Reverse Engineering

Contents

Reverse Engineering
1. About
2. Basic firmware analysis
  1. binwalk

About

Sometimes, it's important to gain a look inside the software we're running on our devices. Open questions arise, that need to answered.

What's running inside the firmware?
What versions are running and is it still secure?

Basic firmware analysis

binwalk

Install binwalk and take a look at the firmware.

   1 apt install binwalk

Analyse the firmware file

   1 FIRMWARE="firmware.bin"
   2 binwalk "$FIRMWARE"
   3 
   4 DECIMAL       HEXADECIMAL     DESCRIPTION
   5 --------------------------------------------------------------------------------
   6 64            0x40            uImage header, header size: 64 bytes, header CRC: 0x92C43160, created: 2012-09-06 06:26:24, image size: 1179388 bytes, Data Address: 0x8000, Entry Point: 0x8000, data CRC: 0xDC27C3F1, OS: Linux, CPU: ARM, image type: OS Kernel Image, compression type: none, image name: "Linux-2.6.22.18"
   7 128           0x80            Linux kernel ARM boot executable zImage (little-endian)
   8 12632         0x3158          gzip compressed data, maximum compression, from Unix, last modified: 2012-09-06 06:26:23
   9 1179600       0x11FFD0        Squashfs filesystem, little endian, version 3.1, size: 4845587 bytes, 221 inodes, blocksize: 131072 bytes, created: 2012-09-06 06:30:14

Oh, a Squashfs
Extract everything from the firmware-binary

   1 binwalk -e "$FIRMWARE"
   2 ls -1
   3 firmware.hex
   4 _firmware.hex.extracted
   5 cd "$FIRMWARE".extracted
   6 ls -gG 
   7 insgesamt 7116
   8 -rw-r--r-- 1 4845587  6. Apr 11:28 11FFD0.squashfs
   9 -rw-r--r-- 1 2434060  6. Apr 11:28 3158
  10 drwxr-xr-x 1     100  2. Oct 2008  squashfs-root

The squashfs is extracted and may now be inspected.

Protocols

Technologies

Configurations

Services

Misc

Navigation

Reverse Engineering

About

Basic firmware analysis

binwalk