Firmware Reverse Engineering & Exploitation

334fdc2ee0009d5a075973b8de5e4f2c?s=47 Vaibhav Bedi
November 25, 2018

Firmware Reverse Engineering & Exploitation

What is Firmware
Analysis Firmware
How to get firmware from any device
Extracting Firmware
Firmware scanning Tool

334fdc2ee0009d5a075973b8de5e4f2c?s=128

Vaibhav Bedi

November 25, 2018
Tweet

Transcript

  1. @VaibhavXX95/NullHumla

  2. None
  3.  What is Firmware  Analysis Firmware  How to

    get firmware from any device  Extracting Firmware  Firmware scanning Tool
  4. • Binwalk • Attify OS • Firmware Analysis Toolkit •

    Fimware Scanning Tool • Qemu • Firmwalker
  5. Firmware is nothing but just a piece of code residing

    on the non-volatile section of the device to perform different tasks required for the functioning of the device. Components • Kernel • Boot loader • File System
  6. Most popular attack on IoT devices: • Mirai Botnet infects

  7. File system in the Embedded or IoT device can be

    of different types, depending on the manufacturer’s requirements and the device functionality. Each of the different file system types have their own unique signature headers which we will later use to identify the location where file system starts in the entire firmware binary. The common file systems which we typically encounter in IoT devices: 1. Squashfs 2. Cramfs 3. JFFS2 4. YAFFS2 5. ext2
  8. • Getting it online • Extracting from the device •

    Sniffing OTA • Reversing applications
  9. None
  10. Damn Vulnerable Router Firmware

  11. None
  12. None
  13. None
  14. None
  15. None
  16. None
  17. None
  18. None
  19. readelf –h bin/busybox

  20. Reference :https://idafchev.github.io/crypto/2017/04/13/crypto_part1.html

  21. None
  22. None
  23. • It’s used to access the device remotely. Example like

    baby monitor having telnet access enabled with a hard-coded password. • Now we have to find the word telenet in the entire firmware folder.
  24. None
  25. None
  26. None
  27. None
  28. None