Kungergely/binwalk_on_win10.txt

## binwalk_on_win10.txt
The following steps are meant either to complement the wonderful book titled "The IoT Hacker’s Handbook A Practical Guide to Hacking the Internet of Things" by Aditya Gupta or to act as a generic aid in firmware exploiting and pentesting for Win10 users.

1. Clone akx's branch of binwalk:
git clone -b packaging-fixes https://github.com/akx/binwalk.git

2. Change to this newly-created directory and install the module:
cd C:\Path\to\binwalk
pip3 install .

3. Download squashfs for Windows:
https://sourceforge.net/projects/squashfs-for-win32/

4. Run the installer and add c:\Program Files (x86)\SquashFS-Win32\ to the %PATH% variable:
View advanced system settings->Environment Variables->System variables->Path->Edit->New)

5. Do the firmware extraction
python3 -m binwalk -e D:\Path\to\firmware.bin

6. Install Windows Subsystem for Linux (supposed to be run from PowerShell):
PS C:\Windows\system32> dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart

Deployment Image Servicing and Management tool
Version: 10.0.18362.1

Image Version: 10.0.18362.592

Enabling feature(s)
[==========================100.0%==========================]
The operation completed successfully.

7. Install an Ubuntu distribution as part of WSL and install some prerequisite packages:
sudo apt update
sudo apt -y install qemu qemu-system qemu-system-arm qemu-system-common qemu-system-mips qemu-system-ppc qemu-user qemu-user-static qemu-utils binutils git

8. Run an analysis tool in some of the binaries in the extracted image. Pay attention to the class (e.g. ELF32), the data type (endianness e.g. little endian) and the Machine type (e.g. ARM):
johnDoe@MyLaptop:~$ readelf -h /mnt/d/_test-image_0.0.0.1_123_45678-abcdefgh.trx.extracted/squashfs-root/bin/busybox
ELF Header:
  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF32
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           ARM
  Version:                           0x1
  Entry point address:               0xc49c
  Start of program headers:          52 (bytes into file)
  Start of section headers:          567640 (bytes into file)
  Flags:                             0x5000002, Version5 EABI, <unknown>
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         6
  Size of section headers:           40 (bytes)
  Number of section headers:         25
  Section header string table index: 24

9. Obtain the firmware analysis tool via Git (still within WSL). This will install lots of dependencies and download bimwalk and firmadyne as well:
git clone --recursive https://github.com/attify/firmware-analysis-toolkit.git
cd firmware-analysis-toolkit
sudo ./setup.sh

10. Edit fat.config to set the correct password for sudo commands
[DEFAULT]
sudo_password=attify123                                                                                                                                                                                                                      firmadyne_path=/mnt/d/firmware-analysis-toolkit/firmadyne

11. Install PostgreSQL, create a database user (password can be "firmadyne") plus a new database and populate it with the schema. Then start it:
sudo apt install postgresql
sudo -u postgres createuser -P firmadyne
sudo -u postgres createdb -O firmadyne firmware
sudo -u postgres psql -d firmware < ./firmadyne/database/schema
sudo service postgresql start
	The following steps are meant either to complement the wonderful book titled "The IoT Hacker’s Handbook A Practical Guide to Hacking the Internet of Things" by Aditya Gupta or to act as a generic aid in firmware exploiting and pentesting for Win10 users.

	1. Clone akx's branch of binwalk:
	git clone -b packaging-fixes https://github.com/akx/binwalk.git

	2. Change to this newly-created directory and install the module:
	cd C:\Path\to\binwalk
	pip3 install .

	3. Download squashfs for Windows:
	https://sourceforge.net/projects/squashfs-for-win32/

	4. Run the installer and add c:\Program Files (x86)\SquashFS-Win32\ to the %PATH% variable:
	View advanced system settings->Environment Variables->System variables->Path->Edit->New)

	5. Do the firmware extraction
	python3 -m binwalk -e D:\Path\to\firmware.bin

	6. Install Windows Subsystem for Linux (supposed to be run from PowerShell):
	PS C:\Windows\system32> dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart

	Deployment Image Servicing and Management tool
	Version: 10.0.18362.1

	Image Version: 10.0.18362.592

	Enabling feature(s)
	[==========================100.0%==========================]
	The operation completed successfully.

	7. Install an Ubuntu distribution as part of WSL and install some prerequisite packages:
	sudo apt update
	sudo apt -y install qemu qemu-system qemu-system-arm qemu-system-common qemu-system-mips qemu-system-ppc qemu-user qemu-user-static qemu-utils binutils git

	8. Run an analysis tool in some of the binaries in the extracted image. Pay attention to the class (e.g. ELF32), the data type (endianness e.g. little endian) and the Machine type (e.g. ARM):
	johnDoe@MyLaptop:~$ readelf -h /mnt/d/_test-image_0.0.0.1_123_45678-abcdefgh.trx.extracted/squashfs-root/bin/busybox
	ELF Header:
	Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
	Class: ELF32
	Data: 2's complement, little endian
	Version: 1 (current)
	OS/ABI: UNIX - System V
	ABI Version: 0
	Type: EXEC (Executable file)
	Machine: ARM
	Version: 0x1
	Entry point address: 0xc49c
	Start of program headers: 52 (bytes into file)
	Start of section headers: 567640 (bytes into file)
	Flags: 0x5000002, Version5 EABI, <unknown>
	Size of this header: 52 (bytes)
	Size of program headers: 32 (bytes)
	Number of program headers: 6
	Size of section headers: 40 (bytes)
	Number of section headers: 25
	Section header string table index: 24

	9. Obtain the firmware analysis tool via Git (still within WSL). This will install lots of dependencies and download bimwalk and firmadyne as well:
	git clone --recursive https://github.com/attify/firmware-analysis-toolkit.git
	cd firmware-analysis-toolkit
	sudo ./setup.sh

	10. Edit fat.config to set the correct password for sudo commands
	[DEFAULT]
	sudo_password=attify123 firmadyne_path=/mnt/d/firmware-analysis-toolkit/firmadyne

	11. Install PostgreSQL, create a database user (password can be "firmadyne") plus a new database and populate it with the schema. Then start it:
	sudo apt install postgresql
	sudo -u postgres createuser -P firmadyne
	sudo -u postgres createdb -O firmadyne firmware
	sudo -u postgres psql -d firmware < ./firmadyne/database/schema
	sudo service postgresql start