Firmware Reverse Engineering
Download as PPTX, PDF0 likes432 views
The presentation provides an overview of firmware reverse engineering, emphasizing its educational purpose and the legal implications of reverse engineering copyrighted material. It explains the difference between bare-metal and full firmware, outlines common steps in the reverse engineering process, and lists tools used for information gathering, extraction, and analysis. The session focuses on full firmware, detailing elements such as bootloaders, kernels, and applications involved in the reverse engineering ecosystem.
Firmware Reverse Engineering
- 2. Hi! I am Satria Ady Pradana Community Leader of Reversing.ID xathrya @xathrya Reversing.ID Revealing the Truth through Breaking Things https://xathrya.id
- 3. Disclaimer This presentation is intended for educational purposes only. Reverse engineering of copyrighted material is illegal an might cause you a direct or indirect consequence. We have no responsibility of anything you do after learning this.
- 4. What is Firmware? Software that provides low-level control for the device’s specific hardware. Single or collection of specialized software Mostly embedded on hardware, stored on specific region (ex: ROM), and executed on closed environment (only on that hardware).
- 5. What do you think of Reverse Engineering?
- 6. Explaining Reversing Originally used in the context of mechanical engineering Breaks down an existing object or system to its construction and then rebuild it based on new demand. Extracting knowledge or design information from anything man- made and reproducing it or reproduce anything based on the extracted information.
- 7. Reversing = Solving Puzzles
- 9. Type of Firmware Bare-metal firmware A single program, single layer. No operating system. Direct access and full control of low-level hardware. Primitive operations (ex: spin the disk for X degree clockwise). Typically used for specific hardware, such as hard disk, motherboard, etc. Full firmware One or more application, multiple layer. Include an embedded operating system (ex: linux) Higher level of operations (ex: handle routing protocol) Typically used for appliance, such as router, IoT hardware, etc.
- 10. This session will be limited to Full Firmware. Reversing bare-metal firmware will require more knowledge about hardware.
- 11. Ecosystem of Firmware (Development) Toolchain (compiler) Kernel File System Application Bootloader Full Firmware is bundle of bootloader, kernel, file system, and application.
- 12. Common Reversing Steps Information gathering Acquire the firmware Extract Analysis & Modification Repackage
- 13. Common Tools File Format Identifier (and Parser) Binwalk, file Extractor Squashfs-tools Disassembler IDA, Radare2 Emulator Cross toolchain Packager
- 14. 1. Information Gathering What to search? File format Architecture Hardware feature Some information source Datasheet FCC specification
- 15. Common Architecture x86 / x86_64 ARM MIPS Different processor architecture leads to different machine code and thus different tools.
- 16. 2. Firmware Acquisition Dump from hardware Sniff the firmware-update mechanism Download the firmware Remember to analyze the firmware
- 17. 3. Firmware Extraction Extraction means unpack the firmware and get all the contents of firmware. Remember that full firmware consists of many components! Different format / structure has different strategy. Need to preserve the content, no loss and no noise.
- 18. 4. Analysis & Modification Search for this and that Backdoor from manufacturer. Vulnerability? Patch here and there Create backdoor Hidden operation Nullify some features
- 19. 5. Repackage Put the content back to a package Different structure has different tools.
- 20. DEMO !!!