[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Broken, Abandoned, and Forgotten Code, Part 6
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] Broken, Abandoned, and Forgotten Code, Part 6
- From: Zach C <uid000@xxxxxxxxx>
- Date: Thu, 28 May 2015 10:31:31 -0500
Part 6 is live! We continue reversing the undocumented Netgear
firmware header by debugging the embedded HTTP server. We identify two
more fields, including an unknown checksum. A disassembly-to-python
reimplementation of the checksum algorithm is provided in this week's
update to the example code.
Here's a link:
http://shadow-file.blogspot.com/2015/05/abandoned-part-06.html
I forgot to include the link to part 5 in last week's message (whoops!):
http://shadow-file.blogspot.com/2015/05/abandoned-part-05.html
The goal remains to reverse engineer the firmware format so we can
generate a malicious firmware image to use when exploiting the
SetFirmware SOAP action described in parts 1-4.
If you missed my post to Full Disclosure where I introduced the
series, here's that:
http://seclists.org/fulldisclosure/2015/May/44
As always I welcome feedback via email or Twitter. I'm @zcutlip.
I hope you enjoy it!
Cheers,
Zach
--
:wq!
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/