This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.
I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.
While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.
| [ | |
| { | |
| "name": "a", | |
| "start": "<a>", | |
| "end": "</a>" | |
| }, | |
| { | |
| "name": "abbr", | |
| "start": "<abbr>", | |
| "end": "</abbr>" |
Let's say you want to access the application shared preferences in /data/data/com.mypackage.
You could try to run adb shell and then run-as com.mypackage
( or adb shell run-as com.mypackge ls /data/data/com.mypackage/shared_prefs),
but on a production release app downloaded from an app store you're most likely to see:
run-as: Package 'com.mypackage' is not debuggable
It is well know that through the ip and ifconfig commands it is possible to change a MAC address temporarily, meaning the change will not persist across host reboots.
But what if you would like to change your MAC address in a more permanent fashion? Is there a way to, through software, permanently change your network interface card's MAC address?
It turns out the answer is yes, and the tool to do so is called ethtool.
Ethtool comes pre-installed on many stock distributions of Linux, but can also be installed from your package manager of choice if necessary.
If you run Ghidra on a high DPI screen, you will probably find the GUI to be scaled down so small to be almost of no use.
There is a setting that you can adjust to scale the Ghidra GUI:
in $GHIDRA_ROOT/support is a file named launch.properties. In this launch.properties file is the following configuration key:
VMARGS_LINUX=-Dsun.java2d.uiScale=1
| // Original research publication: | |
| // https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ | |
| // | |
| // Depdency installation command: | |
| // npm i jsonwebtoken@0.2.0 | |
| // | |
| // Node security advisory: | |
| // https://nodesecurity.io/advisories/88 | |
| const jwt = require('jsonwebtoken'); |
There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.
These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.
The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.
I have a collection of QEMU VMs for different CPU Architectures. In an attempt to fill in some gaps on architectures I lacked VMs for, I decided to spin up a PowerPC32 VM under QEMU. I chose Debian-PowerPC as the OS.
Install the prerequisite PowerPC packages:
# apt-get install qemu-system-ppc openbios-ppc
| # Imports a .graphml file and shows it in Ghidra's graph viewer | |
| # If running headless, takes first ScriptArg as the file path. | |
| # If running GUI, shows a file chooser. | |
| # Author: ChatGPT | |
| from ghidra.service.graph import AttributedGraph, AttributedVertex, GraphDisplayBroker | |
| import xml.etree.ElementTree as ET | |
| from javax.swing import JFileChooser | |
| import os |
In this tutorial we will detail how to connect two linux hosts via 56k modems. To do this we will use the following components:
linksys SPA-2102 on ebay | $18-$25 )