In this article, we will be learning how to reverse-engineer firmware for finding and exploiting vulnerabilities present in it. For a practical demo, we will be extracting the hardcoded Telnet credentials present in the DLink firmware.
For sake of understanding, the post has been divided in two parts: firmware extraction and vulnerability exploitation.
Part 1: Firmware extraction
This involves extracting the firmware or having access to the firmware files. (Extraction of firmware files from the device is out of scope, thus not covered.) Firmware files can be easily obtained by visiting the vendor’s website and downloading from there.
Once the firmware file is with us, we can find and exploit present vulnerabilities in two ways.
1) Static analysis: By reversing a firmware (bin/img) file. We will be covering this in this post.
2) Dynamic Analysis: By emulating a firmware
Let’s begin with static analysis.
Static analysis is the process of reversing a firmware and searching for vulnerabilities present in it. It can be done either using some tool or going through each and every