Showing posts from February, 2019

OWASP IoT I9: Firmware analysis part -1

Firmware static analysis is a process used to examine the firmware of IoT devices and other embedded systems without executing the code. This analysis is crucial for identifying vulnerabilities, security flaws, or violations of coding standards, misconfiguration and hardcoded data within the firmware. The general what i follow after dumping firmware from hardware. • Get the firmware (vendor/hidden forums/dumping from hardware) • Reconnaissance (get to know about architecture and filesysteminfo) • Unpacking (extracting firmware also fun) • Localize point of interest (always keep the priority what exactly looking for (hardcoded data, or shell scripts or command injetion function)) • Decompile/pentest/fun! (binary decompiling) What are the requirements i will explain step by step. Here i am using the Ubuntu Xenial 16.04 you can use which Linux is comfortable with you. Static analysis tools: Name Description EMBA (Embedded Malware Binary Analysis) A Python-based frame