Deep Look at Router 0 day
I research router 0day again
by using IDA pro to reverse it.
It's mipl big endian cpu.
I found a possiblility of remote hacks of kernel/bootloader.
I found two device driver to access flash
/dev/mtdblock0
/dev/mtdblock1
It's must be the firmware volume
Let's dump from remote
write a python code to convert from hexdump to binary
extract with binwalk:
A firmware access tool found!!
back to router.bin
router bootloader/kernel is found
and I found strings in the firmware
0x245ed = ','
0x245ee = ' '
0x245ed = 'b'
remote firmware hacking!!!
by using IDA pro to reverse it.
It's mipl big endian cpu.
I found a possiblility of remote hacks of kernel/bootloader.
I found two device driver to access flash
/dev/mtdblock0
/dev/mtdblock1
It's must be the firmware volume
Let's dump from remote
write a python code to convert from hexdump to binary
extract with binwalk:
A firmware access tool found!!
back to router.bin
router bootloader/kernel is found
and I found strings in the firmware
0x245ed = ','
0x245ee = ' '
0x245ed = 'b'
remote firmware hacking!!!
留言
張貼留言