The Hardware Hacking Tutorial series is to share information on how to do hardware hacking and how to do reverse engineering. The series is useful both for beginners and experts.
If you have successfully extracted the root file system from the firmware file of your device, and if you want to understand what your device does after booting, and if there is an easy way to log in as root, this is the video for you!
We will talk about analyzing startup scripts of an IoT device to understand what the device does, if there is any possibility to login as root and to identify some interesting binary executables to reverse engineer to hack the device.
This is the sixth episode of the series “Hardware Hacking Tutorial” in this complete series we will talk about the hacking process based on:
- Information Gathering from our device.
- Building an emulation environment where to run interesting binaries.
- Discovering how the device works.
- And then hack the device and modify its firmware.
This episode is about analyzing the startup scripts of our device, this is the first step in discovering how the device works, and it is a preliminary step to do, before building an emulation environment.
We assume that our device has a Linux or Unix like operating system, this is true for the overwhelming majority of devices; when some examples are needed we will analyze the startup scripts of our sample Gemtek Router, link in the description below. We will start from the beginning that means from the boot of the operating system:
- we will look at what type of “init” process we have;
- we will analyze the init configuration file and related startup scripts;
- we will identify the most interesting binaries that manage our device;
- we will identify the login process;
- we will look if there is the possibility to access the device as root;
- we will use common Linux commands to do this analysis:
- like a text editor;
- the “grep” command, to search inside a file or multiple files;
- the “find” command, to list files that interest us;
- the “xargs” command, often piped after the output of the find command and coupled to the grep command;
- the “strings” command, to display strings embedded in binary or executable files.
Links with additional Information
- Channel’s Author
- Channel’s Web Site
- The sample router (Gemtek WVRTM-127ACN) on techinfodepot
- The sample router (Gemtek WVRTM-127ACN) reverse engineered on GitHub, includes scripts to dump the EEPROM to a text file and to convert it back to binary file
- Hashcat, Advanced Password Recovery
- How to find and connect to the UART interface