Cracking WPA in 10 Hours or Less – /dev/ttyS0

The WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours. This is something that I’ve been testing and using for a while now, but Stefan over… Continue reading

Qemu vs sstrip – /dev/ttyS0

Qemu usually does a great job emulating embedded Linux applications, but as with anything you will occasionally run into bugs. While attempting to debug an embedded application in Qemu the other day, I ran into the following error: eve@eve:~/firmware$ sudo chroot . ./qemu-mips bin/ls bin/ls: Invalid ELF image for this… Continue reading

Speaking SPI & I2C With The FT-2232 – /dev/ttyS0

For a while now I’ve been looking for an easy way to interface with external SPI and I2C devices over USB in a manner that can be easily integrated into future projects as well as used in a simple stand-alone system. Although there are many existing SPI/I2C interface solutions, most… Continue reading

Adding Hyperlinks to IDA HTML Files With IDAnchor – /dev/ttyS0

IDA can export disassembled data in a variety of formats, including HTML. However, the HTML output is difficult to navigate as there are no hyperlinks connecting any of the code cross references. This is a bit frustrating, so I wrote IDAnchor. IDAnchor will take an HTML file generated by IDA… Continue reading

Modifying The DD-WRT GUI – /dev/ttyS0

Although released under the GPL, DD-WRT is notoriously difficult to build from source. If you want to customize your DD-WRT installation, it is usually easier to extract files from the firmware image, change what you need, and then re-construct the image. One exception here is the Web GUI. The DD-WRT… Continue reading

Firmware-Mod-Kit Updated, v0.69 Released – /dev/ttyS0

For the past month I’ve been working with Jeremy Collake on updating the firmware-mod-kit. This has resulted in lots of bug fixes and the creation of two new scripts for deconstructing and re-building firmware images: extract-ng.sh build-ng.sh The NG scripts have been designed as more flexible and generic replacements for… Continue reading

Binwalk 0.3.8 Release – /dev/ttyS0

Binwalk 0.3.8 has just been released. In addition to bug fixes, signature updates and speed improvements, binwalk can now also identify raw executable code for various different architectures using the -A option: $ binwalk -A soho.bin DECIMAL HEX DESCRIPTION ————————————————————- 132 0x84 MIPSEL function epilogue 144 0x90 MIPSEL function epilogue… Continue reading

Binwalk v0.3.6 Release – /dev/ttyS0

Binwalk v0.3.6 has just been released and includes improved signatures and user requested feature additions: Improved (again!) LZMA matching and false positive identification Ability to specify multiple target files on the command line By default all gzip and lzma signatures are enabled, and all matches marked as invalid are excluded… Continue reading