IoT security fundamentals: Reverse-engineering firmware

Firmware is any installed on the device. The user interacts with the device using this interface and communicates with the hardware.

In this article, we will be learning how to reverse-engineer firmware for finding and exploiting present in it. For a practical demo, we will be extracting the hardcoded Telnet credentials present in the DLink firmware.

For sake of understanding, the post has been divided in two parts: firmware extraction and exploitation.

Part 1: Firmware extraction 

This involves extracting the firmware or having access to the firmware files. (Extraction of firmware files from the device is out of scope, thus not covered.) Firmware files can be easily obtained by visiting the vendor’s website and downloading from there. 

Once the firmware file is with us, we can find and present vulnerabilities in two ways.

1) Static : By reversing a firmware (bin/img) file. We will be covering this in this post.

2) Dynamic Analysis: By emulating a firmware

Let’s begin with static analysis.

Static analysis

Static analysis is the process of reversing a firmware and searching for vulnerabilities present in it. It can be done either using some tool or going through each and every

Read More: