Dumping (Previously Encrypted) Firmware From Devices

bm
bashis mcw
Aug 03, 2023

Nowadays most firmware is encrypted for distribution, but are they really encrypted on the device?

The simple answer is no!

***** ****, **** * ****** ** root * ******, * ** ****** dumping *** ************ *** ****** **** **, ******* *** ***, ******, ** in *** ***** **** ***** *******.

**** ** ** *******, **** * rooted ** ******, ********** *** *** and ******* *** ******** ** ***** 'dd' ** **** ****** ****** **** /dev/mtdblock*.

IPVM Image

**** **** *** ******, ** ** easy ******* ***** ****** ***** *******, ** ** **** ** ** by ****** *********** ******** **** *************.

* ******* *** *** ******* ****** "-keM" ***:

********?

(3)
RS
Robert Shih
Aug 03, 2023
Independent

********! ****! ******** ********* **** ***** pants **** *****!

Avatar
Guy Raphael
Aug 04, 2023

****'* ****, *** *** ** *** root * ******? *** *** **** about *** ****** ******* *** *** using?

bm
bashis mcw
Aug 04, 2023
In reply to Guy Raphael

****** ******* ********* */ ******() ** RCE, *** ** ****** *******.

********* ** *** *** *** ** using "****=/***/**" ******** ** *** ****** cmd ****, **** ***** *** ******* out */ *******.

(1)
Avatar
Guy Raphael
Aug 04, 2023
In reply to bashis mcw

****'* ***********, *** *** ********* ****? let's *** *** ****** ****** *** some *** **** ** ***** ******() so *** *** ****** ** **, but *** ** *** ******** **** it ** ***** ****? ** *** SSH/serial **** *******? ** ***, **** creds *** *** ***** ** ***** (the **** **** ****)? ** *** "unsafeness" ** *** ***** ***** ** all *** *** ** *** ******'* web ******?

bm
bashis mcw
Aug 04, 2023
In reply to Guy Raphael

$(******) ** ** ******** *** ********.

** *** ****** *******, *** **** there ** * ******* *********. **** playing **** ***** ****** *** ******* a *****.

Avatar
Guy Raphael
Aug 04, 2023
In reply to bashis mcw

*** **** ** ** ***** *** insert ** *** *** ****** ** the ******? **** ********* ** ** the ******* **** ***** ** *** config ******* ** *** ******'* ***?

bm
bashis mcw
Aug 04, 2023
In reply to Guy Raphael

*** ****'* *** ***** ********* ********* inputs, ********* ******* * ***** ****.

****** ** *** ***** ***** ****** directly, **** *** **** **.*% ** the ****.

Avatar
Guy Raphael
Aug 04, 2023
In reply to bashis mcw

**, ** ******* ** ** *'* wrong, *** ******* ** ***** ******* the *****, **** ***** **** ***** checks ** *** ******** ********** *****, you *** ******* *** ****** ******** to *** **** ** *** ******* (and ***** **** ** **** **** them *** *** ******* ****** ** masse). *** ***** *** ****** *** input ******* **** **** *** *******. If ****'* *** ****, * ***** being **** ** *** ****/*** ******* the ******* ** **** ** *** own, ******** **** ****** **** *** fact ***** ********** ** *** ********* at **** *** *** *** ** it. **** *** **** **** **'* game **** ****** **** ** *** filesystem ** *********. *** *** ***** more ******* ** *** ****** ******? is **** * *** ***?

bm
bashis mcw
Aug 04, 2023
In reply to Guy Raphael

*******

*** *** ***** **** ******* ** the ****** ******?

**** *** **** ****,*** ** "*****": ****** * ***** IP ****** ** ******* **********, * ******* ** *** **** camera ****** ** ******** *** * was ****** ********** ** *** *** communication.

** **** * *** ***?

****

Avatar
Guy Raphael
Aug 04, 2023
In reply to bashis mcw

** ******, *** * **********, **** was **** ** *** *-**** ***-****** camera. * ******* *** ***** * zeroday ** ****/*** * "***** ********** camera" (****, ******* ***) ******* *** network *** *** ** ***** ** is *** *** **** ***

** *********** ** **** ******** *** brand ******* **** ***'* ******* *** entire ********** ** ****. **** *** ever ***** ** ********* ***** *** emmc/nand/whatever ******* **** *** ** *** brand *******? ********* ******* ** **** -******** ******* ***: *********** *** ******* eMMC *****-**-**** *****. *** ** ******** ****-**\** memory ***** | **-**** ******* ****- ** ********* ******** *** ******* unit **** *** ****** *** **** mounting ** ** ********** ** **** computer. ********?

bm
bashis mcw
Aug 05, 2023
In reply to Guy Raphael

***** *** **** **** **** ** it *** *-***, *** **** ***** is *******, **** ************* ** ******** are *********, ** ** ********* ** the ****** ****** ********.

******* *** ***** **** **** ** one ** *** **** ********* ******* IMO.

Avatar
Guy Raphael
Aug 05, 2023
In reply to bashis mcw

***** ** *********** ** *** ** out, * ***** **** *** **** access ** *** **** ****** *** everything ******, ** **** ****** ** easier **** ** **** ****** ******* for **********

bm
bashis mcw
Aug 05, 2023
In reply to Guy Raphael

*** *** ********** ******** ******** **** ******* ****** ********, ***** ** *********** to *** **** *** *** *** from **** ********** ********.

* *** ***** *** ****** **** you ** *** *** **********, *** you **** *** ******* **** **** here. **** ** ** ***** *****@****.***,*** *'** ***** *** ** *** location *** *** ********.

(1)
Avatar
Guy Raphael
Aug 06, 2023
In reply to bashis mcw

***** *** ** -**** ******** ******

**** *********** ****** ***** -

**** ******** ******

**** ******** ******

**** ******** ******

(2)
bm
bashis mcw
Aug 07, 2023
In reply to Guy Raphael

*********** *******, **** *** **** ******** to *** ** ******* ********* ****-********** inputs, *** ******()/*****()/******()/******().. ***?

* ****, **** *** **** ***** functions *** ** *** ** *****'* mean ** ** ******** * ******** issue ** *******. ****, ** ***** is ****-********** *****, ***** *** ** a ********* ******** *** **********, ****** can **** **** ***** *****.

*** ********, **** **** *** ******() to ******* "***** /***/*********" *** ***** no ****** ******** *****.

IPVM Image

(1)
Avatar
Guy Raphael
Aug 08, 2023
In reply to bashis mcw

***** *** **** ******.

** *******, *** ***** ******* ** "threat ********" ** *** ** ********. If *** *** ** ** ********* and ******** *** ********* *** **** genuine **** *****, ******* & ****** surface ** **** ************* ***** ** some ****, **'* ***** * *** of $$$.

** ******** **** ***** ******** *** big *****, **** ******* ****** **** teams ** ****** **** ***** **** time *** ** **** ****** ********. Especially ******* *** "******** *****" ********, and *** ****** **** ********** ***** that ********** ** ******** *** **** on **** ****** *****, ************* *** literally ******* **** ********* ** ****** in ******* ********** ****** **** ********* vendors, *** ***** **** ***** ****** to ********** **** ** * **** risk **** **** ****** ********** *** what ***'*.

** *** **** * *** ** really ***** **** ******* ** * scalable ***, *** ** **** *** I'll ****** *** ** ***** ** it

(1)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions