Skip to main content

Posts

Static Analysis of Firmwares

Recent posts

Some IoT Pentesting hints -- keep on update

Procedure 1 :

A. Collect the information about the device
i.data sheets
ii.product features
iii.installation guide and user manual download from the vendor

    website or use google dorks to get the data

B. as per device name and model number or hardware information check for publicly
available exploits -exploit db , or exploit search engines
Useful search engines for the exploits

https://sploitus.com/
https://vulmon.com/
http://www.exploitsearch.com/
https://www.nmmapper.com/searchindex/s/

There are special search engines for IoT which helps us to find the more insecure devices which is publicly available
 i . shodan
 ii. censys
 iii. zoomeye
 iv. onphye

C. Making a detailed list
    i. Write all features list of the device
    ii. Make list publicly available exploits
    iii.Start making your own method to pentest it -

            before that understand device more clearly

D.Common approach for the IoT Pentesting Methodology
     i.Network
     ii.embedded applications
     iii.mobile apps Android and ios
  …

Bluetooth Pentesting guide

Just interesting in daily life that we cant see properly called signals that we can't see with our own eyes

but devices can do there many wireless communication are there like
Wireless Communication protocols in IoT:wifi (wireless fidelity)bluetooth zigbeezwave LoRAGSMBut let's get into the topic Mostly relevant  vulnerabilities in Bluetooth: Authentication and authorisation issuesMiTMDoSMAC SpoofingPIN CrackingBrute forceIn android Bluetooth mostly we will get this type vulnerability:RCE        Remote code executionEoP        Elevation of privilegeID         Information disclosureDoS        Denial of serviceIn major level Bluetooth chipset vulnerabilitiesWe all same procedure what scan the surrounding devices and start attacks from the write-ups available in google

Let’s see little difference right now we need to know how Bluetooth works

Dumping the Firmware from the device Using buspirate

One of the best way to get the firmware from the hardware


While doing penetration testing there are scenarios in which we need to dump the firmware from the devices.This method is typically used when there are no firmware’s available from vendor site. Today we are going to show you how to dump the firmware from an Wireless router Binatone DT 850W Software and hardware Requirements:
BuspirateUbuntu 16.04 or any other Linux machineFlashrom toolSOIC cable pin 8Buspirate connectors


This is a Wireless router from Binatone DT 850W which will be used as an example for dumping the firmware.
Let’s us Analyze the Inside Device.You can see IC chips like EEPROM, UART pins and Ralink CPU and also some OtherIC chips Let us focus mainly on the EEPROM chip (winbond W25Q16). What is EEPROM: EEPROM (also written E2PROM and pronounced “e-e-prom”, “double-e-prom” or “e-squared-prom”) stands for electrically erasable programmable read-only memory and is a type of non-volatile memory used in computers and other e…

Firmware analysis Basic Approach

OWASP IoT I9: Insecure Software/Firmware, But here Our main concern is Firmware.
Testing Methodology:• Get the firmware• Reconnaissance• Unpacking• Localize point of interest• Decompile/pentest/fun!What are the requirements i will explain step by step. Here i am using the Ubuntu Xenial 16.04 you can use which Linux is comfortable with you.
Requirements:
1.Binwalk 2.Strings 3.Hexeditor 4.Linux OS - Ubuntu or Any other 5.Vulnerable firmware
So here i am not attacking any device directly because for firmware you will get from the vendor site or you can find some firmware in index of some sites.
Installation:
1.Binwalk:
as shown below And follow the installation steps from the Github location some dependencies need to be install. Some of them i will show how to do and remaining check from here
https://github.com/ReFirmLabs/binwalk/blob/master/INSTALL.md $sudo apt-get install binwalk




2.Strings:
After installation in the Binwalk in my Linux operating OS so next strings already default many Linux system…