Binwalk 0.2.1 Released – /dev/ttyS0
A new version of our firmware analysis tool, Binwalk, has been released! This release features bug fixes and an improved signatures database. Be sure to get the new version here!
A new version of our firmware analysis tool, Binwalk, has been released! This release features bug fixes and an improved signatures database. Be sure to get the new version here!
John Matherly of SHODAN fame and Dan Tentler from Aten Labs teamed up to research the DD-WRT information disclosure vulnerability we released back in December. The results show that approximately 10% of remotely accessible DD-WRT routers were both vulnerable to the attack and could be geo-located based on the information… Continue reading
When you’re setting up a device for testing, sometimes you need to set up a DNS server. And when you do, you don’t want to be messing around with DNS configuration files. MiniDNS is a very simplistic DNS server that responds to all DNS queries with a single IPv4 address…. Continue reading
So you’ve got an embedded device that’s running Linux, you’ve tapped into the board’s serial port and you have a root shell. You’re poking around and want to run netstat/netcat/grep/whatever – but it’s not installed! And what’s worse, the device doesn’t have any utilities to perform a network file transfer…. Continue reading
Version 0.1.2 of LittleBlackBox was released last night. In addition to a new list of private SSL keys added to the database and some minor bug fixes, we’ve introduced a couple new features: Ability to update SSL key database to the latest SVN check-in. This keeps you up to date… Continue reading
I’ve always envied CSI’s amazing IP address geolocation capabilities. Not only can they get your exact physical address based solely off your IP (right down to your hotel room number!), it even works on IP addresses that don’t exist! While that level of IP address tracking is beyond the grasp… Continue reading
The D-Link WBR-1310 contains an authentication bypass vulnerability that allows remote attackers to change administrative settings without authentication. This can be used to enable remote management and change the administrative password. Note that even if remote administration is not enabled, this vulnerability can be easily exploited via CSRF. Read the… Continue reading
When examining embedded devices, it is not uncommon to find that two or more of them share common code, and even common hardware. This probably comes as no surprise, as re-using code and hardware designs helps lower production costs. What might be a little more surprising is when you find… Continue reading
No, this is not some new SSL vulnerability. In fact, it’s a really old vulnerability, as old as cryptography itself: keep your secret keys secret. A lot of embedded devices provide HTTPS support so that administrators can administer the devices securely over untrusted networks. Some devices, such as SSL VPNs,… Continue reading
We’ve just released a new version of Binwalk, our open source firmware analysis tool. This release features new firmware signatures and a huge speed increase; scan times for large firmware images went from ~12 hours to less than a minute! Download Binwalk here.