Hyrje
Firmware analysis is the starting point for any serious IoT security research and often involves getting the firmware off the device itself.
Teoria
Vendor download pages are the easiest source when updates are published. If not, the firmware can sometimes be pulled from an update server by capturing the device's network traffic. When neither works, physical extraction is next: finding the flash chip on the PCB, connecting to its SPI or I2C pins with a clip like the SOIC-8, and reading it with a cheap programmer like the CH341A. UART and JTAG headers, often left on dev boards, give shell access or debug interfaces.
Once you have the binary, tools like binwalk scan it for embedded filesystems (SquashFS, CramFS, JFFS2) and extract them into readable directories. From there you get the device's scripts, config files, default credentials, web UI assets and binaries. Strings, file and checksec on the binaries reveal the build environment, architecture (usually ARM or MIPS), and whether mitigations like ASLR and NX are enabled. Most low-end IoT firmware has none of them, making exploitation straightforward once a vulnerability is found.
The emulation step is optional but powerful: tools like qemu-system and FirmAE spin up the extracted filesystem in an emulator so you can interact with the web UI, hit endpoints with curl, and trigger code without a physical device. This lets you fuzz at scale and find issues like command injection in CGI scripts and authentication bypasses in login handlers.
Mjetet
Mjete:
- binwalk, firmware-mod-kit.
- FACT (Fraunhofer Firmware Analysis Tool).
- Hardware: Bus Pirate, Shikra, CH341A (flash dumpers).
Praktika
Ekstraktim i filesystem nga një firmware:
binwalk firmware.bin
binwalk -e firmware.bin
file _firmware.bin.extracted/*
# Ekstraktim SquashFS
unsquashfs _firmware.bin.extracted/root.squashfs Ushtrime
- Shkarko firmware-in e një routeri open-source (p.sh. OpenWrt) dhe ekstrakto root filesystem.
- Gjej fjalëkalime të hardkoduar me
grep -r root: etc/shadow.
Burime
- Jasper van Woudenberg — "The Hardware Hacking Handbook".
- FACT GitHub.
Vlerësimet dhe komentet
Kyçu për të lënë një vlerësim.
Ende pa komente. Bëhu i pari!
Diskutime
Ende pa diskutime. Hap një temë të re