reverse engineering – Tool for restoring firmware image from dumps taken from broken eMMC

Description of the problem:

I have a 4GB eMMC chip that is “broken” which causes the device (TV) to not boot.
After soldering this chip to an adapter I am able to dump it.
When comparing the dumps, I can see that there are many differences between the dumps. Some portions are completely identical though.
My hope is to use some tool to compare all of the dumps (however many I might need) and restore an image of the original firmware. This is based on my assumption that statistically (over many runs) every bit would be read correctly and would thus allow me to piece together a complete and correct image.

Is there a tool for a task like this?

I imagine that it wouldn’t be too hard to write a basic python script to do this task but maybe there is already a pre-made tool.

Also, are there good tools to visualize differences is large binary files?

More info on the eMMC: it’s a H26M31003GMR
My guess as to why it broke is that the firmware is poorly written and too much data get’s written to the eMMC causing it to fail eventually.

Here’s an example of the data:

Difference example

  • First dump byte: 11000000
  • Second dump byte: 10000000
  • Difference: 1 Bit

eMMC connected via SD interface

design – Is Pressman’s Software Engineering book relevant today?

I am teaching Software Engineering for quite some time. And Pressmans’s book is considered as the bible of Software Engineering.

However, I hate this book as it is full of stories.

  1. It mixes SSAD and OOAD without distinguishing them.
  2. He invents his own methods (of course referring to various papers)
  3. The example used throughout the book is good for nothing (Safe Home)
  4. He confuses with Web development and OOAD (trying to put web development as a part of OOAD).

And many more. I guess nothing is relevant for today’s software development process.

Suggestions and opinions are welcome.

Python loading file – Software Engineering Stack Exchange

I am getting error in line with open(files,’r’) but its not opening Book1 file but its reading book file vertically as below can someone help me. Instead it has read records as below which is in the file

('123', 'Apple')
('345', 'Orange')

we are here and the file is Book1_20210124.csv. 
('o')
('o')
('k')
('1')
('_')
         
```
    import cx_Oracle
    import csv
    import os
    import fnmatch2
    con = cx_Oracle.connect('username/password@qdborarac-scan:1521/d1.legacy.adhoc')
    cur = con.cursor()
    file_name = 'Book1_*.csv'
    for files in os.listdir('.'):
     #print(files)
    if fnmatch2.fnmatch2(files, file_name):
    print("we are here and the file is", files)
     with open(files, "r"):
     csv_reader = csv.reader(files, delimiter=',')
     next(csv_reader)
     for row in csv_reader:
     print(row)
     for lines in csv_reader:
    cur.execute("insert into test_data (patient_id,patient_name) 
     values (:1, :2)", (lines(0), lines(1)))
    cur.close()
    con.commit() 
    con.close()

Idiomatic Golang Unit Testing – Software Engineering Stack Exchange

Currently I have some code which is structured like this:

type Service struct {
    // some dependencies
}

func (s *Service) FindStuff(ctx Context) { // this signature cannot be changed
    // some logic...
    isNew := s.isNewUser(ctx)
    if isNew {
        // call new flow
    } else {
        // call old flow
    }
}

func (s *Service) isNewUser(ctx Context) bool {
    value := apiGet("some-endpoint")
    // some logic...
    for {
        for {
            if  { return true }
            if  { return false }
            if  { return false }
        }
    }
    return true
}
  • The existing unit tests call FindStuff which calls isNewUser, the call apiGet("some-endpoint") is mocked.
  • The isNewUser method is used by multiple methods on the Service class.

In a Java world you could create a new class which has a method isNewUser you could then pass a mock object of that class as a dependency to Service and mock the call to isNewUser to return either true of false and allowing everything to be tested in isolation.

What is the most idiomatic Go way of testing this?

User-centric / Permission-based API-Design – Software Engineering Stack Exchange

I’m currently researching on how a user-centric/permission-based api could be designed. I have a few ideas but they all have their pros and cons, so i’m seeking for advice + wondering whether there are other solutions for this problem.

The backend will provide a JSON-Api and a matching webapp/android/iosapp will be built.

Given the system acts as a marketplace for cats.

  • Users can sign up to see the cats which are currently availabe.
  • Users can also acquire subscriptions to unlock additional features.
    • E.g A user pays X$ per month and thus gains the ability to favorize cats and also see a list of their favorized cats.

How could the api look like?

Solution 1

  • GET /cats will simply return a list of cats as ({"id":1, "name":"Nala", "breed":"Siam"})
  • POST /user/favorites/1 will favorize the cat with id 1
  • Thus GET /user/favorites will return all favorized cats of the user
  • And HEAD /user/favorites/1 can be used to see whether cat with id 1 is favorized
    • this endpoint is required because simply comparing the cats of /cats with the cats of user/favorites does not work anymore when stuff like pageablility comes into play.

In my opinion this solution is pretty clean. The endpoint for cats is separated from the user-specific data e.g the favorite list. In this solution the subscription of a user can easily be integrated by simply providing separate permissions for every unlockable feature and securing the different endpoints. A user with a running subscription for the favorize-feature will be allowed to call /user/favorites and another user without a running subscription can not (Http-Code 403 will be returned).
The cat-list will show a card for each cat so it would be nice to display a favorite-icon here. In order to display the simple list of cats 21 requests will be made if there are 20 cats present (1 request to get the 20 cats and 20 requests to check whether each of the cats are favorized by the user or not). The problem scales with every feature that is separately unlockable.

Solution 2

Solution 2 aims to reduce the previously described problem by forging more sophisticated responses.

  • GET /cats will return a list of cats, where every cat will already contain a “favorized” property ({"id":1, "name":"Nala", "breed":"Siam", "favorized": true})
  • POST POST /cats/1/favorize` will favorize the cat with id 1
  • Thus GET /cats?favorized=true will return all favorized cats of the user

In this case the HEAD /user/favorites/1 is redundant because the information whether the user has favorized a cat will already be passed inside a cat of GET /cats. So as intended this solution reduces the api-calls but requires more work on the server side since we have to get the list of all cats available and set the favorized property on all the cats internally by checking which cats are favorized by the user.
However we will always have to change the api by adding a new property for every newly added unlockable feature and thus the work the server has to do will also increase.
Also: given there are 5 unlockable features but a basic user without any subscription requests the cat list we will either remove the feature-properties or set them to null.

Résumé

Both solutions do not satisfy me very well. I either have to accept frequent api-calls or build a pretty daunting data-loading logic.

  • Are there possible other solutions?
  • What pros/cons can a more experienced engineer think of?
  • Which solution is more approachble, maintainable?

And while learning a about DDD, it feels like the subscriptions/permissions are more than just “securing an endpoint” but comply to / are part of actual business requirements.

Visual Studio Code Reinstall – Software Engineering Stack Exchange

I already have Visual Studio Code installed but I need to build an application using C++.

According to Microsoft’s website i should run the installer again and checkbox Desktop development with C++ workload.

But I do not remember my original settings which i had checked when I installed it the first time.

I have downloaded the community version installer. What should I do next?

object oriented – Software-design for algorithm engineering

I’m currently working on an program that solves a graph optimization problem.
I know the “standard” software-design principles like information hiding, modularization, etc. What I’m struggling with here is that I feel like this use case rules out most of them as not applicable.

For example, I constantly have to use the same ~5 lists, stacks and sets for the algorithm, so it doesn’t make sense to pass them as an argument to every function redundantly. My current solution is that I just keep those in global scope.

Also what isn’t clear to me is how to use OOP in this case. I abstracted some datastructures I had to come up with into their own class, but many other things don’t appear to make a useful class.

My questions are the following:

  • What is the kind of programming called that basically just implements one algorithm? Optimization programming?
  • Is there any literature regarding how to structure such programs?

documentation – What is the Software Engineering equivalent of a traditional Engineering Change Order (ECO)?

There is no best practice here. The important part is that you communicate the change.

How you communicate; how you track who needs to be communicated with — these are all subjective and specific to the needs of your application, code library or enterprise. This is actually quite a complex process. It could involve something as simple as an e-mail list. It could be as complex as a clone of development ecosystems like GitHub. This is why solutions like GitHub, Azure DevOps, Jira, Rational Team Concert (along with many other products) were built. They bundle together version control, access rights, software build and deployment tools, an online publishing mechanism along with the potential for mass, automated communication.

On a more technical note, Semantic Versioning at least prescribes a way to decide when something is a breaking change, and how to communicate that change using software version numbers. It does not address how to communicate that change to a specific audience, or how you track who needs to be communicated with.

Questions about software versioning – Software Engineering Stack Exchange

Versioning is highly opinionated. There aren’t that many standards, but there are some conventions. For public APIs (such as web APIs or those provided in libraries), Semantic Versioning is a common convention and there are tools to enforce it. However, not all projects take advantage of it and it doesn’t give much help to application developers.

How should be the version of a software released for the first time?

It depends on your application.

In Semantic Versioning, anything that starts with a 0 is to be considered unstable. Your unstable early releases, if you choose to make those public, would be of the format 0.x.y. Once your API stabilized, you would release 1.0.0 and proceed from there. However, as I mentioned earlier, Semantic Versioning only helps with libraries. You can try to model your versioning on this scheme, but I’m not aware of any documented conventions.

Technically, you don’t need three (or four) point version numbers. You could use the date of build or release, random names, a single version number, or perhaps no version number at all. The Wikipedia article on software versioning gives several examples.

Some kind of consistency, or changing the versioning at a logical point in time, is important. Having something in your README about the level of development and maintenance would be a good idea. I would expect anyone using the software in a professional capacity to do their due diligence and assess the quality of third-party software that the use to support their development.

In case of an independent developer what length is recommended?

This is less of a concern about who is doing the development, but what type of software development is being done. API versus application is one way to think about development. Self-hosted versus SaaS for applications is another consideration. Thinking about the thing that you are versioning and what needs to be communicated to stakeholders is a good way to approach choosing a versioning scheme.