# Reversing Firmware

## Tools
* binwalk
* unlzma
* tar
* [fat](https://github.com/attify/firmware-analysis-toolkit.git)
    * Create usable environment and start firmware inside it
    ```sh
    ./fat.py <firmware>
    ```
* [Jefferson](https://github.com/sviehb/jefferson) or AUR package `jefferson-git`

## Usage
* Check image via `strings`
* Check CRC via `cksum -a crc <image>`
* Use `binwalk` to extract. There are to methods
    * `-e` extract by offset
    * `--dd=".*"` by file extension

### Mount JFFS2 File
* Use kernel where `CONFIG_MTD_RAM` is set. Using Arch this is any kernel before `5.10`
```sh
rm -rf /dev/mtdblock0
mknod /dev/mtdblock0 b 31 0
mkdir /mnt/jffs2
modprobe jffs2
modprobe mtdram
modprobe mtdblock
dd if=<jffs2File> of=/dev/mtdblock0
mount -t jffs2 /dev/mtdblock0 /mnt/jffs2/
```

## Tips & Tricks
* Watch out for `HNAP` and `JNAP` as [an attack vector](https://routersecurity.org/hnap.php)