
I'm having so much fun doing reverse engineering on the software side but today I think I have to step furthermore. In this post, I'm going to show you how to do firmware reverse engineering.
note: this is only a gentle introduction to this field, the purpose of this post is only based on curiosity
Pick a target:
for this post, I just pick a random firmware from google and I think this should be a pretty decent product to start with it.
I download it and we got some zip file
okay inside the zip file we have two files and as we can see the home file is a u-boot image that may contain the structure of the firmware whereas home_y18m is just plain data.
okay, let's do a binwalk to see what's inside the boot image.
hmmm, interesting so we have 2 part inside the boot image first is just a header that takes up first 64 bytes and second part is the actual filesystem which uses the JFFS filesystem
you can check the entropy of the file by using binwalk again just to see if the file is compressed or not.
let's do a quick check for the home_y18m file if it contains any interesting section.
well the binwalk cannot find anything so we are going to ignore this file
Okay let's try to extract the filesystem using dd command
cool we able to separate the filesystem from the boot image, but it's still in binary format so how do we able to extract filesystem?
luckily, there is already a tool that able to do the task for us:
link: https://github.com/sviehb/jefferson
awesome we are able to extract all the filesystem and put it into the cam_dir
hmmm looks like all of the binary inside the filesystem is using ARM instructions
ok, let's try to poke around the file inside the directory, just to get the overall knowledge on each binary.
notice there is a binary called crypt_file and by just doing string analysis we can see that the binary is using AES encryption.
that's all for the crypt_file since I'm not yet fluent reading the ARM instructions
using bash script I try to do string analysis more just to check if the firmware contains any default password. I try to execute it and didn't find anything interesting
Hope this helpful Enjoy :D
source:
https://www.youtube.com/watch?v=oqk3cU7ekag
Comments
Post a Comment