 1: Add a Fourth LED HERE
Non-Credit Practice Exercise 1 Solution: Add a Fourth LED HERE
Non-Credit Practice Exercise 2: Change Blink Count HERE
Non-Credit Practice Exercise 2 Solution: Change Blink Count HERE
Non-Credit Practice Exercise 3: Swap All Three LEDs HERE
Non-Credit Practice Exercise 3 Solution: Swap All Three LEDs HERE
Non-Credit Practice Exercise 4: Change Blink Speed HERE
Non-Credit Practice Exercise 4 Solution: Change Blink Speed HERE
This chapter covers structures as well as an intro to infrared basics as we work a infrared receiver and infrared remote controller as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging structures as well as an intro to infrared basics as we work a infrared receiver and infrared remote controller as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking structures as well as an intro to infrared basics as we work a infrared receiver and infrared remote controller as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers functions, w/ params and w/ a return value as well as additional infrared examples as we work a infrared receiver and infrared remote controller it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers debugging functions, w/ params and w/ a return value as well as additional infrared examples as we work a infrared receiver and infrared remote controller as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
This chapter covers hacking functions, w/ params and w/ a return value as it relates to embedded development on the Pico 2.
-> Click HERE to read the FREE pdf book.
Unknown Firmware Debugging and Hacking
Final Review – Embedded Debugging and Hacking Techniques w/ Advanced Firmware Analysis Q&A
In the aftermath of a catastrophic medical device failure, you are thrust into the role of an FDA forensic investigator facing an impossible crisis: 23 patients dead, 100 million recalled insulin pumps sitting in warehouses worldwide, and 2.3 million lives hanging in the balance all while the only evidence remaining is raw binary firmware after a rogue engineer destroyed every line of source code before fleeing to Montenegro. Armed only with GDB, Ghidra, and the reverse engineering skills honed over the first seven weeks of this course, you must excavate the truth from machine code, identify the lethal bugs spawned by an AI code generator called "OopsieGPT," and determine whether these devices can be salvaged to save millions in underserved communities or if $4.7 billion in humanitarian medical technology must be incinerated. This is not a simulation; this is triage at the intersection of embedded systems security and human survival.
Forty-two stories beneath frozen tundra, a shadow intelligence alliance called Dark Eyes operates centrifuges enriching weapons-grade material for a first strike against Washington, D.C. and Agent NIGHTINGALE gave her life to extract the single firmware file that now sits before you. Conventional warfare cannot reach this fortress buried beneath rock and concrete, but you can: as the architect of a precision cyber weapon in the tradition of Stuxnet, you must reverse engineer the RP2350-based centrifuge controller, craft binary patches that double the spin speed while falsifying every sensor readout to show nominal operation, and execute the sabotage that will cascade-destroy their enrichment program and set their nuclear ambitions back a decade. Every skill from the entire semester ARM assembly, Ghidra analysis, IEEE-754 floating-point manipulation, branch modification, log desynchronization converges in this final mission. Agent NIGHTINGALE's seven-year-old daughter still watches the driveway, waiting for a mother who will never return. Honor that sacrifice. Complete the mission. Do not fail.
Self-contained C driver libraries for the Raspberry Pi Pico 2 (RP2350). Each driver folder contains a thin demo (0xNN_name.c), a reusable library implementation (name.c), and a library header with full Doxygen docstrings (name.h).
| Driver | Description | Key Hardware |
|---|---|---|
| 0x01_uart | Raw UART transmit / receive | hardware_uart |
| 0x02_blink | GPIO output LED blink | pico_stdlib |
| 0x03_button | GPIO input with debounce | pico_stdlib |
| 0x04_pwm | PWM output with frequency & duty control | hardware_pwm, hardware_clocks |
| 0x05_servo | SG90 servo angle & pulse control | hardware_pwm, hardware_clocks |
| 0x06_adc | ADC voltage & on-chip temperature reading | hardware_adc |
| 0x07_i2c | I2C bus init, probe & scan | hardware_i2c |
| 0x08_lcd1602 | 1602 LCD over I2C (PCF8574 backpack) | hardware_i2c |
| 0x09_dht11 | DHT11 temperature & humidity (single-wire) | pico_stdlib |
| 0x0a_ir | IR remote NEC protocol decoder | pico_stdlib |
| 0x0b_spi | SPI bus init & bidirectional transfer | hardware_spi |
| 0x0c_multicore | Dual-core launch & FIFO messaging | pico_multicore |
| 0x0d_timer | Repeating timer callbacks | pico_stdlib |
| 0x0e_watchdog | Watchdog enable, feed & reboot detection | hardware_watchdog |
| 0x0f_flash | On-board flash erase, write & read | hardware_flash, hardware_sync |
Rust ports of the C drivers above using rp235x-hal. Each Rust driver folder contains a thin demo (main.rs) and a reusable library module (driver.rs) with full Rust doc comments.
| Driver | Description | Key Crates |
|---|---|---|
| 0x01_uart_rust | Raw UART transmit / receive | rp235x-hal, embedded-hal-nb |
| 0x02_blink_rust | GPIO output LED blink | rp235x-hal, embedded-hal |
Standalone RP2350 drivers written entirely in ARM or RISC-V assembler.
| Driver | Description | Architecture |
|---|---|---|
| RP2350_UART_Driver | Raw UART transmit / receive | ARM |
| RP2350_UART_Driver_RISCV | Raw UART transmit / receive | RISC-V |
| RP2350_Blink_Driver | GPIO output LED blink | ARM |
| RP2350_Blink_Driver_RISCV | GPIO output LED blink | RISC-V |
| RP2350_Button_Driver | GPIO input button | ARM |
| RP2350_Button_Driver_RISCV | GPIO input button | RISC-V |