We covered an introduction to hardware hacking and specifically we discussed firmware analysis. We started with types of firmware images, methods of acquisition and how to analyze the acquired image to extract the file system. We used built-in tools in Kali Linux such as file command, binwalk and lastly we used firmwalker to automate the processs of analyzing firmware images to look for patterns such as usernames, emails, keys,etc.

What is Firmware?

I learned that firmware is essentially software written directly into the hardware itself. It contains all the necessary applications, file systems, and everything else a device needs to function smoothly. The video emphasized that keeping firmware updated is a crucial security practice, as manufacturers often release updates with important fixes and modifications.

The Firmware Analysis Process

The video outlined a clear, two-step process for firmware analysis:

  1. Firmware Extraction: The first step is to extract the firmware image from the hardware device. I discovered that firmware images can come in various formats, such as .bin (binary), JFFS2 (a journaling flash file system), or UBIifs (used in flash devices).
  2. Firmware Analysis: Once extracted, the goal is to examine the contents of the firmware image. I learned several techniques for this:
    • Initial Analysis with Built-in Tools: I found that the file command in Linux is incredibly useful for identifying the nature of the firmware image. For example, it might tell me if it contains a compressed Linux file system (like “squashFS”) or even a Windows virtual machine image (“vhd”). If a file system is identified, I can then explore its files, applications, user data, configuration files, and potentially even discover passwords. The strings command is also a good starting point for preliminary analysis. A powerful tool I was introduced to is binwalk. I learned that binwalk -e <firmware_image_name> can extract the contents of a firmware image, creating a directory with the extracted file system (e.g., Linux directories like /etc or /home).
    • Searching for Specific Information: Once the files are extracted, I can use the grep command to search for specific patterns within them, like looking for the word “password” in configuration or text files.
    • Third-Party Automated Tools: The video highlighted several automated tools that can streamline firmware analysis:
      • FirmWalker: This is a bash script that automatically searches extracted or mounted firmware file systems for interesting items such as configuration files, passwords, and binary files. I saw a demonstration of its usage.
      • FACT (Firmware Analysis and Comparison Tool): Another tool designed to automate firmware analysis, similar to FirmWalker.
      • FW Analyzer: A tool for analyzing various firmware images that contain different file systems.
    • Analyzing Radio Signals: Interestingly, I also learned that firmware images can be created by capturing signals from devices like radios using serial connections and specialized hardware. This technique is often used for Slow Scan Television (SSTV) or Software-Defined Radio (SDR) signals, which commonly use file extensions like .cf32, .fc32, and .cs. For analyzing these types of firmware images, Universal Radio Hacker (URH) is a dedicated tool.

Practical Demonstration

The video included a practical demonstration that helped solidify my understanding. I saw how to use the file command to identify a Linux kernel ARM boot executable image. Then, binwalk -e was used to extract its contents, confirming it was a squashFS file system and creating a directory with the extracted files. Although an attempt to use grep to find “password” in the extracted files didn’t yield results in the example, the presenter then showed how to use FirmWalker on a firmware image. FirmWalker searches for various patterns like IP addresses, URLs, emails, SSH keys, API keys, and passwords, saving its output to a file (e.g., firmware_walker.txt). While the live example didn’t find matches, the presenter showed an example output from the tool’s author, which successfully found configuration files and instances of “admin” and “root.”

Technical Commands I Used in the Terminal:

Here are the key technical commands I learned and saw demonstrated in the terminal:

  • file <firmware_image_name>: To identify the type of the firmware image.
    • Example: file firmware.bin
  • binwalk -e <firmware_image_name>: To extract the contents of the firmware image.
    • Example: binwalk -e firmware.bin
  • ls: To list the contents of a directory.
  • grep: For searching patterns within files.
    • Conceptual Example: grep -HnriE "(password|passwd|pass|pwd|key|secret|token|api_key|auth)" --include=\*.{txt,conf,config,cfg,xml,json,ini,sh,php,py,rb,js,html,htm,asp,aspx,jsp,yml,yaml} <directory_to_search>
  • cd <directory_name>: To change the current directory.
    • Example: cd firmWalker
  • chmod +x <script_name.sh>: To give execute permission to a script.
  • ./<script_name.sh> <firmware_image_path>: To run a script.
    • Example: ./firmwalker.sh ../firmware.bin
  • cat <filename>: To display the contents of a file.
    • Example: cat firmware_walker.txt

Video Walkthrough

Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles