I won’t be at Defcon this year in body, but I’ll be there in spirit! I got to design the hardware used in @tb69rr’s and @bjt2n3904‘s Defcon talk, Blinded By The Light. A walk through of the hardware design is given in the video below; if you’re interested in how… Continue reading
Binwalk v2.1.1 has been released! If you’re still running v2.0.1, upgrading is highly recommended!
When reversing embedded code, it is often the case that completely different devices are built around a common code base, either due to code re-use by the vendor, or through the use of third-party software; this is especially true of devices running the same Real Time Operating System. For example,… Continue reading
SquashFS is an incredibly popular file system for embedded Linux devices. Unfortunately, it is also notorious for being hacked up by vendors, causing the standard SquashFS tools (i.e., unsquashfs) to fail when extracting these file systems. While projects like the Firmware-Mod-Kit (FMK) have amassed many unsquashfs utilities to work with… Continue reading
Binwalk v2.0.0 has (finally) been released. Grab it from the github page!
For various reasons, I’ve decided to move binwalk away from GoogleCode. Its new home is now at binwalk.org, and the code repository is now hosted on GitHub. That is all.
I’ve previously written some examples of how to exploit MIPS stack overflows using ROP techniques. The problem is that finding suitable MIPS ROP gadgets manually can be quite tedious, so I have added a new IDA plugin – mipsrop.py – to my github repository. This plugin searches the code segment(s)… Continue reading
Binwalk 1.2.2 has just been released which introduces some useful new features: Binary diffing of an arbitrary number of files Heuristic compression/encryption analysis Identification of zlib compression streams (implemented via a plugin) Here are three thousand words to demonstrate these new features: Diffing two firmware headers Heuristic analysis of firmware… Continue reading
I’ve posted a few of my IDA plugins on github. Though simple, I’ve found their functionality quite useful when reversing firmware and RISC architectures: Defining ASCII strings not defined during IDA’s auto analysis Defining undefined bytes in the data segment as DWORDs (allowing IDA to resolve function/jump table pointers, etc)… Continue reading
A common need that I have when reversing code is to find all possible code paths between two functions. Say for example that I’m looking for calls to dangerous functions, like sprintf, and I want to find all possible code paths that lead from my current function to sprintf. Manually… Continue reading