I built EDK2 and OVMF from source using the instructions here: https://github.com/tianocore/tianocore.github.io/wiki/How-to-run-OVMF
The instructions are helpful in getting the build tooling configured to build edk2, but I consistently ran into a problem when I built the DEBUG version of OVMF. I would run:
$ qemu-system-x86_64 -bios ../edk2/Build/OvmfX64/DEBUG_GCC5/FV/OVMF.fd
An upcoming project has me looking at car hacking at the moment. I watched a great video ( https://www.youtube.com/watch?v=nvxN5G21aBQ ) which caught me up to speed on the fundamentals. There are a few other videos out there on introductory car hacking, but they all seem to revolve around the virtual can interface provided by vcan. I decided I didn't want to test virtually because then I wouldn't know how to work with the actual connection hardware. At the same time, being a beginner, I DID NOT want to plug into my personal vehicle's ODB2 port.
I was looking for something between vcan and a real car. A little googling led me to the ScanTools ECUSim 2000:
https://www.amazon.com/OBDLink-ScanTool-ECUsim-Simulator-Development/dp/B008NAH6WE
This board simulates a car. It has a ODB2 port for interfacing just like one would do with a
There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.
These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.
The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.
| #!/bin/bash | |
| # | |
| # This script takes a Thecus Firmware Image and decrypts it. | |
| # The encryption key is based off of one of the supported | |
| # models, which are listed in the firmware filename. This | |
| # script will try all of the model names in the file name | |
| # and delete any that do not decrypt to a gzip file. | |
| # | |
| # You will need the following c program compiled and passed |
| #!/usr/bin/env python | |
| # | |
| # This script is meant to assist in filling up a MAC ADDRESS Table on a switch | |
| # This script reuqires scapy to be installed, and most likely will need to be | |
| # run as root. That means scapy will have to be installed for the root user | |
| # in order for this script to work. | |
| # | |
| # Arguments: | |
| # * Interface to send ARP packet on |
If you run Ghidra on a high DPI screen, you will probably find the GUI to be scaled down so small to be almost of no use.
There is a setting that you can adjust to scale the Ghidra GUI:
in $GHIDRA_ROOT/support is a file named launch.properties. In this launch.properties file is the following configuration key:
VMARGS_LINUX=-Dsun.java2d.uiScale=1
| #!/usr/bin/env python | |
| from Crypto.Hash import MD4 | |
| import socket | |
| import base64 | |
| import os | |
| import random | |
| import time | |
| import sys |
| // Search for HTML Documents / Fragments embedded in a binary and create a bookmark | |
| // @author Nicholas Starke | |
| import ghidra.app.script.GhidraScript; | |
| import ghidra.program.model.address.Address; | |
| import ghidra.program.model.mem.Memory; | |
| import ghidra.program.model.mem.MemoryAccessException; | |
| import ghidra.program.model.mem.MemoryBlock; | |
| import java.nio.charset.StandardCharsets; |
| import hashlib | |
| from struct import * | |
| """ | |
| This implementation was reverse engineered using Wireshark (and source code), strace and two excelent articles: | |
| - https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/ | |
| - https://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html | |
| """ | |
| def papi_encrypt(data): |
| #!/usr/bin/env python | |
| # The idea behind this file is that many times firmware images are constructed with zero'd out address regions as the delimiter. | |
| # This script will split files in a firmware image when the embedded files are $MAX zero'd bytes in distance from each other. | |
| import sys | |
| import copy | |
| FILE=sys.argv[1] | |
| MAX=512 |