Inscrivez-vous maintenant pour un meilleur devis personnalisé!

Hack, Whack, Chop that...firmware...

Oct, 04, 2013 Hi-network.com

I had a customer at Interop NYC yesterday ask me if I still hack stuff? Still?!?! Of course!! It's something that's just in your blood daddy-o! I just like to hack stuff. It doesn't matter really what it is, I just enjoy the challenge of figuring out how stuff works and how to bypass certain controls. I am not trying to be a whank about it and post how to steal a case of Sundrop from a Dixie-Narco vending machine, I just want to know from an engineering stand point. When I see electronic firmware based stuff work I always wonder; "How did they code that one up?"

 That's all it takes to get me started. Now my wife is not a fan of guns but if I started purchasing all the stuff I hack around here weekly, my guess is that she would change her mind real quick... So I need another method...a more...low cost method of hacking a device without ever purchasing the device. Firmware baby!!! Matter of fact, it is very rare for me to get actual gear. I just go for the low hangin' fruit! Firmware! say with me...What do we want! Firmware!! f.i.r.m.w.a.r.e!!

 Many vendors out there today offer up firmware freely without authentication or with only a email address so they can gather marketing data. I just use a 10 minute emailer like Mailinator or I give them Robb's email and then I start downloading firmware. The firmware can be like the wardroom door to Narina if you look deeply into it.

 Here's the thing. Many vendors out there today do not have firmware developers in house. They have a marketing plan, money, call centers , etc...but code jockeys are something that is normally outsourced. These code houses do not just buzz the code for one vendor but for 50 or more. Now to keep this code straight from vendor to vendor many code houses place comments in their firmware.

 These can be comments about debug interfaces, HARD CODED ACCOUNTS!!!! Private keys, hidden commands and yes even backdoor passwords. (I just found two days ago in a vendor device) Basically, low rent firmware hacking is really a piece of cake to understand.Plus it can really yield huge...benefits. Remember Stuxnet? Oh Yeah...  Most firmware out there today is unsigned and unencrypted which means I can read it in a simple hex editor. But before your go download firmware and opening it up in your favorite hex editor, here are a few pointers to get ya started:

 Tip 00

tag-icon Tags chauds:

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.