NSConclave, profile picture
Uploaded byNSConclave
1,162 views

Firmware Extraction & Fuzzing - Jatan Raval

The workshop covers methods for firmware extraction and analysis, emphasizing the importance of firmware in understanding hardware architecture and vulnerabilities. Techniques discussed include using serial consoles, bin file dumps, and accessing devices via SSH and telnet. The session provides practical guidance on extracting firmware from devices such as IP cameras and working with EEPROMs.

Embed presentation

Firmware Extraction & Fuzzing Jatan Raval
INTRODUCTION In this workshop you will learn the different ways of extracting the firmware and analysing the firmware. We will also cover the basic concepts of remote and guided fuzzing.
My #firmware details ● Jatan K Raval ● Trainer ● M.Tech. in Cyber Security & Incident Response, GFSU. ● OSCP, OSCE ● Twitter: @jatankraval
WHY DO WE NEED FIRMWARE? Firmware is a core part which provide integral functions for the hardware. It reveals the device architecture and the process to access the hardware
WHY DO WE ANALYZE THE FIRMWARE? VULNERABILITIES SENSITIVE INFORMATION QEMU SHELL
Firmware Extraction ● Serial Console ● Bin file dump ● SSH & Telnet
SERIAL CONSOLE ● Identify the debug pins: Tx, Rx ● Usually the serial console pins are left for the debug purpose. ● It is used to catch the boot process and shell.
SERIAL CONSOLE
BIN FILE DUMP ● Dump the bin file from EEPROM ● Tools: ○ HARDSPLOIT ○ RASPBERRY PI ○ Programmer
BIN FILE DUMP ● Identify the EEPROM model. ● Connect the pins or desolder the EEPROM ● Put it in the programmer and read the chip content.
BIN FILE DUMP
BIN FILE DUMP
BIN FILE DUMP: Raspberry Pi
BIN FILE DUMP: Programmer ● Here we will extract the firmware of the IP Camera. ● Untie the screws and open the backpanel
BIN FILE DUMP: Programmer ● Open the back panel and identify the UART pins. ● Identify the EEPROM details
BIN FILE DUMP: Programmer ● Identify the EEPROM details and check the programer support.
BIN FILE DUMP: Programmer ● Connect SOIC8 Clip to the EEPROM. ● Download the datasheet of the EEPROM.
BIN FILE DUMP: Programmer ● Connect the pins to the programmer and select the EEPROM version family in prgrammer.
BIN FILE DUMP: Programmer ● Dump the EEPROM content in a bin file.
BIN FILE DUMP: Programmer ● Different programmers are also available which can read the EEPROM content.
SSH & Telnet ● Enable the web console from the admin panel. ● Connect to the admin panel using the telnet. ● The SSH service is also enabled on some IoT devices.

More Related Content

PPTX
Secure coding practices
byMohammed Danish Amber
 
PPTX
OWASP TOP 10 VULNERABILITIS
byNull Bhubaneswar
 
PPT
Pentesting Using Burp Suite
byjasonhaddix
 
PDF
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
byShakacon
 
ODP
OWASP Secure Coding
bybilcorry
 
PPTX
XG Firewall
byDeServ - Tecnologia e Servços
 
PDF
Talking About SSRF,CRLF
byn|u - The Open Security Community
 
PPT
Ethical Hacking Powerpoint
byRen Tuazon
 
Secure coding practices
byMohammed Danish Amber
 
OWASP TOP 10 VULNERABILITIS
byNull Bhubaneswar
 
Pentesting Using Burp Suite
byjasonhaddix
 
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
byShakacon
 
OWASP Secure Coding
bybilcorry
 
XG Firewall
byDeServ - Tecnologia e Servços
 
Talking About SSRF,CRLF
byn|u - The Open Security Community
 
Ethical Hacking Powerpoint
byRen Tuazon
 

What's hot

PDF
Breach and attack simulation tools
byBangladesh Network Operators Group
 
PPTX
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
PDF
Cyber Security Extortion: Defending Against Digital Shakedowns
byCrowdStrike
 
PDF
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
byMITRE - ATT&CKcon
 
PPTX
Web Hacking With Burp Suite 101
byZack Meyers
 
PDF
Secure Coding principles by example: Build Security In from the start - Carlo...
byCodemotion
 
PDF
Burp suite
byhamdi_sevben
 
PPTX
Ethical Hacking
byNamrata Raiyani
 
PDF
Secure Code Review 101
byNarudom Roongsiriwong, CISSP
 
PPTX
Tor the onion router
byAshly Liza
 
PDF
Sophos XG Firewall
byDeServ - Tecnologia e Servços
 
PPTX
VAPT PRESENTATION full.pptx
byDARSHANBHAVSAR14
 
PPTX
Cross Site Scripting ( XSS)
byAmit Tyagi
 
PPT
Computer Worms
bysadique_ghitm
 
PPTX
Microsoft Security Development Lifecycle
byRazi Rais
 
PPT
Web Application Security Testing
byMarco Morana
 
PDF
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
PPTX
Malware
byAnoushka Srivastava
 
PPTX
Metasploit
byLalith Sai
 
PPTX
PowerShell for Practical Purple Teaming
byNikhil Mittal
 
Breach and attack simulation tools
byBangladesh Network Operators Group
 
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
Cyber Security Extortion: Defending Against Digital Shakedowns
byCrowdStrike
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
byMITRE - ATT&CKcon
 
Web Hacking With Burp Suite 101
byZack Meyers
 
Secure Coding principles by example: Build Security In from the start - Carlo...
byCodemotion
 
Burp suite
byhamdi_sevben
 
Ethical Hacking
byNamrata Raiyani
 
Secure Code Review 101
byNarudom Roongsiriwong, CISSP
 
Tor the onion router
byAshly Liza
 
Sophos XG Firewall
byDeServ - Tecnologia e Servços
 
VAPT PRESENTATION full.pptx
byDARSHANBHAVSAR14
 
Cross Site Scripting ( XSS)
byAmit Tyagi
 
Computer Worms
bysadique_ghitm
 
Microsoft Security Development Lifecycle
byRazi Rais
 
Web Application Security Testing
byMarco Morana
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
Malware
byAnoushka Srivastava
 
Metasploit
byLalith Sai
 
PowerShell for Practical Purple Teaming
byNikhil Mittal
 

Similar to Firmware Extraction & Fuzzing - Jatan Raval

PDF
Beginners guide on how to start exploring IoT 2nd session
byveerababu penugonda(Mr-IoT)
 
PPTX
Firmware Reverse Engineering
bySatria Ady Pradana
 
PDF
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
byYogesh Ojha
 
PDF
Firmadyne
byRedhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
 
PDF
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
byFelipe Prado
 
PPTX
Firmware analysis 101
byveerababu penugonda(Mr-IoT)
 
PDF
Valerio Di Giampietro - Introduction To IoT Reverse Engineering with an examp...
bylinuxlab_conf
 
PDF
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
bySaumil Shah
 
PPTX
M5-1.pptx m5 document for 18 ec751 students of engineering
by4SF20CS057LESTONREGO
 
PPTX
Steelcon 2015 - 0wning the internet of trash
byinfodox
 
PDF
DEF CON 27 - PHILIPPE LAULHERET - introduction to hardware hacking extended v...
byFelipe Prado
 
PPTX
Null mumbai-reversing-IoT-firmware
byNitesh Malviya
 
PPTX
Making and breaking security in embedded devices
byYashin Mehaboobe
 
PDF
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded ...
byPriyanka Aash
 
PDF
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
byMarco Balduzzi
 
PPT
Attacking Embedded Devices (No Axe Required)
bySecurity Weekly
 
PDF
Open Source Firmware - FrOSCon 2019
byDaniel Maslowski
 
PDF
44CON London 2015 - Is there an EFI monster inside your apple?
by44CON
 
PDF
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
byDefconRussia
 
PPTX
Group-6-ini.pptxjeejjejejejejjejeejjebee
byernestbarbasa
 
Beginners guide on how to start exploring IoT 2nd session
byveerababu penugonda(Mr-IoT)
 
Firmware Reverse Engineering
bySatria Ady Pradana
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
byYogesh Ojha
 
Firmadyne
byRedhung @ Nationtal Chung Cheng University, Chiayi, Taiwan.
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
byFelipe Prado
 
Firmware analysis 101
byveerababu penugonda(Mr-IoT)
 
Valerio Di Giampietro - Introduction To IoT Reverse Engineering with an examp...
bylinuxlab_conf
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
bySaumil Shah
 
M5-1.pptx m5 document for 18 ec751 students of engineering
by4SF20CS057LESTONREGO
 
Steelcon 2015 - 0wning the internet of trash
byinfodox
 
DEF CON 27 - PHILIPPE LAULHERET - introduction to hardware hacking extended v...
byFelipe Prado
 
Null mumbai-reversing-IoT-firmware
byNitesh Malviya
 
Making and breaking security in embedded devices
byYashin Mehaboobe
 
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded ...
byPriyanka Aash
 
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
byMarco Balduzzi
 
Attacking Embedded Devices (No Axe Required)
bySecurity Weekly
 
Open Source Firmware - FrOSCon 2019
byDaniel Maslowski
 
44CON London 2015 - Is there an EFI monster inside your apple?
by44CON
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
byDefconRussia
 
Group-6-ini.pptxjeejjejejejejjejeejjebee
byernestbarbasa
 

More from NSConclave

PDF
RED-TEAM_Conclave
byNSConclave
 
PPTX
Create a Custom Plugin in Burp Suite using the Extension
byNSConclave
 
PPTX
IOT SECURITY ASSESSMENT Pentester's Approach
byNSConclave
 
PPTX
Debugging Android Native Library
byNSConclave
 
PPTX
Burp Suite Extension Development
byNSConclave
 
PDF
Log Analysis
byNSConclave
 
PDF
Regular Expression Injection
byNSConclave
 
PDF
HTML5 Messaging (Post Message)
byNSConclave
 
PDF
Node.js Deserialization
byNSConclave
 
PDF
RIA Cross Domain Policy
byNSConclave
 
PDF
LDAP Injection
byNSConclave
 
PDF
Python Deserialization Attacks
byNSConclave
 
PDF
Sandboxing
byNSConclave
 
PDF
NoSql Injection
byNSConclave
 
PDF
Thick Client Testing Advanced
byNSConclave
 
PDF
Thick Client Testing Basics
byNSConclave
 
PDF
Markdown
byNSConclave
 
PDF
Docker 101
byNSConclave
 
PDF
Security Architecture Consulting - Hiren Shah
byNSConclave
 
PDF
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 
RED-TEAM_Conclave
byNSConclave
 
Create a Custom Plugin in Burp Suite using the Extension
byNSConclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
byNSConclave
 
Debugging Android Native Library
byNSConclave
 
Burp Suite Extension Development
byNSConclave
 
Log Analysis
byNSConclave
 
Regular Expression Injection
byNSConclave
 
HTML5 Messaging (Post Message)
byNSConclave
 
Node.js Deserialization
byNSConclave
 
RIA Cross Domain Policy
byNSConclave
 
LDAP Injection
byNSConclave
 
Python Deserialization Attacks
byNSConclave
 
Sandboxing
byNSConclave
 
NoSql Injection
byNSConclave
 
Thick Client Testing Advanced
byNSConclave
 
Thick Client Testing Basics
byNSConclave
 
Markdown
byNSConclave
 
Docker 101
byNSConclave
 
Security Architecture Consulting - Hiren Shah
byNSConclave
 
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 

Recently uploaded

PDF
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
PPTX
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
PDF
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
PDF
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
PDF
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PDF
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
PDF
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
PDF
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
PDF
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
NTG - Data Center Management System Software
byMustafa Kuğu
 
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 

Firmware Extraction & Fuzzing - Jatan Raval

  • 1.
  • 2.
    INTRODUCTION In this workshopyou will learn the different ways of extracting the firmware and analysing the firmware. We will also cover the basic concepts of remote and guided fuzzing.
  • 3.
    My #firmware details ●Jatan K Raval ● Trainer ● M.Tech. in Cyber Security & Incident Response, GFSU. ● OSCP, OSCE ● Twitter: @jatankraval
  • 4.
    WHY DO WENEED FIRMWARE? Firmware is a core part which provide integral functions for the hardware. It reveals the device architecture and the process to access the hardware
  • 5.
    WHY DO WEANALYZE THE FIRMWARE? VULNERABILITIES SENSITIVE INFORMATION QEMU SHELL
  • 6.
    Firmware Extraction ● SerialConsole ● Bin file dump ● SSH & Telnet
  • 7.
    SERIAL CONSOLE ● Identifythe debug pins: Tx, Rx ● Usually the serial console pins are left for the debug purpose. ● It is used to catch the boot process and shell.
  • 8.
  • 9.
    BIN FILE DUMP ●Dump the bin file from EEPROM ● Tools: ○ HARDSPLOIT ○ RASPBERRY PI ○ Programmer
  • 10.
    BIN FILE DUMP ●Identify the EEPROM model. ● Connect the pins or desolder the EEPROM ● Put it in the programmer and read the chip content.
  • 11.
  • 12.
  • 13.
    BIN FILE DUMP:Raspberry Pi
  • 14.
    BIN FILE DUMP:Programmer ● Here we will extract the firmware of the IP Camera. ● Untie the screws and open the backpanel
  • 15.
    BIN FILE DUMP:Programmer ● Open the back panel and identify the UART pins. ● Identify the EEPROM details
  • 16.
    BIN FILE DUMP:Programmer ● Identify the EEPROM details and check the programer support.
  • 17.
    BIN FILE DUMP:Programmer ● Connect SOIC8 Clip to the EEPROM. ● Download the datasheet of the EEPROM.
  • 18.
    BIN FILE DUMP:Programmer ● Connect the pins to the programmer and select the EEPROM version family in prgrammer.
  • 19.
    BIN FILE DUMP:Programmer ● Dump the EEPROM content in a bin file.
  • 20.
    BIN FILE DUMP:Programmer ● Different programmers are also available which can read the EEPROM content.
  • 21.
    SSH & Telnet ●Enable the web console from the admin panel. ● Connect to the admin panel using the telnet. ● The SSH service is also enabled on some IoT devices.