diff options
Diffstat (limited to '2003/firmware-reveng-ccc2003/firmware-reveng-ccc2003.mgp')
-rw-r--r-- | 2003/firmware-reveng-ccc2003/firmware-reveng-ccc2003.mgp | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/2003/firmware-reveng-ccc2003/firmware-reveng-ccc2003.mgp b/2003/firmware-reveng-ccc2003/firmware-reveng-ccc2003.mgp new file mode 100644 index 0000000..e1edbed --- /dev/null +++ b/2003/firmware-reveng-ccc2003/firmware-reveng-ccc2003.mgp @@ -0,0 +1,113 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +Reverse Engineering +%size 5 +of Linux-Based Firmware Images + + +%center +%size 4 +by + +Harald Welte <laforge@gnumonks.org> + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Linux Firmware Reverse Engineering +Overview + + Linux has gained ground in the commercial market + Embedded hardware is getting cheaper + Network Appliances become more popular + 802.11(abg) Acces Points, Bridges, Routers + DSL 'Routers' (in reality NAT-gateways) + Users demand more and more CPU-intensive functions + PPPoE, PPTP + NAT with ALG's for H.323, PPTP + IPsec + + Many vendors seem to conclude: + Why not use Linux? + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Linux Firmware Reverse Engineering +Why is this worth a presentation? + + Vendors tend to forget about their GPL obligations + They have to + redistribute or make available the sourcecode + redistribute or maka available build scripts + inform their users about their rights and obligations under the GPL + They are not allowed to link with GPL-incompatible code + + Vendors tend to forget about security issues + Most people don't know that their appliance runs linux + Thus they won't even know that they're affected by a vulnerability + Vendors of consumer-class equipment tend to be lazy + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Linux Firmware Reverse Engineering +How to start (from a technical point of view) + + In most cases you don't even need the device + Firmware images are available for download from the vendors + Reverse engineering starts by looking at that binary + In a number of cases, you will either find + a gzip signature for a compressed kernel + a signature of a cramfs disk image + a configuration file to enable/disable features + some other (arj/lzh/zip/...) image + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Linux Firmware Reverse Engineering +How to start from a technical point of view (cont'd) + + Useful tools for looking at that image + 'strings' (from gnu binutils) + your favourite hex editor + 'file' (especially it's 'magic' signature file) + libmagic (library for accessing 'magic' signatures) + + Strings to look for: + 'piggy' (compressed kernel image) + 0x28cd3d45 (compressed ram fs) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Linux Firmware Reverse Engineering +Practical Example + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Linux Firmware Reverse Engineering +Thanks + The slides of this presentation are available at http://www.gnumonks.org/ + + Thanks to + the BBS people, Z-Netz, FIDO, ... + for heavily increasing my computer usage in 1992 + KNF + for bringing me in touch with the internet as early as 1994 + for providing a playground for technical people + for telling me about the existance of Linux! + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Paul 'Rusty' Russell + for starting the netfilter/iptables project + for trusting me to maintain it today + Astaro AG + for sponsoring parts of my netfilter work |