Skip to main content

Posts

Showing posts from February, 2019

Firmware analysis Basic Approach

OWASP IoT I9: Insecure Software/Firmware, But here Our main concern is Firmware.
Testing Methodology:• Get the firmware• Reconnaissance• Unpacking• Localize point of interest• Decompile/pentest/fun!What are the requirements i will explain step by step. Here i am using the Ubuntu Xenial 16.04 you can use which Linux is comfortable with you.
Requirements:
1.Binwalk 2.Strings 3.Hexeditor 4.Linux OS - Ubuntu or Any other 5.Vulnerable firmware
So here i am not attacking any device directly because for firmware you will get from the vendor site or you can find some firmware in index of some sites.
Installation:
1.Binwalk:
as shown below And follow the installation steps from the Github location some dependencies need to be install. Some of them i will show how to do and remaining check from here
https://github.com/ReFirmLabs/binwalk/blob/master/INSTALL.md $sudo apt-get install binwalk




2.Strings:
After installation in the Binwalk in my Linux operating OS so next strings already default many Linux system…