Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 21

Firmware Extraction & Fuzzing - Jatan Raval

2

Share

The Firmware extraction and fuzzing workshop will cover the ways of extracting the firmware from the IoT devices and set up the dynamic fuzzer in the emulated firmware to find the bugs.

https://nsconclave.net-square.com/firmware-extraction-and-fuzzing.html

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Firmware Extraction & Fuzzing - Jatan Raval

  1. 1. Firmware Extraction & Fuzzing Jatan Raval
  2. 2. INTRODUCTION In this workshop you will learn the different ways of extracting the firmware and analysing the firmware. We will also cover the basic concepts of remote and guided fuzzing.
  3. 3. My #firmware details ● Jatan K Raval ● Trainer ● M.Tech. in Cyber Security & Incident Response, GFSU. ● OSCP, OSCE ● Twitter: @jatankraval
  4. 4. WHY DO WE NEED FIRMWARE? Firmware is a core part which provide integral functions for the hardware. It reveals the device architecture and the process to access the hardware
  5. 5. WHY DO WE ANALYZE THE FIRMWARE? VULNERABILITIES SENSITIVE INFORMATION QEMU SHELL
  6. 6. Firmware Extraction ● Serial Console ● Bin file dump ● SSH & Telnet
  7. 7. SERIAL CONSOLE ● Identify the debug pins: Tx, Rx ● Usually the serial console pins are left for the debug purpose. ● It is used to catch the boot process and shell.
  8. 8. SERIAL CONSOLE
  9. 9. BIN FILE DUMP ● Dump the bin file from EEPROM ● Tools: ○ HARDSPLOIT ○ RASPBERRY PI ○ Programmer
  10. 10. BIN FILE DUMP ● Identify the EEPROM model. ● Connect the pins or desolder the EEPROM ● Put it in the programmer and read the chip content.
  11. 11. BIN FILE DUMP
  12. 12. BIN FILE DUMP
  13. 13. BIN FILE DUMP: Raspberry Pi
  14. 14. BIN FILE DUMP: Programmer ● Here we will extract the firmware of the IP Camera. ● Untie the screws and open the backpanel
  15. 15. BIN FILE DUMP: Programmer ● Open the back panel and identify the UART pins. ● Identify the EEPROM details
  16. 16. BIN FILE DUMP: Programmer ● Identify the EEPROM details and check the programer support.
  17. 17. BIN FILE DUMP: Programmer ● Connect SOIC8 Clip to the EEPROM. ● Download the datasheet of the EEPROM.
  18. 18. BIN FILE DUMP: Programmer ● Connect the pins to the programmer and select the EEPROM version family in prgrammer.
  19. 19. BIN FILE DUMP: Programmer ● Dump the EEPROM content in a bin file.
  20. 20. BIN FILE DUMP: Programmer ● Different programmers are also available which can read the EEPROM content.
  21. 21. SSH & Telnet ● Enable the web console from the admin panel. ● Connect to the admin panel using the telnet. ● The SSH service is also enabled on some IoT devices.

×