I won’t be at Defcon this year in body, but I’ll be there in spirit! I got to design the hardware used in @tb69rr’s and @bjt2n3904‘s Defcon talk, Blinded By The Light. A walk through of the hardware design is given in the video below; if you’re interested in how… Continue reading
Registration for our three day Hardware Hacking Workshop is now live! Our first class is February 16, 2016, but other dates are available as well. Be sure to sign up while there’s still room, and enter our contest to win FREE registration! Until then, here’s a little taste of what… Continue reading
Binwalk v2.1.1 has been released! If you’re still running v2.0.1, upgrading is highly recommended!
As mentioned in an update to my post on the HNAP bug in the DIR-890L, the same bug was reported earlier this year in the DIR-645, and a patch was released. D-Link has now released a patch for the DIR-890L as well. The patches for both the DIR-645 and DIR-890L… Continue reading
After finding D-Link’s WPS algorithm, I was curious to see which vendors might have similar algorithms, so I grabbed some Belkin firmware and started dissecting it. This particular firmware uses the SuperTask! RTOS, and in fact uses the same firmware obfuscation as seen previously on the Linksys WRT120N: DECIMAL HEXADECIMAL… Continue reading
The past 6 months have been incredibly busy, and I haven’t been keeping up with D-Link’s latest shenanigans. In need of some entertainment, I went to their web page today and was greeted by this atrocity: D-Link’s $300 DIR-890L router I think the most “insane” thing about this router is… Continue reading
While perusing the latest firmware for D-Link’s DIR-810L 80211ac router, I found an interesting bit of code in sbin/ncc, a binary which provides back-end services used by many other processes on the device, including the HTTP and UPnP servers: Call to sub_4D56F8 from getWPSPinCode I first began examining this particular… Continue reading
When reversing embedded code, it is often the case that completely different devices are built around a common code base, either due to code re-use by the vendor, or through the use of third-party software; this is especially true of devices running the same Real Time Operating System. For example,… Continue reading
SquashFS is an incredibly popular file system for embedded Linux devices. Unfortunately, it is also notorious for being hacked up by vendors, causing the standard SquashFS tools (i.e., unsquashfs) to fail when extracting these file systems. While projects like the Firmware-Mod-Kit (FMK) have amassed many unsquashfs utilities to work with… Continue reading
Binwalk v2.0.0 has (finally) been released. Grab it from the github page!