Resources for learning firmware analysis?

thomas_thomas_ CompTIA N+/S+/L+ CCNA R&S CCNP R&S/Enterprise/CollabMember Posts: 959 ■■■■■■■□□□
Does anyone know of good resources to learn firmware analysis?  I already have the firmware and don’t need to extract it.  I’m just need to learn how to analyze it.  I’d like to pull the web files from it and transfer them to an apache server in a virtual machine to play around with the http requests/responses to potentially automate some stuff.  

There is an API, but the API doesn’t allow access to all of the settings that the web portal does.

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,941 Admin
    Are you talking about analyzing firmware source code or object code? Object code will need to be decompiled and reverse-engineered to figure out how it works. If all you want to do is pull static data from the object code, the data should be evident enough where you could do that manually using a binary editor or even using a program like strings on Windows or Linux. If the static data is purposely obfuscated to thwart reverse engineering then you will need to look into Malware reverse engineering techniques to find a way to decode it.
  • iBrokeITiBrokeIT GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,303 ■■■■■■■■■□
    Binwalk is another tool you could look into.  Plenty of tutorials online for it.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA | eCPPT | eWPT | eCTHP

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security
  • thomas_thomas_ CompTIA N+/S+/L+ CCNA R&S CCNP R&S/Enterprise/Collab Member Posts: 959 ■■■■■■■□□□
    JDMurray said:
    Are you talking about analyzing firmware source code or object code?

    It's not really either of those. I'm just trying to extract the linux file system, more specifically the web files, to mount them in a web server and interact with it. I've played with binwalk like @iBrokeIT suggests and I've extracted what appears to be the file system. When I try to copy over the web files there are a lot of symlinks pointing to files that don't exist and won't copy. I think I am missing something or maybe I just need to try to find a way to make the entire filesystem bootable.

    iBrokeIT said:
    Binwalk is another tool you could look into.  Plenty of tutorials online for it.

    This is what I've been using and I've been looking up tutorials. The tutorials make it look easy, but when I try to apply the same concepts to what I'm doing I run into dead ends and road blocks. I guess it might just be a matter of research, trying things out, failing, rinse and repeat.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,941 Admin
    edited April 27
    Firmware does not have a file system in it--just code and data. From where did you extract this binary image? Is it a file system that was stored in NVRAM or a VM?
  • thomas_thomas_ CompTIA N+/S+/L+ CCNA R&S CCNP R&S/Enterprise/Collab Member Posts: 959 ■■■■■■■□□□
    I guess firmware was the wrong term to use and it’s really just a linux OS packaged in a .bin file designed to boot up and run a specialized piece of hardware.  I downloaded the file from the manufacturers website.  

    I poked around the extracted filesystem last night and saw it was running lighttpd web server and I might have seen a database.  I found the html homepage, but it looks like most of the html body is pulled from somewhere, probably a database table.  I’m thinking if I figure out how the webpage is generated, then I’ll probably know enough to get it working in a VM running lighttpd web server and thebright database software.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,941 Admin
    Yes, I'm thinking getting the .bin running in a VM is your best bet. What type of software is used to start-up the .bin file? 
Sign In or Register to comment.