Embed Size (px)
Citation preview
Introduction to IOT and Firmware Reversing
WhoAmI• Security Consultant with Payatu Technologies
• Experience in Web Pentesting, VAPT and Mobile Appsec (Android Only) and currently learning IOT.
• Twitter Handle – nitmalviya03
• Blog - https://nitmalviya03.wordpress.com/
Topics to be covered• Introduction to IOT• IOT Applications• Protocols in IOT system• Components Involved• IOT security• Firmware Extraction and Reversing• Topics for future session• Automated Framework
What is IoT ??• The internet of things (IoT) is the network of physical devices,
vehicles, buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data(Wikipedia)
• Internet of things increases the connectedness of people and things on a scale that once was unimaginable.
Devices like…• Networking devices(routers, firewalls, IDS) • Set-top boxes• Medical devices(Health monitors)• Mobile phones. • Home security systems • Vehicles, in-flight entertainment. • Thermostats, metering systems, consumer electronics Displays
Various Names, One Concept• M2M (Machine to Machine)
• “Internet of Everything” (Cisco Systems)
• “World Size Web” (Bruce Schneier)
• “Skynet” (Terminator movie)
Education – Partnership – Solutions
Information SecurityOffice of Budget and Finance
Where is IoT? Education – Partnership – Solutions
Information SecurityOffice of Budget and Finance
It’s everywhere!
Education – Partnership – Solutions
Information SecurityOffice of Budget and Finance
The IoT Protocols• Various protocols used are –
HTTP WebSocket XMPP – Extensible Messaging and Presence Protocol CoAP – Constrained Application Protocol MQTT - Message Queue Telemetry Transport AMQP – Advanced Message Queuing Protocol
Why be concerned about IoT?
• It’s just another computer, right?
• All of the same issues we have with
access control, vulnerability
management, patching, monitoring, etc.
• Imagine your network with 1,000,000
more devices
• Any compromised device is a foothold on
the network
Attacking IoT Devices• Default, weak, and hardcoded credentials• Difficult to update firmware and OS• Lack of vendor support for repairing vulnerabilities• Vulnerable web interfaces (SQL injection, XSS)• Coding errors (buffer overflow)• Clear text protocols and unnecessary open ports• DoS / DDoS• Physical theft and tampering
Education – Partnership – Solutions
What we going to discuss
Firmware Reversing
What is Firmware• Ascher Opler coined the term "firmware" in 1967.
• Firmware is data that is stored on a computer or other hardware device's read-only memory that provides instruction on how that device should operate.
• Unlike normal software, firmware cannot be changed or deleted by an without the aid of special programs and remains on that device whether or not it's on or off.
Firmware Extraction• Firmware Extraction - Process of extracting firmware from the embedded device
• Method – Embedded Device Firmware Extraction via hardware Interfaces Hex File Conversion to Bin File Bin File Extraction
NOTE - We will be learning bin file extraction and not hardware extraction part.
Tools of the trade• Binwalk (will be using this)• Firmwalk• Firmware Modification Kit• Firmdyne• ERESI Framework• FRAK – Firmware Reverse Analysis Konsole
What to do ?• Get the firmware• Reconnaisannce• Unpack• Localize point of interest• Pentest
Any vulnerable bin file for analysis/pentest ??
• DVRF - Damn Vulnerable Router Firmware
• Get it here - https://github.com/praetorian-inc/DVRF
• For our demo will use dlink firmware -DIR412A1_FW114WWb02.bin
• Link - http://www.filewatcher.com/m/DIR412A1_FW114WWb02.bin.3534983-0.html
DEMO TIME
Any website for automated binary analysis ??
• Upload your binary file here - http://firmware.re/
• Many times it does not work. Thus, not much reliable.
What needs to be covered/learn….• QEMU – Emulator for running binaries based on MIPS/ARM
architecture.
• Reversing binaries using IDA pro (Useful in login bypass and key extraction)
• IOT components and its functionalities in depth.
• IOT protocols
• OWASP IOT TOP 10
• Various file systems used in IOT devices.
• Firmware extraction using Hardware Interfaces (UART,JTAG,I2C etc)
• Firmware Reversing tools apart from binwalk.
• Common Processor Architectures
• Types of memory in embedded devices.
• Types of storage.
• Common Operating systems used in embedded devices.
• Various Bootloaders.
• Common libraries....
And last but not the least ……a final and small demo on….
Is there any automated Framework??• Like metasploit we have routersploit
• Get it here - https://github.com/reverse-shell/routersploit
• Just run rsf.py and enjoy!!!
• A very Small Demo
Thank You
References
• http://www.devttys0.com/
• https://www.coursera.org/
• http://resources.infosecinstitute.com/
