[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Broken, Abandoned, and Forgotten Code, Part 5

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Broken, Abandoned, and Forgotten Code, Part 5
From: Zach C <uid000@xxxxxxxxx>
Date: Thu, 21 May 2015 13:01:23 -0700

Part 5 is up. In this and the next several parts we start analyzing
the structure of Netgear R6200 firmware updates. We switch over to the
HTTP daemon because it's less broken and a little easier to analyze
than upnpd.

The overall goal is to reverse engineer the firmware format so we can
generate a malicious firmware image to use when exploiting the
SetFirmware SOAP action described in parts 1-4.

Binary patching, emulating with QEMU, and debugging with IDA Pro are
recommended for the next several installments. Here is some
recommended reading to help get that set up:
- Remote Debugging with QEMU and IDA Pro
http://shadow-file.blogspot.com/2015/01/dynamically-analyzing-wifi-routers-upnp.html
- Patching, Emulating, and Debugging a Netgear Embedded Web Server
http://shadow-file.blogspot.com/2015/01/patching-emulating-and-debugging.html

If you missed my post to Full Disclosure where I introduced the
series, here's that:
http://seclists.org/fulldisclosure/2015/May/44

As always I welcome feedback via email or Twitter. I'm @zcutlip.

I hope you enjoy it.

Cheers!
Zach

-- 
:wq!

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] call for paper(information retrieval, privacy)
Next by Date: [FD] Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities
Previous by thread: [FD] call for paper(information retrieval, privacy)
Next by thread: [FD] Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities
Index(es):
- Date
- Thread