veerababu penugonda(Mr-IoT), profile picture
Uploaded byveerababu penugonda(Mr-IoT)
PPTX, PDF482 views

Firmware analysis 101

Here is a potential slide title for slide 5: Obtaining Firmware

Embed presentation

Downloaded 18 times
Firmware Analysis 101 DSTeamTraining
Print(“About me”) ▪ Veerababu Penugonda (Village Guy – Mr IoT) ▪ Passionate with electrics and electronics ▪ Hacker by passion , security guy by profession ▪ Handling in Aujas IoT/OT consultant with DS team ▪ Heartful thanks to aujas DS team for the session Achieves: CTF runner up, articles published in hakin9 and pentest magazine , got CVE ID still pending many on hardware
Content of Firmware security 101 1. what is firmware 2. dig deep into firmware 3. firmware importance 4. how many ways we can obtain the firmware 5. firmware emulation 6. finding the bugs in embedded application 7. firmware reversing i. extraction ii. identifying the architecture iii. finding the key info iv. looking into hardcoded data v. backdooring the file vi. reverse engineering
IoT/OT blooming day by day
What is IoT/OT ▪ IoT – Internet of things – A device which is connected to internet and receiving or sharing data directly or indirectly called Internet of thing Scenario IoT OT security Challenge Challege pentesting Easy Difficult malware High Medium ▪ OT – OperationalTechnology – Which is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise.
IoT/OT Smart IoT • Smart bands, BLE Devices, • Connected clocks OT • ICS • SCADA , PLC Hardware • PCB’S, CHIPS ▪ Key Points ▪ IoT/OT everywhere ▪ When its connected world anyway it will be vulnerable to hack ▪ Security always is challenging task compare to pentesting or hacking ▪ So will discuss about the security practices also
What is a firmware..? Firmware is a software of hardware (Or) permanent software programmed into a read-only memory. ▪ Mainly firmware consists – Low level languages programmed – File systems – Root Directory – Application data files – Architecture information – Busybox (important) – Encrypted data
Filesystems Type..? Image Source : https://en.wikipedia.org/wiki/Memory_management • SquashFS • JFFS • JFFS2 • CPIO • YAFFS • UBIFS • XFS • These are commonly used in Firmware
Detailed in Filesystem.. SquashFS: Squashfs is a compressed read-only file system for Linux. Squashfs compresses files, inodes and directories, and supports block sizes up to 1 MB for greater compression. Several compression algorithms are supported. Squashfs is also the name of free software, licensed under the GPL, for accessing Squashfs filesystems. Squashfs is intended for general read-only file-system use and in constrained block-device memory systems (e.g. embedded systems) where low overhead is needed.
Detailed with flashsystem ..
Root Directory
Firmware Importance .. ▪ Firmware working for running the hardware device to bootup ▪ Firmware where we can store the most important data like credentials and certificates ▪ When back door is injected for firmware attacker will take always reverse connection
Add a Slide Title - 5

More Related Content

PDF
Linux Performance Analysis: New Tools and Old Secrets
byBrendan Gregg
 
PPTX
Networking in linux
byVarnnit Jain
 
PPTX
Linux security
bytrilokchandra prakash
 
PPTX
IP tables and Filtering
byAisha Talat
 
PPTX
Bash shell scripting
byVIKAS TIWARI
 
PDF
Bootloaders
byAnil Kumar Pugalia
 
PPTX
User management
byMufaddal Haidermota
 
PDF
Linux Bash Shell Cheat Sheet for Beginners
byDavide Ciambelli
 
Linux Performance Analysis: New Tools and Old Secrets
byBrendan Gregg
 
Networking in linux
byVarnnit Jain
 
Linux security
bytrilokchandra prakash
 
IP tables and Filtering
byAisha Talat
 
Bash shell scripting
byVIKAS TIWARI
 
Bootloaders
byAnil Kumar Pugalia
 
User management
byMufaddal Haidermota
 
Linux Bash Shell Cheat Sheet for Beginners
byDavide Ciambelli
 

What's hot

PDF
Marco Cavallini - Yocto Project, an automatic generator of embedded Linux dis...
bylinuxlab_conf
 
PDF
Linux Internals - Part II
byEmertxe Information Technologies Pvt Ltd
 
ODP
Linux Internals - Kernel/Core
byShay Cohen
 
PPTX
file system in operating system
bytittuajay
 
PDF
Embedded Operating System - Linux
byEmertxe Information Technologies Pvt Ltd
 
PDF
Linux systems - Linux Commands and Shell Scripting
byEmertxe Information Technologies Pvt Ltd
 
DOCX
linux file sysytem& input and output
byMythiliA5
 
PDF
File System Hierarchy
bysritolia
 
PDF
XDP in Practice: DDoS Mitigation @Cloudflare
byC4Media
 
PDF
Arm device tree and linux device drivers
byHoucheng Lin
 
PDF
Linux Programming
byEmertxe Information Technologies Pvt Ltd
 
PDF
Hacking With Nmap - Scanning Techniques
byamiable_indian
 
PPTX
Linux System Programming - File I/O
byYourHelper1
 
PDF
Linux boot process – explained
byLinuxConcept
 
PPTX
Linux file system
byMd. Tanvir Hossain
 
PDF
Introduction to Linux Drivers
byAnil Kumar Pugalia
 
PPTX
Samba power point presentation
byMd Maksudur Rahman
 
PPTX
Introduction to Unix
byNishant Munjal
 
PDF
Microkernel Evolution
byNational Cheng Kung University
 
PDF
Firmware Extraction & Fuzzing - Jatan Raval
byNSConclave
 
Marco Cavallini - Yocto Project, an automatic generator of embedded Linux dis...
bylinuxlab_conf
 
Linux Internals - Part II
byEmertxe Information Technologies Pvt Ltd
 
Linux Internals - Kernel/Core
byShay Cohen
 
file system in operating system
bytittuajay
 
Embedded Operating System - Linux
byEmertxe Information Technologies Pvt Ltd
 
Linux systems - Linux Commands and Shell Scripting
byEmertxe Information Technologies Pvt Ltd
 
linux file sysytem& input and output
byMythiliA5
 
File System Hierarchy
bysritolia
 
XDP in Practice: DDoS Mitigation @Cloudflare
byC4Media
 
Arm device tree and linux device drivers
byHoucheng Lin
 
Linux Programming
byEmertxe Information Technologies Pvt Ltd
 
Hacking With Nmap - Scanning Techniques
byamiable_indian
 
Linux System Programming - File I/O
byYourHelper1
 
Linux boot process – explained
byLinuxConcept
 
Linux file system
byMd. Tanvir Hossain
 
Introduction to Linux Drivers
byAnil Kumar Pugalia
 
Samba power point presentation
byMd Maksudur Rahman
 
Introduction to Unix
byNishant Munjal
 
Microkernel Evolution
byNational Cheng Kung University
 
Firmware Extraction & Fuzzing - Jatan Raval
byNSConclave
 

Similar to Firmware analysis 101

PDF
Beginners guide on how to start exploring IoT 2nd session
byveerababu penugonda(Mr-IoT)
 
PDF
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
byYogesh Ojha
 
PDF
IOT Exploitation
byCysinfo Cyber Security Community
 
PPTX
Null mumbai-reversing-IoT-firmware
byNitesh Malviya
 
PPTX
Making and breaking security in embedded devices
byYashin Mehaboobe
 
PPT
Attacking Embedded Devices (No Axe Required)
bySecurity Weekly
 
PPTX
13-MohamedHany - 5-dateee-2025 5 12.pptx
byFutureTechnologies3
 
PPTX
M5-1.pptx m5 document for 18 ec751 students of engineering
by4SF20CS057LESTONREGO
 
PDF
What is firmware
byRobert Scaccia
 
PPT
EMBEDDED SYSTEMS -UNIT-III-TSK-PROF.ECE-ACET.ppt
byswarna pasupuleti
 
PDF
Open Source Firmware - FrOSCon 2019
byDaniel Maslowski
 
PPTX
Firmware Reverse Engineering
bySatria Ady Pradana
 
PPTX
Pentesting embedded
byantitree
 
PDF
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
byRootedCON
 
PPTX
Defense-in-depth for embedded devices
byJiggyasu Sharma
 
PPTX
Firmware, application software works on operating system
bysanjaykr30
 
PDF
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
byDefconRussia
 
PDF
Quick Boot A Guide for Embedded Firmware Developers 2nd edition Pete Dice
byhoditauzik
 
DOCX
Hardware software and firmware
byMdSahwon
 
PDF
What if you can’t trust your network card? (slides)
byTWD Industries AG
 
Beginners guide on how to start exploring IoT 2nd session
byveerababu penugonda(Mr-IoT)
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
byYogesh Ojha
 
IOT Exploitation
byCysinfo Cyber Security Community
 
Null mumbai-reversing-IoT-firmware
byNitesh Malviya
 
Making and breaking security in embedded devices
byYashin Mehaboobe
 
Attacking Embedded Devices (No Axe Required)
bySecurity Weekly
 
13-MohamedHany - 5-dateee-2025 5 12.pptx
byFutureTechnologies3
 
M5-1.pptx m5 document for 18 ec751 students of engineering
by4SF20CS057LESTONREGO
 
What is firmware
byRobert Scaccia
 
EMBEDDED SYSTEMS -UNIT-III-TSK-PROF.ECE-ACET.ppt
byswarna pasupuleti
 
Open Source Firmware - FrOSCon 2019
byDaniel Maslowski
 
Firmware Reverse Engineering
bySatria Ady Pradana
 
Pentesting embedded
byantitree
 
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
byRootedCON
 
Defense-in-depth for embedded devices
byJiggyasu Sharma
 
Firmware, application software works on operating system
bysanjaykr30
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
byDefconRussia
 
Quick Boot A Guide for Embedded Firmware Developers 2nd edition Pete Dice
byhoditauzik
 
Hardware software and firmware
byMdSahwon
 
What if you can’t trust your network card? (slides)
byTWD Industries AG
 

Recently uploaded

PDF
Emergency Wrist Watch: SOS, GPS & Fall Detection
byMerge Insights
 
PPTX
Libera Accademia di Belle Arti di Firenze Diploma
by美国南加利福尼亚大学学位证书快速办理【Q微号:1954 292 140】USC毕业证
 
PPTX
Java_Inheritance_Types_With_Examples.pptx
byharry77pq
 
PDF
01-ELE451-Advanced Programming.pdf1111111
byAhmedOsama295845
 
PDF
TRACER-PPT-H61394-TracerLynxCustomerPresentation-EN-2106.pdf
byzhujiaqi4
 
PPTX
Arts University Bournemouth Diploma
byk6pqrluc
 
PPTX
Ixkxxjxjxlxkxlkzkzjzjxhxjkxkzzjbxhxkxjxxv
bypythonp121
 
PPTX
Components of Genetic Algorithm (4).pptx
bysakshamkhurana23
 
Emergency Wrist Watch: SOS, GPS & Fall Detection
byMerge Insights
 
Libera Accademia di Belle Arti di Firenze Diploma
by美国南加利福尼亚大学学位证书快速办理【Q微号:1954 292 140】USC毕业证
 
Java_Inheritance_Types_With_Examples.pptx
byharry77pq
 
01-ELE451-Advanced Programming.pdf1111111
byAhmedOsama295845
 
TRACER-PPT-H61394-TracerLynxCustomerPresentation-EN-2106.pdf
byzhujiaqi4
 
Arts University Bournemouth Diploma
byk6pqrluc
 
Ixkxxjxjxlxkxlkzkzjzjxhxjkxkzzjbxhxkxjxxv
bypythonp121
 
Components of Genetic Algorithm (4).pptx
bysakshamkhurana23
 

Firmware analysis 101

  • 1.
  • 2.
    Print(“About me”) ▪ VeerababuPenugonda (Village Guy – Mr IoT) ▪ Passionate with electrics and electronics ▪ Hacker by passion , security guy by profession ▪ Handling in Aujas IoT/OT consultant with DS team ▪ Heartful thanks to aujas DS team for the session Achieves: CTF runner up, articles published in hakin9 and pentest magazine , got CVE ID still pending many on hardware
  • 3.
    Content of Firmwaresecurity 101 1. what is firmware 2. dig deep into firmware 3. firmware importance 4. how many ways we can obtain the firmware 5. firmware emulation 6. finding the bugs in embedded application 7. firmware reversing i. extraction ii. identifying the architecture iii. finding the key info iv. looking into hardcoded data v. backdooring the file vi. reverse engineering
  • 4.
  • 5.
    What is IoT/OT ▪IoT – Internet of things – A device which is connected to internet and receiving or sharing data directly or indirectly called Internet of thing Scenario IoT OT security Challenge Challege pentesting Easy Difficult malware High Medium ▪ OT – OperationalTechnology – Which is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise.
  • 6.
    IoT/OT Smart IoT • Smartbands, BLE Devices, • Connected clocks OT • ICS • SCADA , PLC Hardware • PCB’S, CHIPS ▪ Key Points ▪ IoT/OT everywhere ▪ When its connected world anyway it will be vulnerable to hack ▪ Security always is challenging task compare to pentesting or hacking ▪ So will discuss about the security practices also
  • 7.
    What is afirmware..? Firmware is a software of hardware (Or) permanent software programmed into a read-only memory. ▪ Mainly firmware consists – Low level languages programmed – File systems – Root Directory – Application data files – Architecture information – Busybox (important) – Encrypted data
  • 8.
    Filesystems Type..? Image Source: https://en.wikipedia.org/wiki/Memory_management • SquashFS • JFFS • JFFS2 • CPIO • YAFFS • UBIFS • XFS • These are commonly used in Firmware
  • 9.
    Detailed in Filesystem.. SquashFS: Squashfsis a compressed read-only file system for Linux. Squashfs compresses files, inodes and directories, and supports block sizes up to 1 MB for greater compression. Several compression algorithms are supported. Squashfs is also the name of free software, licensed under the GPL, for accessing Squashfs filesystems. Squashfs is intended for general read-only file-system use and in constrained block-device memory systems (e.g. embedded systems) where low overhead is needed.
  • 10.
  • 11.
  • 12.
    Firmware Importance .. ▪Firmware working for running the hardware device to bootup ▪ Firmware where we can store the most important data like credentials and certificates ▪ When back door is injected for firmware attacker will take always reverse connection
  • 13.
    Add a SlideTitle - 5