2021-09-18 01:40:51 +02:00
|
|
|
# Reversing Firmware
|
|
|
|
|
|
|
|
|
|
## Tools
|
|
|
|
|
* binwalk
|
|
|
|
|
* unlzma
|
|
|
|
|
* tar
|
|
|
|
|
* [fat](https://github.com/attify/firmware-analysis-toolkit.git)
|
|
|
|
|
* Create usable environment and start firmware inside it
|
|
|
|
|
```sh
|
|
|
|
|
./fat.py <firmware>
|
|
|
|
|
```
|
2021-11-04 17:19:58 +01:00
|
|
|
* [Jefferson](https://github.com/sviehb/jefferson) or AUR package `jefferson-git`
|
|
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
* Check image via `strings`
|
|
|
|
|
* Check CRC via `cksum -a crc <image>`
|
|
|
|
|
* Use `binwalk` to extract. There are to methods
|
|
|
|
|
* `-e` extract by offset
|
|
|
|
|
* `--dd=".*"` by file extension
|
|
|
|
|
|
|
|
|
|
### Mount JFFS2 File
|
|
|
|
|
* Use kernel where `CONFIG_MTD_RAM` is set. Using Arch this is any kernel before `5.10`
|
|
|
|
|
```sh
|
|
|
|
|
rm -rf /dev/mtdblock0
|
|
|
|
|
mknod /dev/mtdblock0 b 31 0
|
|
|
|
|
mkdir /mnt/jffs2
|
|
|
|
|
modprobe jffs2
|
|
|
|
|
modprobe mtdram
|
|
|
|
|
modprobe mtdblock
|
|
|
|
|
dd if=<jffs2File> of=/dev/mtdblock0
|
|
|
|
|
mount -t jffs2 /dev/mtdblock0 /mnt/jffs2/
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Tips & Tricks
|
|
|
|
|
* Watch out for `HNAP` and `JNAP` as [an attack vector](https://routersecurity.org/hnap.php)
|
