We covered an introduction to hardware hacking and specifically we discussed firmware analysis. We started with types of firmware images, methods of acquisition and how to analyze the acquired image to extract the file system. We used built-in tools in Kali Linux such as file command, binwalk and lastly we used firmwalker to automate the processs of analyzing firmware images to look for patterns such as usernames, emails, keys,etc.

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Highlights

Hardware hacking is the term used to describe the modification of an existing piece of hardware to make use of it in a way that was not intended. The goal is to obtain data, breach network security, seize control of the targeted hardware, or make it act strangely or malfunction.

The prevalence of hardware hacking has surged due to the proliferation of IoT equipment. In order to improve data and network security, this opens the door for moral hardware security evaluations to enter the picture.

Part of hardware hacking is analyzing the embedded firmware of the device which could contain sensitive files.

Firmware images can be acquired using several different methods
– From the manufacturer websites
– Direct extraction from the hardware using different connection methods such as **UART**, **JTAG** ,**PICit** and serial communication or cables.
– Dumping the firmware from the bootloader to an external storage.

With binwalk we can learn the entropy of the firmware image. If it has low entropy, then it’s not likely to be encrypted however if high entropy, Its likely encrypted.

binwalk -E firmware.bin

`rootfs` is the root filesystem and usually it is the name of the file that includes all/some directories that are packed together to be used later on a different machine or an embedded device.
To mount the contents of the rootfs we use the below command where `mnt` stands for the directory that will hold the contents.

unsquashfs -d mnt rootfs

A simple bash script for searching the extracted or mounted firmware file system.
It will search through the extracted or mounted firmware file system for things of interest such as:
– etc/shadow and etc/passwd
– list out the etc/ssl directory
– search for SSL related files such as .pem, .crt, etc.
– search for configuration files
– look for script files
– search for other .bin files
– look for keywords such as admin, password, remote, etc.
– search for common web servers used on IoT devices
– search for common binaries such as ssh, tftp, dropbear, etc.
– search for URLs, email addresses and IP addresses
– Experimental support for making calls to the Shodan API using the Shodan CLI

/firmwalker firmware.bin

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles