firmware hacking, slash the pineapple for fun
TRANSCRIPT
/usr/bin/whoami- IDSECCONF 2013, 2014, 2015 SPEAKER
- MEMBER of OPENWRT INDONESIA
- me Opreker != Hacker
“an act to customizing frmware content that later
have to rewrite/fash into rom memory of related devices”
Firmware Hacking(maybe)
The Tools- Binwalk 2.1.0*(analysis = good, unpack/repack = bad)
- Firmware mod kit*(analysis = bad, unpack/repack =good)- Usb2TTL dongle *(ur safenet)
Binwalk 2.1.0
- Analyzed result
$ binwalk upgrade-2.2.0.binDECIMAL HEXADECIMAL DESCRIPTION--------------------------------------------------------------------------------512 0x200 LZMA compressed data, properties: 0x6D, dictionarysize: 8388608 bytes, uncompressed size: 2805816 bytes927532 0xE272C Squashfs filesystem, little endian, version 4.0,compression:xz, size: 12259772 bytes, 2932 inodes, blocksize: 262144 bytes,blocksize: 262144 bytes, created: 2015-01-12 22:39:23
Firmware Mod Kit
*FMK didn't know Squashfs compression type
- Analyzed resultMD5 Checksum: 457a32d5b78cbdb5cf47fcb0fd3b719aDECIMAL HEX DESCRIPTION------------------------------------------------------------------------------------------------512 0x200 LZMA compressed data, properties: 0x6D,dictionary size: 8388608 bytes, uncompressed size: 2805816 bytes927532 0xE272C Squashfs filesystem, little endian, version 4.0,compression: size: 12259772 bytes, 2932 inodes, blocksize:262144 bytes, created: Tue Jan 13 05:39:23 2015
Debugging
- Trace the protection script$ grep -lr -e 'wrong pattern entered' *includes/welcome/welcome.inc.php
Exploitation- Edit welcome.inc.php
*In version 2.4.0, we just need to change the equation "==" to "! ="below the resetDips() function
Repacking (FMK)
*If output size too big, delete some files or use “-min”option
$ sudo ./build-firmware.sh fmk/
GREETINGSTerima kasih kepada Cindy Wijaya, Xopal Unil, TisarosKaskus, Openwrt Indonesia, Om Hero lirva32,Brahmanggi Aditya, Richy Hendra, Ade Surya, ...allhuman or not (^^) who always support inspiredme. And ofcourse it’s U... ra’