nstarke

import ghidra.app.script.GhidraScript

# I noticed that on some microcontrollers the ghidra analyzer doesn't auto analyze the entire binary.
# This Ghidra Script will iterate over every address in a binary and attempt to disassemble it.

counter = 0
nextAddress = currentProgram.getMinAddress()

while nextAddress:

nstarke

#!/bin/sh

#
# A Small Shell script to check a binary for different microcontroller cpu architectures.
#
# This works by importing the binary into a project in Ghidra
# And then iteratively attempting to analyze chunks of the binary firmare
# all while timing the analysis.
#
# The theory is Ghidra should take noticeably longer to analyze a valid 

nstarke

Change MAC Address Permanently

It is well know that through the ip and ifconfig commands it is possible to change a MAC address temporarily, meaning the change will not persist across host reboots.

But what if you would like to change your MAC address in a more permanent fashion? Is there a way to, through software, permanently change your network interface card's MAC address?

It turns out the answer is yes, and the tool to do so is called ethtool.

Ethtool

Ethtool comes pre-installed on many stock distributions of Linux, but can also be installed from your package manager of choice if necessary.

nstarke

Yardstick One Setup

A few years ago I bought a YardStick One from Great Scott Gadgets (https://greatscottgadgets.com/yardstickone/).

YardStick One works with a software suite called rfcat (https://github.com/atlas0fd00m/rfcat). I needed to update the bootloader firmware for my YardStick One to work with recent versions of rfcat.

Because of a compiler issue between sdcc 3.6.0.0 and 3.8.0.0 (latest as of this writing), when I attempted to flash the bootloader firmware, I received an Invalid IOCTL warning:

Could not configure port: (25, 'Inappropriate ioctl for device')

nstarke

  #!/usr/bin/python
#
# Cisco IOS GDB RSP Wrapper
# PowerPC Version
#
# Authors:
#
# Artem Kondratenko (@artkond) - original mips version
# Nicholas Starke (@nstarke) - powerpc version
# Adapted from https://github.com/klsecservices/ios_mips_gdb

nstarke

#!/usr/bin/env python3

#
# find-data.py
#
# A small script to bruteforce embedded compressed data that might not have a header
# Useful for raw binary firmware images that do not contain a standard
# binary header (ELF, PE, MACH-O).
#
# Usage: python find-data.py "filename.bin"

nstarke

#!/usr/bin/env python

#
# find-entropy.py
#
# A simple Utility to measure entropy of strings.
# Usage should be something like this:
#
# $ strings file.txt | python find-entropy.py
#

nstarke

Reversing Raw Binary Firmware Files in Ghidra

This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.

Prep work in Binwalk

I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.

While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.

nstarke

#!/usr/bin/env python

#
# A naive LLDP Fuzzer
# Released Jun 18, 2019
# Author: Nicholas Starke
#

from scapy.all import *
import time

nstarke

Extract Netgear .chk Firmware

I recently ran into a situation where binwalk -M -e $FIRMWARE failed me. This was for a Netgear firmware image that ended in a .chkextension.

The firmware file name was R7960P-V1.0.1.34_1.0.20.chk.

This is the output when I ran binwalk R7960P-V1.0.1.34_1.0.20.chk:

$ binwalk R7960P-V1.0.1.34_1.0.20.chk