Like the Raspberry π SoC is based on a television tuner box. The vast majority of the die is related to the TV tuner functions that are completely undocumented. What techniques exist to explore undocumented physical hardware? Are we limited to reverse engineering code to find when and how these undocumented areas are used, or are there other fuzzing type techniques to find relationships between memory, flags, and potential byte instructions?
This is an abstract thought and generalization that potentially patches a hole in my understanding. There is no broader purpose in asking.
Hunting and pecking work. Also trying to do research on the actual chips on the hardware helps quite a bit.
In the case they put black blobs on their chips or rub everything off, you can go with throwing an oscilloscope and checking the readings coming in and out of the device. Ive had to do that a couple of times to make a “spec” out of chips that no longer have documentation.
Here is a great example: https://bookmanarchive.com/
https://bookmanarchive.com/reverse-engineering
They do over the teardowns: https://bookmanarchive.com/reveng/teardowns/440/DBD-440.0.jpg its pretty neat!
Sometimes you get lucky and the company doesnt give a Fuck like wallmart and the kobos and the entire thing is the cheapest open source linux distro with next to open source hardware (because they couldnt be bothered). Example: https://www.linux-magazine.com/Online/Features/Basic-Hacks-for-Kobo-E-Readers Love my kobo.