Hardware Hacking Workshop is Now Live! – /dev/ttyS0

Registration for our three day Hardware Hacking Workshop is now live! Our first class is February 16, 2016, but other dates are available as well. Be sure to sign up while there’s still room, and enter our contest to win FREE registration! Until then, here’s a little taste of what… Continue reading

What the Ridiculous Fuck, D-Link?! – /dev/ttyS0

As mentioned in an update to my post on the HNAP bug in the DIR-890L, the same bug was reported earlier this year in the DIR-645, and a patch was released. D-Link has now released a patch for the DIR-890L as well. The patches for both the DIR-645 and DIR-890L… Continue reading

Reversing Belkin’s WPS Pin Algorithm – /dev/ttyS0

After finding D-Link’s WPS algorithm, I was curious to see which vendors might have similar algorithms, so I grabbed some Belkin firmware and started dissecting it. This particular firmware uses the SuperTask! RTOS, and in fact uses the same firmware obfuscation as seen previously on the Linksys WRT120N: DECIMAL HEXADECIMAL… Continue reading

Hacking the D-Link DIR-890L – /dev/ttyS0

The past 6 months have been incredibly busy, and I haven’t been keeping up with D-Link’s latest shenanigans. In need of some entertainment, I went to their web page today and was greeted by this atrocity: D-Link’s $300 DIR-890L router I think the most “insane” thing about this router is… Continue reading

Reversing D-Link’s WPS Pin Algorithm – /dev/ttyS0

While perusing the latest firmware for D-Link’s DIR-810L 80211ac router, I found an interesting bit of code in sbin/ncc, a binary which provides back-end services used by many other processes on the device, including the HTTP and UPnP servers: Call to sub_4D56F8 from getWPSPinCode I first began examining this particular… Continue reading

A Code Signature Plugin for IDA – /dev/ttyS0

When reversing embedded code, it is often the case that completely different devices are built around a common code base, either due to code re-use by the vendor, or through the use of third-party software; this is especially true of devices running the same Real Time Operating System. For example,… Continue reading

Mucking About With SquashFS – /dev/ttyS0

SquashFS is an incredibly popular file system for embedded Linux devices. Unfortunately, it is also notorious for being hacked up by vendors, causing the standard SquashFS tools (i.e., unsquashfs) to fail when extracting these file systems. While projects like the Firmware-Mod-Kit (FMK) have amassed many unsquashfs utilities to work with… Continue reading