Exploiting Embedded Systems – Part 3 – /dev/ttyS0

In part 2 of this series we found a SQL injection vulnerability using static analysis. However, it is often advantageous to debug a target application, a capability that we’ll need when working with more complex exploits later on. In this segment we won’t be discovering any new vulnerabilities, but instead… Continue reading

Exploiting Embedded Systems – Part 2 – /dev/ttyS0

In part 1 we used the TEW-654TR’s TFTP service to retrieve the administrative credentials to our target system. But what if we didn’t have access to the TFTP service? Many embedded devices don’t have a TFTP service, or there may be a firewall between us and the target that blocks… Continue reading

Adding Hyperlinks to IDA HTML Files With IDAnchor – /dev/ttyS0

IDA can export disassembled data in a variety of formats, including HTML. However, the HTML output is difficult to navigate as there are no hyperlinks connecting any of the code cross references. This is a bit frustrating, so I wrote IDAnchor. IDAnchor will take an HTML file generated by IDA… Continue reading

Modifying The DD-WRT GUI – /dev/ttyS0

Although released under the GPL, DD-WRT is notoriously difficult to build from source. If you want to customize your DD-WRT installation, it is usually easier to extract files from the firmware image, change what you need, and then re-construct the image. One exception here is the Web GUI. The DD-WRT… Continue reading

Firmware-Mod-Kit Updated, v0.69 Released – /dev/ttyS0

For the past month I’ve been working with Jeremy Collake on updating the firmware-mod-kit. This has resulted in lots of bug fixes and the creation of two new scripts for deconstructing and re-building firmware images: extract-ng.sh build-ng.sh The NG scripts have been designed as more flexible and generic replacements for… Continue reading