I released the fifth episode of the series Hardware Hacking Tutorial in the Make Me Hack YouTube channel.
This episode is about “How To Get The Root File System”.

The Hardware Hacking Tutorial series is to share information on how to do hardware hacking and how to do reverse engineering. The series is useful both for beginners and experts.

If you have downloaded the firmware file for your device from the supplier’s website or if you have dumped the EEPROM from your device and you want to extract the root file system and other information, this is the video for you!

In this episode I will talk about the available options to understand where the root file system is located in the firmware image, and the tools to use to extract it with the purpose to analyze it.

In this episode we will use 3 different types of firmware file:

• An encrypted firmware update file for a digital camera, downloaded from the supplier’s website. I will not succeed to extract the root file system, but we will learn something useful anyway.
• Another file is a firmware upgrade for an home router, downloaded from the supplier’s website; we will successfully extract the file system, with some minor issues.
• The last file is an EEPROM dump that we dumped from the sample Gemtek router in the previous episode.
• We will do everything on our Linux box using some simple tools:
  • Like the “file” command, that gives very basic information about any type of file.
  • The “strings” command, that prints embedded strings in a binary file.
  • The “hexdump” command, that prints the hex dump of a file, including the ASCII equivalent of each byte.
  • The “binwalk” software, it is able to scan a binary file searching signatures of many different file system images, of compressed data segments, of digital certificates and of many other type of information embedded on a single binary file. It is also able to show the running entropy of a file allowing us to understand if we have an encrypted or compressed segment inside the binary file.
  • The “dd” command, it is able to dissect a file, easily extracting part of it, or reassembling a file putting together different parts.

Links with additional information

• Channel’s Author
• Channel’s Web Site
• The sample router (Gemtek WVRTM-127ACN) on techinfodepot
• The sample router (Gemtek WVRTM-127ACN) reverse engineered on GitHub, includes scripts to dump the EEPROM to a text file and to convert it back to binary file
• Canon EOS M50 firmware download page
• D-Link DVA-5592 firmware
• adbtools2, tools to hack the DVA-5592 router
• buildroot-armv7, emulation environment for the DVA-5592 router
• jefferson, to exctract JFFS2 file system images
• Binwalk, a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images
• One of the longest wikipedia article
• U-Boot, The Universal Boot Loader