WRT120N fprintf Stack Overflow – /dev/ttyS0

With a good firmware disassembly and JTAG debug access to the WRT120N, it’s time to start examining the code for more interesting bugs. As we’ve seen previously, the WRT120N runs a Real Time Operating System. For security, the RTOS’s administrative web interface employs HTTP Basic authentication: 401 Unauthorized Most of… Continue reading

Cracking Linksys “Encryption” – /dev/ttyS0

Perusing the release notes for the latest Linksys WRT120N firmware, one of the more interesting comments reads: Firmware 1.0.07 (Build 01) – Encrypts the configuration file. Having previously reversed their firmware obfuscation and patched their code to re-enable JTAG debugging, I thought that surely I would be able to use… Continue reading

Re-enabling JTAG and Debugging the WRT120N – /dev/ttyS0

After de-obfuscating the WRT120N’s firmware, I started taking a closer look at the code, which runs the now-defunct SuperTask! RTOS. Thanks in no small part to copious debug strings littered throughout the code and some leaked Atheros datasheets, I made good progress in statically disassembling the code. The next step… Continue reading

Reversing the WRT120N’s Firmware Obfuscation – /dev/ttyS0

It was recently brought to my attention that the firmware updates for the Linksys WRT120N were employing some unknown obfuscation. I thought this sounded interesting and decided to take a look. The latest firmware update for the WRT120N didn’t give me much to work with: Binwalk firmware update analysis As… Continue reading