SlideShare une entreprise Scribd logo

INSIDE ARM-X Cansecwest 2020

Saumil Shah
Saumil Shah

The closest you will get to a VM for testing IoT devices. The ARM-X IoT Firmware Emulation Framework is a tried-and-tested framework which has led to four 0-days discovered on SoHo routers, IP cameras and VoIP exchanges. In this talk, I shall cover the evolution of ARM-X, demonstrate a few use cases and discuss future directions of IoT firmware emulation.

Logiciels
1  sur  36
Télécharger pour lire hors ligne
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 INSIDE SAUMIL SHAH @therealsaumil 18 March 2020 2020
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 # WHO AM I Saumil Shah CEO, Net Square @therealsaumil educating, entertaining and exasperating audiences since 1999
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 A Word From Our Sponsors KEEP CALM AND NAMASTE !
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Introducing ARM-X • An ARM Firmware Emulation Framework. • Ultimate Goal - create an IoT VM! • A Virtual IoT device makes for easy – runtime analysis – reverse engineering – fuzzing – exploit development • Gain insight into embedded hardware by trying to emulate it.
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Inside an IoT device…
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 CPU and Hardware Kernel Drivers File System nvram User Processes API UI libnvram …same same but different
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 compressed FS CPU Kernel Boot Loader mounted FS nvram init scripts Services Apps libnvram The IoT Boot Up Process conf conf conf conf firmware Loads Kernel. Uncompresses FS to ramdisk, invokes init process. ramdiskuserland Reads config from nvram. Builds system config files on the fly. Starts up system services. Invokes Applications and Application services. READY POWER ON
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram init scripts Services Apps libnvram Emulation: Goals and Challenges x x x x BUILDROOT Match the kernel with the one on the device chroot environment Implemented as an INI file, preloaded before "boot up" conf conf Fix to match QEMU environment Not all drivers load successfully
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 ARM-X Architecture
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 ARM-X Architecture
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Starting an ARM-X device
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 2 - Booting the device Kernel
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 QEMU CPU and Limited Hardware Kernel Kernel and hostfs ready hostfs NFS /armx
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 3 - ARM-X Userland
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 4 - nvram and userland init
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 QEMU CPU and Limited Hardware Kernel Drivers NFS /armx emulated nvram nvram and userland init scripts conf conf init scripts libnvram
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 QEMU CPU and Limited Hardware Kernel Drivers NFS /armx emulated nvram init scripts Services Apps libnvram ARM-X: Device "booted up" x x x x conf conf
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 5 - ARM-X hostfs/debug Shell
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 How to add a new device to ARM-X BUILDROOT Firmware image
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Obtaining the Firmware Firmware rootfs Firmware .bin file rootfs+nvram Serial Console Direct from Flash memory
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 1: Web/FTP site
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 2: Hidden UART interfaces Vcc (+3.3V) GND TX/RX GND
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Serial Console - working
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 # cat /proc/partitions major minor #blocks name 31 0 256 mtdblock0 31 1 64 mtdblock1 31 2 64 mtdblock2 31 3 1472 mtdblock3 31 4 128 mtdblock4 31 5 64 mtdblock5 31 6 2048 mtdblock6 31 7 32768 mtdblock7 31 8 30975 mtdblock8 31 9 131072 mtdblock9 31 10 98304 mtdblock10 Firmware Extraction # cat /proc/mtd dev: size erasesize name mtd0: 00040000 00010000 "u-boot" mtd1: 00010000 00010000 "devconf" mtd2: 00010000 00010000 "devdata" mtd3: 00170000 00010000 "mydlink" mtd4: 00020000 00010000 "langpack" mtd5: 00010000 00010000 "nvram" mtd6: 00200000 00010000 "flash" mtd7: 02000000 00020000 "upgrade" mtd8: 01e3ffa0 00020000 "rootfs" mtd9: 08000000 00020000 "nflash" mtd10: 06000000 00020000 "storage" dd if=/dev/mtdblock8 …
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 3: Take it directly from the chip!
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 DEMO TIME!
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 HERE BE THE GOODS Downloads: https://armx.exploitlab.net/ ! Announcements: @therealsaumil IP Camera CTF Challenge - blog.exploitlab.net
NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Thank you and … QUESTIONS? @therealsaumil

Recommandé

Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019Saumil Shah
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Saumil Shah
 
ARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopSaumil Shah
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopSaumil Shah
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
 
Coscup - 站在NAS的中心呼喊物聯網
Coscup - 站在NAS的中心呼喊物聯網Coscup - 站在NAS的中心呼喊物聯網
Coscup - 站在NAS的中心呼喊物聯網Jarvis Chung
 
AWS ロボを作ろう JAWSUG Kobe
AWS ロボを作ろう JAWSUG KobeAWS ロボを作ろう JAWSUG Kobe
AWS ロボを作ろう JAWSUG Kobe崇之 清水
 

Recommandé

Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019Saumil Shah
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Saumil Shah
 
ARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopSaumil Shah
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopSaumil Shah
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
 
Coscup - 站在NAS的中心呼喊物聯網
Coscup - 站在NAS的中心呼喊物聯網Coscup - 站在NAS的中心呼喊物聯網
Coscup - 站在NAS的中心呼喊物聯網Jarvis Chung
 
AWS ロボを作ろう JAWSUG Kobe
AWS ロボを作ろう JAWSUG KobeAWS ロボを作ろう JAWSUG Kobe
AWS ロボを作ろう JAWSUG Kobe崇之 清水
 
Be a Cloud Native
Be a Cloud NativeBe a Cloud Native
Be a Cloud NativeInnoTech
 
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...CA Technologies
 
The state of server-side Swift
The state of server-side SwiftThe state of server-side Swift
The state of server-side SwiftCiprian Redinciuc
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFVBasim Aly (JNCIP-SP, JNCIP-ENT)
 
IBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptxIBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptxMatt Leming
 
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...KTN
 
Learning Computer Network Through Network Simulation Program
Learning Computer Network Through Network Simulation ProgramLearning Computer Network Through Network Simulation Program
Learning Computer Network Through Network Simulation ProgramI Putu Hariyadi
 
QEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentQEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentGlobalLogic Ukraine
 
Nested CloudStack with VMware
Nested CloudStack with VMwareNested CloudStack with VMware
Nested CloudStack with VMwareShapeBlue
 
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Amazon Web Services
 
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitGetting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitAmazon Web Services
 
ExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingKarim Vaes
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
ITE7_Chp9.pptx
ITE7_Chp9.pptxITE7_Chp9.pptx
ITE7_Chp9.pptxssusera76ea9
 
WebAssembly - czy dzisiaj mi się to przyda do pracy?
WebAssembly - czy dzisiaj mi się to przyda do pracy?WebAssembly - czy dzisiaj mi się to przyda do pracy?
WebAssembly - czy dzisiaj mi się to przyda do pracy?Brainhub
 
Hardware Support for Efficient VirtualizationJohn Fisher-O
Hardware Support for Efficient VirtualizationJohn Fisher-OHardware Support for Efficient VirtualizationJohn Fisher-O
Hardware Support for Efficient VirtualizationJohn Fisher-Osimisterchristen
 
Easing the Path to Network Transformation - Network Transformation Experience...
Easing the Path to Network Transformation - Network Transformation Experience...Easing the Path to Network Transformation - Network Transformation Experience...
Easing the Path to Network Transformation - Network Transformation Experience...Liz Warner
 
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...Eduardo Patrocinio
 
Cloud-native Java EE-volution
Cloud-native Java EE-volutionCloud-native Java EE-volution
Cloud-native Java EE-volutionQAware GmbH
 
Network Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRNetwork Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRCisco Canada
 
The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksSaumil Shah
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSSaumil Shah
 

Contenu connexe

Similaire à INSIDE ARM-X Cansecwest 2020

Be a Cloud Native
Be a Cloud NativeBe a Cloud Native
Be a Cloud NativeInnoTech
 
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...CA Technologies
 
The state of server-side Swift
The state of server-side SwiftThe state of server-side Swift
The state of server-side SwiftCiprian Redinciuc
 
IBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptxIBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptxMatt Leming
 
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...KTN
 
Learning Computer Network Through Network Simulation Program
Learning Computer Network Through Network Simulation ProgramLearning Computer Network Through Network Simulation Program
Learning Computer Network Through Network Simulation ProgramI Putu Hariyadi
 
QEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentQEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentGlobalLogic Ukraine
 
Nested CloudStack with VMware
Nested CloudStack with VMwareNested CloudStack with VMware
Nested CloudStack with VMwareShapeBlue
 
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Amazon Web Services
 
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitGetting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitAmazon Web Services
 
ExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingKarim Vaes
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
WebAssembly - czy dzisiaj mi się to przyda do pracy?
WebAssembly - czy dzisiaj mi się to przyda do pracy?WebAssembly - czy dzisiaj mi się to przyda do pracy?
WebAssembly - czy dzisiaj mi się to przyda do pracy?Brainhub
 
Hardware Support for Efficient VirtualizationJohn Fisher-O
Hardware Support for Efficient VirtualizationJohn Fisher-OHardware Support for Efficient VirtualizationJohn Fisher-O
Hardware Support for Efficient VirtualizationJohn Fisher-Osimisterchristen
 
Easing the Path to Network Transformation - Network Transformation Experience...
Easing the Path to Network Transformation - Network Transformation Experience...Easing the Path to Network Transformation - Network Transformation Experience...
Easing the Path to Network Transformation - Network Transformation Experience...Liz Warner
 
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...Eduardo Patrocinio
 
Cloud-native Java EE-volution
Cloud-native Java EE-volutionCloud-native Java EE-volution
Cloud-native Java EE-volutionQAware GmbH
 
Network Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRNetwork Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRCisco Canada
 

Similaire à INSIDE ARM-X Cansecwest 2020 (20)

Be a Cloud Native
Be a Cloud NativeBe a Cloud Native
Be a Cloud Native
 
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
 
The state of server-side Swift
The state of server-side SwiftThe state of server-side Swift
The state of server-side Swift
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFV
 
IBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptxIBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptx
 
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
 
Learning Computer Network Through Network Simulation Program
Learning Computer Network Through Network Simulation ProgramLearning Computer Network Through Network Simulation Program
Learning Computer Network Through Network Simulation Program
 
QEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded DevelopmentQEMU and Raspberry Pi. Instant Embedded Development
QEMU and Raspberry Pi. Instant Embedded Development
 
Nested CloudStack with VMware
Nested CloudStack with VMwareNested CloudStack with VMware
Nested CloudStack with VMware
 
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
 
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitGetting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
 
ExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure Networking
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
 
ITE7_Chp9.pptx
ITE7_Chp9.pptxITE7_Chp9.pptx
ITE7_Chp9.pptx
 
WebAssembly - czy dzisiaj mi się to przyda do pracy?
WebAssembly - czy dzisiaj mi się to przyda do pracy?WebAssembly - czy dzisiaj mi się to przyda do pracy?
WebAssembly - czy dzisiaj mi się to przyda do pracy?
 
Hardware Support for Efficient VirtualizationJohn Fisher-O
Hardware Support for Efficient VirtualizationJohn Fisher-OHardware Support for Efficient VirtualizationJohn Fisher-O
Hardware Support for Efficient VirtualizationJohn Fisher-O
 
Easing the Path to Network Transformation - Network Transformation Experience...
Easing the Path to Network Transformation - Network Transformation Experience...Easing the Path to Network Transformation - Network Transformation Experience...
Easing the Path to Network Transformation - Network Transformation Experience...
 
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
 
Cloud-native Java EE-volution
Cloud-native Java EE-volutionCloud-native Java EE-volution
Cloud-native Java EE-volution
 
Network Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRNetwork Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XR
 

Plus de Saumil Shah

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksSaumil Shah
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSSaumil Shah
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise PresentationsSaumil Shah
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceSaumil Shah
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadSaumil Shah
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceSaumil Shah
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadSaumil Shah
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadSaumil Shah
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDSaumil Shah
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019Saumil Shah
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019Saumil Shah
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM AssemblySaumil Shah
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSSaumil Shah
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling PhotographSaumil Shah
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKSaumil Shah
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainSaumil Shah
 
Make ARM Shellcode Great Again
Make ARM Shellcode Great AgainMake ARM Shellcode Great Again
Make ARM Shellcode Great AgainSaumil Shah
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntySaumil Shah
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017Saumil Shah
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteSaumil Shah
 

Plus de Saumil Shah (20)

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise Presentations
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great Again
 
Make ARM Shellcode Great Again
Make ARM Shellcode Great AgainMake ARM Shellcode Great Again
Make ARM Shellcode Great Again
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS Keynote
 

Dernier

Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineeringssuserb3a23b
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 

Dernier (20)

Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineering
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 

INSIDE ARM-X Cansecwest 2020

  • 1. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 INSIDE SAUMIL SHAH @therealsaumil 18 March 2020 2020
  • 2. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 # WHO AM I Saumil Shah CEO, Net Square @therealsaumil educating, entertaining and exasperating audiences since 1999
  • 3. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 A Word From Our Sponsors KEEP CALM AND NAMASTE !
  • 4. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Introducing ARM-X • An ARM Firmware Emulation Framework. • Ultimate Goal - create an IoT VM! • A Virtual IoT device makes for easy – runtime analysis – reverse engineering – fuzzing – exploit development • Gain insight into embedded hardware by trying to emulate it.
  • 5. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
  • 6. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
  • 7. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Inside an IoT device…
  • 8. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 CPU and Hardware Kernel Drivers File System nvram User Processes API UI libnvram …same same but different
  • 9. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 compressed FS CPU Kernel Boot Loader mounted FS nvram init scripts Services Apps libnvram The IoT Boot Up Process conf conf conf conf firmware Loads Kernel. Uncompresses FS to ramdisk, invokes init process. ramdiskuserland Reads config from nvram. Builds system config files on the fly. Starts up system services. Invokes Applications and Application services. READY POWER ON
  • 10. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram init scripts Services Apps libnvram Emulation: Goals and Challenges x x x x BUILDROOT Match the kernel with the one on the device chroot environment Implemented as an INI file, preloaded before "boot up" conf conf Fix to match QEMU environment Not all drivers load successfully
  • 11. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 ARM-X Architecture
  • 12. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 ARM-X Architecture
  • 13. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Starting an ARM-X device
  • 14. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
  • 15. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 2 - Booting the device Kernel
  • 16. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
  • 17. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 QEMU CPU and Limited Hardware Kernel Kernel and hostfs ready hostfs NFS /armx
  • 18. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 3 - ARM-X Userland
  • 19. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
  • 20. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 4 - nvram and userland init
  • 21. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 QEMU CPU and Limited Hardware Kernel Drivers NFS /armx emulated nvram nvram and userland init scripts conf conf init scripts libnvram
  • 22. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
  • 23. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 QEMU CPU and Limited Hardware Kernel Drivers NFS /armx emulated nvram init scripts Services Apps libnvram ARM-X: Device "booted up" x x x x conf conf
  • 24. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
  • 25. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 5 - ARM-X hostfs/debug Shell
  • 26. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020
  • 27. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 How to add a new device to ARM-X BUILDROOT Firmware image
  • 28. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Obtaining the Firmware Firmware rootfs Firmware .bin file rootfs+nvram Serial Console Direct from Flash memory
  • 29. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 1: Web/FTP site
  • 30. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 2: Hidden UART interfaces Vcc (+3.3V) GND TX/RX GND
  • 31. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Serial Console - working
  • 32. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 # cat /proc/partitions major minor #blocks name 31 0 256 mtdblock0 31 1 64 mtdblock1 31 2 64 mtdblock2 31 3 1472 mtdblock3 31 4 128 mtdblock4 31 5 64 mtdblock5 31 6 2048 mtdblock6 31 7 32768 mtdblock7 31 8 30975 mtdblock8 31 9 131072 mtdblock9 31 10 98304 mtdblock10 Firmware Extraction # cat /proc/mtd dev: size erasesize name mtd0: 00040000 00010000 "u-boot" mtd1: 00010000 00010000 "devconf" mtd2: 00010000 00010000 "devdata" mtd3: 00170000 00010000 "mydlink" mtd4: 00020000 00010000 "langpack" mtd5: 00010000 00010000 "nvram" mtd6: 00200000 00010000 "flash" mtd7: 02000000 00020000 "upgrade" mtd8: 01e3ffa0 00020000 "rootfs" mtd9: 08000000 00020000 "nflash" mtd10: 06000000 00020000 "storage" dd if=/dev/mtdblock8 …
  • 33. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 3: Take it directly from the chip!
  • 34. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 DEMO TIME!
  • 35. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 HERE BE THE GOODS Downloads: https://armx.exploitlab.net/ ! Announcements: @therealsaumil IP Camera CTF Challenge - blog.exploitlab.net
  • 36. NETSQUARE (c) SAUMIL SHAHCANSECWEST | 2020 Thank you and … QUESTIONS? @therealsaumil