Binwalk v0.3.4 Released!

Version 0.3.4 of binwalk has just been released. New and improved signatures have been added to the magic file, and more importantly, an update feature has been built in that lets you update your magic file definitions to the latest SVN check in.

To update your magic signatures, just run:

# binwalk -u

New file system signatures have also been added in this release, as well as improved LZMA signatures.

Binwalk 0.3.0 Release

While the recent v0.2.1 release was a bug fix release, v0.3.0 has added some important new features:

  1. Include and exclude filters now match search terms on anything in the resulting output rather than just matching the first line description from the magic file.
  2. Signatures that are two bytes or less in length tend to produce a huge number of false positives. In v0.3.0 these signatures are disabled by default in order to prevent being overloaded with false positive matches. These signatures can be enabled using the new -a or -i options.
  3. As always, new signatures have been added to the default magic file!

Grab the latest release here.

MiniDNS: The Simplest DNS Server

When you’re setting up a device for testing, sometimes you need to set up a DNS server. And when you do, you don’t want to be messing around with DNS configuration files.

MiniDNS is a very simplistic DNS server that responds to all DNS queries with a single IPv4 address. Just provide it with the IP address you want requests to resolve to, and you’re up and running:

# minidns 1.2.3.4

Serial File Uploads With Serio

So you’ve got an embedded device that’s running Linux, you’ve tapped into the board’s serial port and you have a root shell. You’re poking around and want to run netstat/netcat/grep/whatever – but it’s not installed! And what’s worse, the device doesn’t have any utilities to perform a network file transfer. How do you get the file you want to execute from your host machine up to the embedded device?

Transferring ASCII files can be done with minicom, but that method won’t work properly for binary files. ASCII encoding a binary file usually isn’t an option since most embedded systems won’t have utilities like base64 or uuencode in order to un-encode the transferred file, and other transfer methods (Xmodem/Ymodem/Zmodem, Kermit) require a corresponding utility to already be installed on the embedded device.

If the echo command on your serial shell supports the -n and -e options (most do), serio can help. Continue reading

LittleBlackBox 0.1.2 Released!

Version 0.1.2 of LittleBlackBox was released last night. In addition to a new list of private SSL keys added to the database and some minor bug fixes, we’ve introduced a couple new features:

  • Ability to update SSL key database to the latest SVN check-in. This keeps you up to date with the newest SSL keys.
  • Support for BSD and OSX builds. The previous Makefile didn’t build without modifications on these systems.

We add new SSL keys to the database regularly, so run –update often!

Breaking SSL on Embedded Devices

No, this is not some new SSL vulnerability. In fact, it’s a really old vulnerability, as old as cryptography itself: keep your secret keys secret.

A lot of embedded devices provide HTTPS support so that administrators can administer the devices securely over untrusted networks. Some devices, such as SSL VPNs, center their entire functionality around SSL encryption. OK, well SSL isn’t perfect, but it’s still the de facto standard for Web-based encryption. So far, so good.

Here’s where it gets fun: many of these devices use hard-coded SSL keys that are baked into the firmware. That means that if Alice and Bob are both using the same router with the same firmware version, then both of their routers have the same SSL keys. All Eve needs to do in order to decrypt their traffic is to download the firmware from the vendor’s Web site and extract the SSL private key from the firmware image.

Continue reading

Binwalk 0.2 Released!

We’ve just released a new version of Binwalk, our open source firmware analysis tool. This release features new firmware signatures and a huge speed increase; scan times for large firmware images went from ~12 hours to less than a minute!

Download Binwalk here.