Null mumbai-reversing-IoT-firmware
-
Upload
nitesh-malviya -
Category
Technology
-
view
41 -
download
0
Transcript of Null mumbai-reversing-IoT-firmware
![Page 1: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/1.jpg)
Introduction to IOT and Firmware Reversing
![Page 2: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/2.jpg)
WhoAmI• Security Consultant with Payatu Technologies
• Experience in Web Pentesting, VAPT and Mobile Appsec (Android Only) and currently learning IOT.
• Twitter Handle – nitmalviya03
• Blog - https://nitmalviya03.wordpress.com/
![Page 3: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/3.jpg)
Topics to be covered• Introduction to IOT• IOT Applications• Protocols in IOT system• Components Involved• IOT security• Firmware Extraction and Reversing• Topics for future session• Automated Framework
![Page 4: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/4.jpg)
What is IoT ??• The internet of things (IoT) is the network of physical devices,
vehicles, buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data(Wikipedia)
• Internet of things increases the connectedness of people and things on a scale that once was unimaginable.
![Page 5: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/5.jpg)
Devices like…• Networking devices(routers, firewalls, IDS) • Set-top boxes• Medical devices(Health monitors)• Mobile phones. • Home security systems • Vehicles, in-flight entertainment. • Thermostats, metering systems, consumer electronics Displays
![Page 6: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/6.jpg)
Various Names, One Concept• M2M (Machine to Machine)
• “Internet of Everything” (Cisco Systems)
• “World Size Web” (Bruce Schneier)
• “Skynet” (Terminator movie)
Education – Partnership – Solutions
Information SecurityOffice of Budget and Finance
![Page 7: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/7.jpg)
Where is IoT? Education – Partnership – Solutions
Information SecurityOffice of Budget and Finance
It’s everywhere!
![Page 8: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/8.jpg)
Education – Partnership – Solutions
Information SecurityOffice of Budget and Finance
![Page 9: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/9.jpg)
The IoT Protocols• Various protocols used are –
HTTP WebSocket XMPP – Extensible Messaging and Presence Protocol CoAP – Constrained Application Protocol MQTT - Message Queue Telemetry Transport AMQP – Advanced Message Queuing Protocol
![Page 10: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/10.jpg)
![Page 11: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/11.jpg)
Why be concerned about IoT?
• It’s just another computer, right?
• All of the same issues we have with
access control, vulnerability
management, patching, monitoring, etc.
• Imagine your network with 1,000,000
more devices
• Any compromised device is a foothold on
the network
![Page 12: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/12.jpg)
Attacking IoT Devices• Default, weak, and hardcoded credentials• Difficult to update firmware and OS• Lack of vendor support for repairing vulnerabilities• Vulnerable web interfaces (SQL injection, XSS)• Coding errors (buffer overflow)• Clear text protocols and unnecessary open ports• DoS / DDoS• Physical theft and tampering
Education – Partnership – Solutions
![Page 13: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/13.jpg)
What we going to discuss
Firmware Reversing
![Page 14: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/14.jpg)
What is Firmware• Ascher Opler coined the term "firmware" in 1967.
• Firmware is data that is stored on a computer or other hardware device's read-only memory that provides instruction on how that device should operate.
• Unlike normal software, firmware cannot be changed or deleted by an without the aid of special programs and remains on that device whether or not it's on or off.
![Page 15: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/15.jpg)
Firmware Extraction• Firmware Extraction - Process of extracting firmware from the embedded device
• Method – Embedded Device Firmware Extraction via hardware Interfaces Hex File Conversion to Bin File Bin File Extraction
NOTE - We will be learning bin file extraction and not hardware extraction part.
![Page 16: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/16.jpg)
![Page 17: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/17.jpg)
Tools of the trade• Binwalk (will be using this)• Firmwalk• Firmware Modification Kit• Firmdyne• ERESI Framework• FRAK – Firmware Reverse Analysis Konsole
![Page 18: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/18.jpg)
What to do ?• Get the firmware• Reconnaisannce• Unpack• Localize point of interest• Pentest
![Page 19: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/19.jpg)
Any vulnerable bin file for analysis/pentest ??
• DVRF - Damn Vulnerable Router Firmware
• Get it here - https://github.com/praetorian-inc/DVRF
• For our demo will use dlink firmware -DIR412A1_FW114WWb02.bin
• Link - http://www.filewatcher.com/m/DIR412A1_FW114WWb02.bin.3534983-0.html
![Page 20: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/20.jpg)
DEMO TIME
![Page 21: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/21.jpg)
Any website for automated binary analysis ??
• Upload your binary file here - http://firmware.re/
• Many times it does not work. Thus, not much reliable.
![Page 22: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/22.jpg)
What needs to be covered/learn….• QEMU – Emulator for running binaries based on MIPS/ARM
architecture.
• Reversing binaries using IDA pro (Useful in login bypass and key extraction)
• IOT components and its functionalities in depth.
• IOT protocols
![Page 23: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/23.jpg)
• OWASP IOT TOP 10
• Various file systems used in IOT devices.
• Firmware extraction using Hardware Interfaces (UART,JTAG,I2C etc)
• Firmware Reversing tools apart from binwalk.
• Common Processor Architectures
![Page 24: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/24.jpg)
• Types of memory in embedded devices.
• Types of storage.
• Common Operating systems used in embedded devices.
• Various Bootloaders.
• Common libraries....
![Page 25: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/25.jpg)
And last but not the least ……a final and small demo on….
![Page 26: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/26.jpg)
Is there any automated Framework??• Like metasploit we have routersploit
• Get it here - https://github.com/reverse-shell/routersploit
• Just run rsf.py and enjoy!!!
• A very Small Demo
![Page 27: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/27.jpg)
Thank You
![Page 28: Null mumbai-reversing-IoT-firmware](https://reader036.fdocuments.net/reader036/viewer/2022062316/58ea4d231a28abc4698b60c1/html5/thumbnails/28.jpg)
References
• http://www.devttys0.com/
• https://www.coursera.org/
• http://resources.infosecinstitute.com/