It has been a while since I did some hardware hacking and this time I want to review the basics. The LinkSys EA6100 router intrigued me due to the fact that I was only able to find encrypted firmware images (or updates). Known tools like binwalk were unable to unpack…
Welcome back to part 2.2 of this series! If you have not yet checked out part 1 or part 2.1 please do so first as they highlight important reconnaissance steps as well as the first half of the disassembly analysis! Let's recall the current functionality we've encountered based…
Note: This is a re-upload of an old write-up. This is another write-up from an interesting little challenge. The original forum post about it can be found here. To get your hands on the challenge I've prepared the base64 text representation of it once again below so you can try…
Note: Re-Upload It has been a longer time since I tackled the exploit mitigations on Linux. Nevertheless I felt like I should at least cover control flow graphs and control flow integrity as well to move on to new topics. This research article will be a bit on the theoretical…
Note: Re-write/Re-upload due to dead links This write up are my thoughts and steps to statically analyze a given unknown binary. I want to understand the binary to a point where I can freely write about it. So here it is. I'm always open for you pointing out mistakes…
Note: Re-upload due to dead links :) Yo! Life kept me more than busy, but now I've got a little more time on my hands. I decided to do a write up on the following binary, because it taught me some new things, compared to the easy reversemes I did before.…
Welcome back to part 2 of this series! If you have not checked out part 1 yet please do so first as it highlights important reconnaissance steps! So let us dive right into the IDA adventure to get a better look at how imgdecrypt operates to secure firmware integrity of…
Recently we came across some firmware samples from D-Link routers that we were unable to unpack properly. Luckily we got our hands on an older, cheaper but similar device (DIR882) that we were able to analyze more closely. The goal is to find a way to mitigate the firmware encryption…