There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.
These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.
The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.
Let's say you want to access the application shared preferences in /data/data/com.mypackage.
You could try to run adb shell and then run-as com.mypackage
( or adb shell run-as com.mypackge ls /data/data/com.mypackage/shared_prefs),
but on a production release app downloaded from an app store you're most likely to see:
run-as: Package 'com.mypackage' is not debuggable
| #!/usr/bin/env python | |
| # | |
| # find-entropy.py | |
| # | |
| # A simple Utility to measure entropy of strings. | |
| # Usage should be something like this: | |
| # | |
| # $ strings file.txt | python find-entropy.py | |
| # |
This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.
I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.
While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.
If you run Ghidra on a high DPI screen, you will probably find the GUI to be scaled down so small to be almost of no use.
There is a setting that you can adjust to scale the Ghidra GUI:
in $GHIDRA_ROOT/support is a file named launch.properties. In this launch.properties file is the following configuration key:
VMARGS_LINUX=-Dsun.java2d.uiScale=1
In late 2015, I decided to start researching IP Cameras. I decided to try out the cheapest models available on Amazon.com, both because I thought those models would be more “fruitful” and because I was trying to do this research on a budget. It turns out that the security on these lower model IP Cameras is really bad.
I looked at five different IP Cameras and was able to gain root access on four of them within a few hours of starting to poke at them. All of the cameras I looked at cost between $30-$70, and can be purchased directly from Amazon.com.
My goals in completing this research were two-fold:
I've recently been working on JavaScript Obfuscation. I've read as much as I can from the internet about options and capabilities. It is clear there is one winner out of all the offerings available.
JScrambler (https://jscrambler.com/) is a paid product featuring JavaScript Obfuscation capabilities. When it comes to obfuscating JavaScript, it is the gold standard.
This is what the internet proclaimed as I read it [1]. However, it was truly difficult to assess how accurate these claims are; essentially the only public obfuscation examples they provide are:
https://jscrambler.com/products/code-integrity/javascript-obfuscation
The DIR-3040 models of DLINK routers feature encrypted firmware images in the most recent versions of the firmware. https://support.dlink.com/ProductInfo.aspx?m=DIR-3040-US details the firmware images available for this product.
1.11B02 - ftp://ftp2.dlink.com/PRODUCTS/DIR-3040/REVA/DIR-3040_REVA_FIRMWARE_v1.11B02.zip1.02B03 - ftp://ftp2.dlink.com/PRODUCTS/DIR-3040/REVA/DIR-3040_REVA_FIRMWARE_v1.02B03.zipUnzipping the first reveals two files:
DIR-3040_REVA_RELEASE_NOTES_v1.11B02.pdf
| [ | |
| { | |
| "name": "a", | |
| "start": "<a>", | |
| "end": "</a>" | |
| }, | |
| { | |
| "name": "abbr", | |
| "start": "<abbr>", | |
| "end": "</abbr>" |
| #!/bin/bash | |
| # Example of Base URL: http://sg001-vod.sliq.net/00285-vod/_definst_/2016/03/House%20in%20Session_2016-03-22-13.58.50_2461_2.mp4 | |
| BASEURL=$1 | |
| # MAX only works up to 999 because of "seq -f "%03g". Change "%03g" as your order of magnitude increases. | |
| MAX=$2 | |
| for i in $(seq -f "%03g" 0 $MAX); do | |
| wget "$BASEURL/media_$i.ts" -O /tmp/video-$i.mp4 | |
| done |