This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.
I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.
While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.
| #!/usr/bin/python3 | |
| ''' | |
| author: ceres-c | |
| usage: ./frida-extract-keystore.py | |
| Once the keystore(s) have been exported you have to convert them to PKCS12 using keytool | |
| ''' | |
| import frida, sys, time |
| import os | |
| import sys | |
| import time | |
| import struct | |
| import select | |
| import binascii | |
| import bluetooth | |
| from bluetooth import _bluetooth as bt |
| #!/usr/bin/python3 | |
| """ | |
| Copyright 2021 Mygod | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at | |
| http://www.apache.org/licenses/LICENSE-2.0 |
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
| #!/usr/bin/env python3 | |
| # This script is designed to do one thing and one thing only. It will find each | |
| # of the FlateDecode streams in a PDF document using a regular expression, | |
| # unzip them, and print out the unzipped data. You can do the same in any | |
| # programming language you choose. | |
| # | |
| # This is NOT a generic PDF decoder, if you need a generic PDF decoder, please | |
| # take a look at pdf-parser by Didier Stevens, which is included in Kali linux. | |
| # https://tools.kali.org/forensics/pdf-parser. | |
| # |
| #!/usr/env python | |
| ############################################################################################################### | |
| ## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script | |
| ## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift | |
| ##------------------------------------------------------------------------------------------------------------- | |
| ## [Details]: | |
| ## This script is intended to be executed locally on a Linux box to enumerate basic system info and | |
| ## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text | |
| ## passwords and applicable exploits. |
