Saumil Shah, profile picture
Uploaded bySaumil Shah
25,278 views

Introducing ARM-X

This document introduces ARM-X, an ARM firmware emulation framework being developed by Saumil Shah. The goals of ARM-X include creating an IoT virtual machine to enable runtime analysis, reverse engineering, fuzzing, and exploit development of IoT devices. It discusses challenges with emulating IoT device firmware using QEMU and matching the kernel and drivers to the actual device. Extraction of firmware from IoT devices directly from flash memory or via hidden UART interfaces and serial consoles is also covered. A preview release of ARM-X is announced for October 23, 2019.

Software
Related topics:
Information Security
In this document
Powered by AI

Introduction of ARM-X by Saumil Shah, CEO of Net Square, highlighting his experience since 1999.

ARM-X is a firmware emulation framework aimed at creating a Virtual IoT device for analysis, reverse engineering, and exploit development.

Visualization of an IoT device's architecture, including components like CPU, kernel, drivers, and user processes.

Explanation of the IoT boot-up process: loading the kernel, uncompressing filesystem, and starting services.

Discussion on challenges in emulating hardware for ARM-X, including matching kernel environments and driver compatibility.

Methods for obtaining firmware from devices, including web sources, hidden UART interfaces, and direct chip extraction.

Live demo promotion and announcement of ARM-X preview release on 23 October 2019, inviting questions.

Embed presentation

NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE Introducing ARM-X Saumil Shah @therealsaumil 16 October 2019
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE # WHO AM I Saumil Shah CEO, Net Square @therealsaumil educating, entertaining and exasperating audiences since 1999
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE Introducing ARM-X • An ARM Firmware Emulation Framework. • Ultimate Goal - create an IoT VM! • A Virtual IoT device makes for easy – runtime analysis – reverse engineering – fuzzing – exploit development • Great insight into embedded hardware by trying to emulate it.
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE Take a look at an IoT device...
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE CPU and Hardware Kernel Drivers File System nvram User Processes API UI libnvram JTAG UART SPI ...it is a special computer...
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE compressed FS CPU Kernel Boot Loader mounted FS nvram init scripts Services Apps libnvram The IoT Boot Up Process conf conf conf conf firmware Loads Kernel. Uncompresses FS to ramdisk, invokes init process. ramdiskuserland Reads config from nvram. Builds system config files on the fly. Starts up system services. Invokes Applications and Application services. READY POWER ON
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram init scripts Services Apps libnvram Emulation: Goals and Challenges x x x x BUILDROOT Match the kernel with the one on the device chroot environment Implemented as an INI file, preloaded before "boot up" conf conf Fix to match QEMU environment Not all drivers load successfully
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE QEMU CPU and Limited Hardware Kernel The ARM-X Startup Process
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram Emulation: Goals and Challenges conf conf
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram init scripts libnvram Emulation: Goals and Challenges conf conf
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram init scripts Services Apps libnvram Emulation: Goals and Challenges x x x x conf conf
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE Obtaining the Firmware Firmware rootfs Firmware .bin file rootfs+nvram Serial Console Direct from Flash memory
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE 1: Web/FTP site
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE 2: Hidden UART interfaces Vcc (+3.3V) GND The other two pins have to be TX, RX. GND Verify continuity across GND
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE Serial Console Device GND TX RX GND TX RX minicom Serial Port = /dev/ttyUSB0 115200 baud 8N1 Vcc
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE Serial Console - working
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE Finished Serial Port Projects
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE # cat /proc/partitions major minor #blocks name 31 0 256 mtdblock0 31 1 64 mtdblock1 31 2 64 mtdblock2 31 3 1472 mtdblock3 31 4 128 mtdblock4 31 5 64 mtdblock5 31 6 2048 mtdblock6 31 7 32768 mtdblock7 31 8 30975 mtdblock8 31 9 131072 mtdblock9 31 10 98304 mtdblock10 Firmware Extraction # cat /proc/mtd dev: size erasesize name mtd0: 00040000 00010000 "u-boot" mtd1: 00010000 00010000 "devconf" mtd2: 00010000 00010000 "devdata" mtd3: 00170000 00010000 "mydlink" mtd4: 00020000 00010000 "langpack" mtd5: 00010000 00010000 "nvram" mtd6: 00200000 00010000 "flash" mtd7: 02000000 00020000 "upgrade" mtd8: 01e3ffa0 00020000 "rootfs" mtd9: 08000000 00020000 "nflash" mtd10: 06000000 00020000 "storage" dd if=/dev/mtdblock8 …
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE 3: Take it directly from the chip!
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE DEMO TIME!
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE WATCH THIS SPACE Downloads: https://armx.exploitlab.net/ ! Announcements: @therealsaumil Expect PREVIEW RELEASE 23 October 2019
NETSQUARE (c) SAUMIL SHAHHITB Cyberweek 2019 UAE Thank you and … QUESTIONS? @therealsaumil 16 October 2019

More Related Content

PPTX
QEMU and Raspberry Pi. Instant Embedded Development
byGlobalLogic Ukraine
 
PPT
U boot porting guide for SoC
byMacpaul Lin
 
PDF
Splash screen for Embedded Linux 101: How to customize your boot sequence
byPierre-jean Texier
 
PDF
Qemu Pcie
byThe Linux Foundation
 
PPTX
Docker, LinuX Container
byAraf Karsh Hamid
 
PDF
Ceph issue 해결 사례
byOpen Source Consulting
 
PDF
[Container Runtime Meetup] runc & User Namespaces
byAkihiro Suda
 
PDF
[오픈소스컨설팅]RHEL7/CentOS7 Pacemaker기반-HA시스템구성-v1.0
byJi-Woong Choi
 
QEMU and Raspberry Pi. Instant Embedded Development
byGlobalLogic Ukraine
 
U boot porting guide for SoC
byMacpaul Lin
 
Splash screen for Embedded Linux 101: How to customize your boot sequence
byPierre-jean Texier
 
Qemu Pcie
byThe Linux Foundation
 
Docker, LinuX Container
byAraf Karsh Hamid
 
Ceph issue 해결 사례
byOpen Source Consulting
 
[Container Runtime Meetup] runc & User Namespaces
byAkihiro Suda
 
[오픈소스컨설팅]RHEL7/CentOS7 Pacemaker기반-HA시스템구성-v1.0
byJi-Woong Choi
 

What's hot

PDF
ARM IoT Firmware Emulation Workshop
bySaumil Shah
 
PDF
Launch the First Process in Linux System
byJian-Hong Pan
 
PPTX
Ceph Performance and Sizing Guide
byJose De La Rosa
 
PPT
Learning AOSP - Android Booting Process
byNanik Tolaram
 
PDF
U-Boot - An universal bootloader
byEmertxe Information Technologies Pvt Ltd
 
PDF
Uboot startup sequence
byHoucheng Lin
 
PDF
Arm device tree and linux device drivers
byHoucheng Lin
 
PDF
今だからこそ知りたい Docker Compose/Swarm 入門
byMasahito Zembutsu
 
PDF
Build your own embedded linux distributions by yocto project
byYen-Chin Lee
 
PDF
Rootless Containers
byAkihiro Suda
 
PDF
エンジニアなら知っておきたい「仮想マシン」のしくみ (BPStudy38)
byTakeshi HASEGAWA
 
PDF
Device Tree for Dummies (ELC 2014)
byThomas Petazzoni
 
PDF
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
byStefano Stabellini
 
PPTX
The power of linux advanced tracer [POUG18]
byMahmoud Hatem
 
PPTX
Linux Initialization Process (1)
byshimosawa
 
PDF
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
byThe Linux Foundation
 
PPTX
Yocto project
byUniversity of Texas at Dallas
 
PDF
Kernel Recipes 2015: Representing device-tree peripherals in ACPI
byAnne Nicolas
 
DOCX
Instalando e configurando o cobian backup
byMarcos Rodrigues
 
PDF
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
byOpenStack Korea Community
 
ARM IoT Firmware Emulation Workshop
bySaumil Shah
 
Launch the First Process in Linux System
byJian-Hong Pan
 
Ceph Performance and Sizing Guide
byJose De La Rosa
 
Learning AOSP - Android Booting Process
byNanik Tolaram
 
U-Boot - An universal bootloader
byEmertxe Information Technologies Pvt Ltd
 
Uboot startup sequence
byHoucheng Lin
 
Arm device tree and linux device drivers
byHoucheng Lin
 
今だからこそ知りたい Docker Compose/Swarm 入門
byMasahito Zembutsu
 
Build your own embedded linux distributions by yocto project
byYen-Chin Lee
 
Rootless Containers
byAkihiro Suda
 
エンジニアなら知っておきたい「仮想マシン」のしくみ (BPStudy38)
byTakeshi HASEGAWA
 
Device Tree for Dummies (ELC 2014)
byThomas Petazzoni
 
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
byStefano Stabellini
 
The power of linux advanced tracer [POUG18]
byMahmoud Hatem
 
Linux Initialization Process (1)
byshimosawa
 
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
byThe Linux Foundation
 
Yocto project
byUniversity of Texas at Dallas
 
Kernel Recipes 2015: Representing device-tree peripherals in ACPI
byAnne Nicolas
 
Instalando e configurando o cobian backup
byMarcos Rodrigues
 
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
byOpenStack Korea Community
 

Similar to Introducing ARM-X

PDF
INSIDE ARM-X Cansecwest 2020
bySaumil Shah
 
PDF
Linaro connect : Introduction to Xen on ARM
byThe Linux Foundation
 
PDF
INSIDE ARM-X - Countermeasure 2019
bySaumil Shah
 
PDF
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
bySaumil Shah
 
PDF
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
bySaumil Shah
 
PDF
Linux for embedded_systems
byVandana Salve
 
PDF
RDMA on ARM
byinside-BigData.com
 
PDF
ARM Polyglot Shellcode - HITB2019AMS
bySaumil Shah
 
PDF
Announcing ARMX Docker - DC11332
bySaumil Shah
 
PPTX
04-ARM mbed IOT Device Introduction.pptx
byMohammed Moufti
 
PDF
Dec.20.2019, Arduino based on Mbed os
byDaniel Lee
 
PDF
HackLU 2018 Make ARM Shellcode Great Again
bySaumil Shah
 
PDF
XPDS16: Xenbedded: Xen-based client virtualization for phones and tablets - ...
byThe Linux Foundation
 
PDF
Embedded Linux
byShiraz LUG
 
PDF
Building
bySatpal Parmar
 
PDF
International Journal of Computational Engineering Research(IJCER)
byijceronline
 
PDF
Develop Your Own Operating Systems using Cheap ARM Boards
byNational Cheng Kung University
 
PPTX
Kernel modules
byElmàgic Àlàâ
 
PPT
Lemay jin-reddy-schoudel
byxu3stones
 
PDF
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded ...
byPriyanka Aash
 
INSIDE ARM-X Cansecwest 2020
bySaumil Shah
 
Linaro connect : Introduction to Xen on ARM
byThe Linux Foundation
 
INSIDE ARM-X - Countermeasure 2019
bySaumil Shah
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
bySaumil Shah
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
bySaumil Shah
 
Linux for embedded_systems
byVandana Salve
 
RDMA on ARM
byinside-BigData.com
 
ARM Polyglot Shellcode - HITB2019AMS
bySaumil Shah
 
Announcing ARMX Docker - DC11332
bySaumil Shah
 
04-ARM mbed IOT Device Introduction.pptx
byMohammed Moufti
 
Dec.20.2019, Arduino based on Mbed os
byDaniel Lee
 
HackLU 2018 Make ARM Shellcode Great Again
bySaumil Shah
 
XPDS16: Xenbedded: Xen-based client virtualization for phones and tablets - ...
byThe Linux Foundation
 
Embedded Linux
byShiraz LUG
 
Building
bySatpal Parmar
 
International Journal of Computational Engineering Research(IJCER)
byijceronline
 
Develop Your Own Operating Systems using Cheap ARM Boards
byNational Cheng Kung University
 
Kernel modules
byElmàgic Àlàâ
 
Lemay jin-reddy-schoudel
byxu3stones
 
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded ...
byPriyanka Aash
 

More from Saumil Shah

PDF
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
bySaumil Shah
 
PDF
The Hand That Strikes, Also Blocks
bySaumil Shah
 
PDF
The Seven Axioms Of Security
bySaumil Shah
 
PDF
Make ARM Shellcode Great Again - HITB2018PEK
bySaumil Shah
 
PDF
Schrödinger's ARM Assembly
bySaumil Shah
 
PDF
Cross Border Cyber Attacks: Impact on Digital Sovereignty
bySaumil Shah
 
PDF
The Seven Axioms of Security - ITWeb 2017
bySaumil Shah
 
PDF
The Road To Defendable Systems - Emirates NBD
bySaumil Shah
 
PDF
Hack.LU - The Infosec Crossroads
bySaumil Shah
 
PDF
Precise Presentations
bySaumil Shah
 
PDF
The CISO's Dilemma 44CON 2019
bySaumil Shah
 
PDF
Cybersecurity In India - The Decade Ahead
bySaumil Shah
 
PDF
NSConclave2020 The Decade Behind And The Decade Ahead
bySaumil Shah
 
PDF
Make ARM Shellcode Great Again
bySaumil Shah
 
PDF
Cyberspace And Security - India's Decade Ahead
bySaumil Shah
 
PDF
Redefining Defense - HITB2017AMS Keynote
bySaumil Shah
 
PDF
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
bySaumil Shah
 
PDF
The CISO's Dilemma HITBGSEC2019
bySaumil Shah
 
PDF
Effective Webinars: Presentation Skills for a Virtual Audience
bySaumil Shah
 
PDF
What Makes a Compelling Photograph
bySaumil Shah
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
bySaumil Shah
 
The Hand That Strikes, Also Blocks
bySaumil Shah
 
The Seven Axioms Of Security
bySaumil Shah
 
Make ARM Shellcode Great Again - HITB2018PEK
bySaumil Shah
 
Schrödinger's ARM Assembly
bySaumil Shah
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
bySaumil Shah
 
The Seven Axioms of Security - ITWeb 2017
bySaumil Shah
 
The Road To Defendable Systems - Emirates NBD
bySaumil Shah
 
Hack.LU - The Infosec Crossroads
bySaumil Shah
 
Precise Presentations
bySaumil Shah
 
The CISO's Dilemma 44CON 2019
bySaumil Shah
 
Cybersecurity In India - The Decade Ahead
bySaumil Shah
 
NSConclave2020 The Decade Behind And The Decade Ahead
bySaumil Shah
 
Make ARM Shellcode Great Again
bySaumil Shah
 
Cyberspace And Security - India's Decade Ahead
bySaumil Shah
 
Redefining Defense - HITB2017AMS Keynote
bySaumil Shah
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
bySaumil Shah
 
The CISO's Dilemma HITBGSEC2019
bySaumil Shah
 
Effective Webinars: Presentation Skills for a Virtual Audience
bySaumil Shah
 
What Makes a Compelling Photograph
bySaumil Shah
 

Recently uploaded

PPTX
Building a RAG System for Customer Support - L1
byBogdan Mustata
 
PDF
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
PPTX
Presentation on AWS Cloud RDS Deep dive
byBimal Jain
 
PDF
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...
byiaaixmarseille
 
PDF
Bring AI and build AI agents into your Jakarta EE Apps with LangChain4J-CDI
byBuhake Sindi
 
PPTX
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
PDF
DevOps Monitoring Tools: The 2025 Guide to Performance & Observability
byalexendrascott01
 
PDF
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
byApplitools
 
PPTX
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
PDF
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
PPTX
Understanding-ROM-RAM-Cache-and-Buffer-Memory.pptx.pptx
bylata2850
 
PDF
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
PPTX
Building AI agents in Java - Devoxx Belgium 2025
byJulien Dubois
 
PDF
BCA 1st Semester Fundamentals Solved Question Paper 44121
byKuvempu University
 
PDF
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
byDeltares
 
PDF
Data Integration with Salesforce Bootcamp
byDele Amefo
 
PDF
Internship Project Training Report-3.pdf
byPawank36
 
PDF
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
PPTX
Zotero Software Demonstration. Biomedical Perspective
byDr Snehashis Singha
 
PDF
DSD-INT 2025 Understanding the Paraguay River Response to Hard Bottom Dredgin...
byDeltares
 
Building a RAG System for Customer Support - L1
byBogdan Mustata
 
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
Presentation on AWS Cloud RDS Deep dive
byBimal Jain
 
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...
byiaaixmarseille
 
Bring AI and build AI agents into your Jakarta EE Apps with LangChain4J-CDI
byBuhake Sindi
 
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
DevOps Monitoring Tools: The 2025 Guide to Performance & Observability
byalexendrascott01
 
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
byApplitools
 
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
Understanding-ROM-RAM-Cache-and-Buffer-Memory.pptx.pptx
bylata2850
 
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
Building AI agents in Java - Devoxx Belgium 2025
byJulien Dubois
 
BCA 1st Semester Fundamentals Solved Question Paper 44121
byKuvempu University
 
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
byDeltares
 
Data Integration with Salesforce Bootcamp
byDele Amefo
 
Internship Project Training Report-3.pdf
byPawank36
 
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
Zotero Software Demonstration. Biomedical Perspective
byDr Snehashis Singha
 
DSD-INT 2025 Understanding the Paraguay River Response to Hard Bottom Dredgin...
byDeltares
 

Introducing ARM-X

  • 1.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE Introducing ARM-X Saumil Shah @therealsaumil 16 October 2019
  • 2.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE # WHO AM I Saumil Shah CEO, Net Square @therealsaumil educating, entertaining and exasperating audiences since 1999
  • 3.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE Introducing ARM-X • An ARM Firmware Emulation Framework. • Ultimate Goal - create an IoT VM! • A Virtual IoT device makes for easy – runtime analysis – reverse engineering – fuzzing – exploit development • Great insight into embedded hardware by trying to emulate it.
  • 4.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE
  • 5.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE
  • 6.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE Take a look at an IoT device...
  • 7.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE CPU and Hardware Kernel Drivers File System nvram User Processes API UI libnvram JTAG UART SPI ...it is a special computer...
  • 8.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE compressed FS CPU Kernel Boot Loader mounted FS nvram init scripts Services Apps libnvram The IoT Boot Up Process conf conf conf conf firmware Loads Kernel. Uncompresses FS to ramdisk, invokes init process. ramdiskuserland Reads config from nvram. Builds system config files on the fly. Starts up system services. Invokes Applications and Application services. READY POWER ON
  • 9.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram init scripts Services Apps libnvram Emulation: Goals and Challenges x x x x BUILDROOT Match the kernel with the one on the device chroot environment Implemented as an INI file, preloaded before "boot up" conf conf Fix to match QEMU environment Not all drivers load successfully
  • 10.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE QEMU CPU and Limited Hardware Kernel The ARM-X Startup Process
  • 11.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE
  • 12.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE
  • 13.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram Emulation: Goals and Challenges conf conf
  • 14.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE
  • 15.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE
  • 16.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram init scripts libnvram Emulation: Goals and Challenges conf conf
  • 17.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE
  • 18.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram init scripts Services Apps libnvram Emulation: Goals and Challenges x x x x conf conf
  • 19.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE
  • 20.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE Obtaining the Firmware Firmware rootfs Firmware .bin file rootfs+nvram Serial Console Direct from Flash memory
  • 21.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE 1: Web/FTP site
  • 22.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE 2: Hidden UART interfaces Vcc (+3.3V) GND The other two pins have to be TX, RX. GND Verify continuity across GND
  • 23.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE Serial Console Device GND TX RX GND TX RX minicom Serial Port = /dev/ttyUSB0 115200 baud 8N1 Vcc
  • 24.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE Serial Console - working
  • 25.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE Finished Serial Port Projects
  • 26.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE # cat /proc/partitions major minor #blocks name 31 0 256 mtdblock0 31 1 64 mtdblock1 31 2 64 mtdblock2 31 3 1472 mtdblock3 31 4 128 mtdblock4 31 5 64 mtdblock5 31 6 2048 mtdblock6 31 7 32768 mtdblock7 31 8 30975 mtdblock8 31 9 131072 mtdblock9 31 10 98304 mtdblock10 Firmware Extraction # cat /proc/mtd dev: size erasesize name mtd0: 00040000 00010000 "u-boot" mtd1: 00010000 00010000 "devconf" mtd2: 00010000 00010000 "devdata" mtd3: 00170000 00010000 "mydlink" mtd4: 00020000 00010000 "langpack" mtd5: 00010000 00010000 "nvram" mtd6: 00200000 00010000 "flash" mtd7: 02000000 00020000 "upgrade" mtd8: 01e3ffa0 00020000 "rootfs" mtd9: 08000000 00020000 "nflash" mtd10: 06000000 00020000 "storage" dd if=/dev/mtdblock8 …
  • 27.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE 3: Take it directly from the chip!
  • 28.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE DEMO TIME!
  • 29.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE WATCH THIS SPACE Downloads: https://armx.exploitlab.net/ ! Announcements: @therealsaumil Expect PREVIEW RELEASE 23 October 2019
  • 30.
    NETSQUARE (c) SAUMILSHAHHITB Cyberweek 2019 UAE Thank you and … QUESTIONS? @therealsaumil 16 October 2019