summaryrefslogtreecommitdiff
path: root/2003/firmware-reveng-ccc2003/firmware-reveng-ccc2003.mgp
blob: e1edbed31e46836388e4add9f99f45dc8fdc8c73 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
%include "default.mgp"
%default 1 bgrad
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
%nodefault
%back "blue"

%center
%size 7


Reverse Engineering 
%size 5
of Linux-Based Firmware Images


%center
%size 4
by

Harald Welte <laforge@gnumonks.org>


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
Linux Firmware Reverse Engineering
Overview

	Linux has gained ground in the commercial market
	Embedded hardware is getting cheaper
	Network Appliances become more popular
		802.11(abg) Acces Points, Bridges, Routers
		DSL 'Routers' (in reality NAT-gateways)
	Users demand more and more CPU-intensive functions 
		PPPoE, PPTP
		NAT with ALG's for H.323, PPTP
		IPsec

	Many vendors seem to conclude:
		Why not use Linux?

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
Linux Firmware Reverse Engineering
Why is this worth a presentation?

	Vendors tend to forget about their GPL obligations
		They have to
			redistribute or make available the sourcecode
			redistribute or maka available build scripts
			inform their users about their rights and obligations under the GPL 
		They are not allowed to link with GPL-incompatible code

	Vendors tend to forget about security issues
		Most people don't know that their appliance runs linux
		Thus they won't even know that they're affected by a vulnerability
		Vendors of consumer-class equipment tend to be lazy
		
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
Linux Firmware Reverse Engineering
How to start (from a technical point of view)

	In most cases you don't even need the device
	Firmware images are available for download from the vendors
	Reverse engineering starts by looking at that binary
	In a number of cases, you will either find
		a gzip signature for a compressed kernel
		a signature of a cramfs disk image
		a configuration file to enable/disable features
		some other (arj/lzh/zip/...) image

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
Linux Firmware Reverse Engineering
How to start from a technical point of view (cont'd)

	Useful tools for looking at that image
		'strings' (from gnu binutils)
		your favourite hex editor
		'file' (especially it's 'magic' signature file)
		libmagic (library for accessing 'magic' signatures)

	Strings to look for:
		'piggy' (compressed kernel image)
		0x28cd3d45 (compressed ram fs)

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
Linux Firmware Reverse Engineering
Practical Example


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
Linux Firmware Reverse Engineering
Thanks
	The slides of this presentation are available at http://www.gnumonks.org/

	Thanks to
		the BBS people, Z-Netz, FIDO, ...
			for heavily increasing my computer usage in 1992
		KNF
			for bringing me in touch with the internet as early as 1994
			for providing a playground for technical people
			for telling me about the existance of Linux!
		Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen
			for implementing (one of?) the world's best TCP/IP stacks
		Paul 'Rusty' Russell
			for starting the netfilter/iptables project
			for trusting me to maintain it today
		Astaro AG
			for sponsoring parts of my netfilter work
personal git repositories of Harald Welte. Your mileage may vary