In celebration of the world not ending, a new version of Binwalk has been released. Notable changes: Much improved signatures for several common file types, particularly JFFS2 “Smart signature” keyword support, for more reliable and faster scans Ability to invoke external applications to process extracted files The latter feature is… Continue reading
Being able to run IDA scripts from the command line is very useful, but can be a bit kludgy. Fortunately, idascript was written to simplify this process. Unfortunately (for me), it was written for Windows. Since I work primarily in a Linux environment, I re-wrote the idascript utility in Python…. Continue reading
Our next Embedded Device Exploitation class will be held on December 12th and 13th. Registration is open now!
Given the name of this blog and the number of requests that I’ve had, I think it’s high time we discussed serial ports; specifically, serial ports in embedded systems. My goal here is to describe the techniques that I’ve found effective in identifying and reverse engineering embedded serial ports through… Continue reading
Today we’ll be jailbreaking the Netgear NTV300 set top box…with a TV remote. The Netgear NeoTV 300 Negear’s NeoTV set top boxes are designed to compete with the popular Roku, and can stream video from all the usual sources (Netflix, HuluPlus, Youtube, etc). The NTV300 is one of the least… Continue reading
Although D-Link’s CAPTCHA login feature has a history of implementation flaws and has been proven to not protect against the threat it was intended to thwart, they continue to keep this feature in their products. Today we’ll be looking at the CAPTCHA implementation in the D-Link DIR-605L, which is a… Continue reading
Binwalk 0.4.5 is now available. This release includes a couple of bug fixes, including a (small) memory leak, and a signature parsing bug which prevented certain signatures from loading properly. A new command line option has been added as well: –dd. This feature instructs Binwalk to extract embedded files that… Continue reading
If you’re going to be in Vegas for BlackHat/Defcon, be sure to check out Zach’s talk. WNDR3700 Amazon Review
Today we’re going to take a look at an interesting little device, the Linksys WMB54G wireless music bridge. WMB54G This is a pretty specialized device, so it’s likely a fairly minimalistic system. Even the administrative interface is small and simple: WMB54G Administrative Interface The Linksys support page doesn’t have any… Continue reading
Working with embedded devices, I end up using TFTP quite a bit. While most operating systems offer TFTP clients, they tend to be a bit archaic and lack simple features that we hacker types might find useful. So of course, I rolled my own. Tfcp is a TFTP client utility… Continue reading