Comment by jasomill

My favorite firmware update story is a time when I had to reflash firmware on an old IBM Fibre Channel/SCSI gateway because it had become corrupted and wouldn't boot.

Fortunately the first stage bootloader (which may have been in ROM) was intact, and had debugging commands that allowed reading and writing bytes of memory one at a time, and to jump to a specific memory address.

After using IDA to find the compressed firmware in the update blob and figure out how the update process worked, I was then able to use an expect script to use bootloader commands to slowly poke the firmware and the code that decompressed and copied the updated firmware to flash (extracted from the firmware itself after decompressing it with zlib) into RAM a byte at a time, then to jump to the uploaded code to finish the installation.

Worked like a charm, and enabled me to continue using the device for several years until I no longer had a use for it.