Firmware Analysis

Last modified: 2023-07-19

IoT Reverse Engineering

Static Analysis

The following tools are useful for static analysis.

Firmwalker
firmware-mod-kit

file ./firmware

binwalk ./firmware
# -M: Matryosika (recursively) scan extracted files
# -r: Delete carved files after extracting
# -e: Extract known file types
binwalk -Mre ./firmware
# -E: Calculate file entropy
# -N: Do not generate an entropy plot graph
binwalk -EN ./firmware

# firmware-mod-kit
./extract-firmware.sh ./firmware

Dynamic Analysis

gdb ./firmware
rizin ./firmware

Using FIRMADYNE

FIRMADYNE is a platform for emulation and dynamic analysis of Linux-based firmware.

# Analyze and emulate the system
./fat.py example.squashfs

The analysis will start.
Copy the ip address in the output as below.

Network interfaces: [('brtrunk', '192.168.0.100')]

In local machine, port forward using the ip.

ssh -L 8081:192.168.0.100:80 remote-user@<remote-ip>

Now we can access to http://127.0.0.1:8081/

Exploits related to Hardware

Others

Firmware Analysis

Static Analysis

Dynamic Analysis

Using FIRMADYNE

Tools by HDKS