IoT security fundamentals: Reverse-engineering firmware

Firmware is any software installed on the IoT device. The user interacts with the device using this interface and communicates with the hardware.

In this article, we will be learning how to reverse-engineer firmware for finding and exploiting vulnerabilities present in it. For a practical demo, we will be extracting the hardcoded Telnet credentials present in the DLink firmware.

For sake of understanding, the post has been divided in two parts: firmware extraction and vulnerability exploitation.

Part 1: Firmware extraction 

This involves extracting the firmware or having access to the firmware files. (Extraction of firmware files from the device is out of scope, thus not covered.) Firmware files can be easily obtained by visiting the vendor’s website and downloading from there. 

Once the firmware file is with us, we can find and exploit present vulnerabilities in two ways.

1) Static Analysis: By reversing a firmware (bin/img) file. We will be covering this in this post.

2) Dynamic Analysis: By emulating a firmware

Let’s begin with static analysis.

Static analysis

Static analysis is the process of reversing a firmware and searching for vulnerabilities present in it. It can be done either using some tool or going through each and every

Read More: