After de-obfuscating the WRT120N’s firmware, I started taking a closer look at the code, which runs the now-defunct SuperTask! RTOS. Thanks in no small part to copious debug strings littered throughout the code and some leaked Atheros datasheets, I made good progress in statically disassembling the code. The next step… Continue reading
It was recently brought to my attention that the firmware updates for the Linksys WRT120N were employing some unknown obfuscation. I thought this sounded interesting and decided to take a look. The latest firmware update for the WRT120N didn’t give me much to work with: Binwalk firmware update analysis As… Continue reading
Lest anyone think that D-Link is the only vendor who puts backdoors in their products, here’s one that can be exploited with a single UDP packet, courtesy of Tenda. After extracting the latest firmware for Tenda’s W302R wireless router, I started looking at /bin/httpd, which turned out to be the… Continue reading
All right. It’s Saturday night, I have no date, a two-liter bottle of Shasta and my all-Rush mix-tape…let’s hack. On a whim I downloaded firmware v1.13 for the DIR-100 revA. Binwalk quickly found and extracted a SquashFS file system, and soon I had the firmware’s web server (/bin/webs) loaded into… Continue reading
When working with binary blobs such as firmware images, you’ll eventually encounter unknown data. Particularly with regards to firmware, unknown data is usually either compressed or encrypted. Analysis of these two types of data is typically approached in very different manners, so it is useful to be able to distinguish… Continue reading
Given the name of this blog and the number of requests that I’ve had, I think it’s high time we discussed serial ports; specifically, serial ports in embedded systems. My goal here is to describe the techniques that I’ve found effective in identifying and reverse engineering embedded serial ports through… Continue reading
Today we’ll be jailbreaking the Netgear NTV300 set top box…with a TV remote. The Netgear NeoTV 300 Negear’s NeoTV set top boxes are designed to compete with the popular Roku, and can stream video from all the usual sources (Netflix, HuluPlus, Youtube, etc). The NTV300 is one of the least… Continue reading
Although D-Link’s CAPTCHA login feature has a history of implementation flaws and has been proven to not protect against the threat it was intended to thwart, they continue to keep this feature in their products. Today we’ll be looking at the CAPTCHA implementation in the D-Link DIR-605L, which is a… Continue reading
If you’re going to be in Vegas for BlackHat/Defcon, be sure to check out Zach’s talk. WNDR3700 Amazon Review
Today we’re going to take a look at an interesting little device, the Linksys WMB54G wireless music bridge. WMB54G This is a pretty specialized device, so it’s likely a fairly minimalistic system. Even the administrative interface is small and simple: WMB54G Administrative Interface The Linksys support page doesn’t have any… Continue reading