One Article Review
| Source |  w00tsec |
|---|---|
| Identifiant | 8300174 |
| Date de publication | 2013-08-25 11:13:09 (vue: 2023-01-11 16:56:00) |
| Titre | SIMET Box Firmware Analysis: Embedded Device Hacking & Forensics |
| Texte | For my first blog post I decided to have a quick look on the firmware from SIMET Box. SIMET is organized by the Brazilian NIC.br in order to test and monitor the Internet speed across the country. For more info (in portuguese) visit their site here. All the data collected is available to the community on reports and heat maps like this.The organization is now handing out free Wi-Fi routers to Brazilians in order to measure the Internet quality on different regions. The SIMET Box equipment is a custom TL-WR740N pre-installed with OpenWRT. You can also download and install the standalone firmware on other TPLink's SOHO routers. The project is quite interesting but in times of PRISM and NSA I don't like the idea of using a "black box" at home, so I decided to check its design.FirmwareAs I don't have the actual box, I'll analyze SIMET Box's firmware image. The firmware can be downloaded from http://simet.nic.br/firmware. For this initial analysis I'll be using simetbox-tl-wr740n-v4.bin (MD5 d08798093e1591bece897671e96b5983).Let's start by using Craig Heffner's binwalk and firmware-mod-kit to unsquash the filesystem:binwalk -Me simetbox-tl-wr740n-v4.bin After extracting the files we can browse through the squashfs-root dir and grep files to identify OpenWrt's version base: We now know that SIMET Box is based on Attitude Adjustment branch (v12.09) for Atheros AR71xx, downloadable on OpenWRT's official site: |
| Envoyé | Oui |
| Condensat | each it there /bin/busibox /etc/config/autossh: /etc/rc /etc/uci /init /root/ /usr/bin/checa /usr/bin/simet /usr/lib/libip6tc /usr/lib/libjson /usr/lib/libnfnetlink /usr/lib/libpcap /usr/lib/libz 111 :while `libip6tc `libjson `libnfnetlink `libpcap `libpthread `libz `simet a white able above access across actual address address via addresses adjustment advice after agent agentd agentd: agentd:lots ago all allows also analysis analysis: analyze and app ar71xx are arguments:list arqs ascii assembler assolini attacks attitude atualiza authorized autossh autossh: base base:we based being bin binafter binaries binary binwalk binwalk and bit black blog bootstrap bootstrap: both box br/firmware branch brazil brazilian brazilian: brazilians browse but button: can changing check client client: collected colormap command communicates community compare compiled conf: conffiles: config control: corrupted country craig created css: custom d/atualiza d/autossh d/autossh: d/button/00 d/firewall d/iface/20 d/iface/50 d/miniupnpd d/miniupnpd: d/s11sysctl: d/s19firewall: d/s45atualiza d/s60zabbix d/s80autossh: d/s95miniupnpd: d/sysctl d/zabbix d08798093e1591bece897671e96b5983 data data/etc/hotplug data/usr/lib/lua/luci/i18n/upnp data/usr/lib/lua/luci/model/cbi/upnp/upnp decided defaults/50 defaults/99 defaults/luci design detail detailed device devices diff difference different dir directory dns: document does don done download downloadable downloaded dsa dsl dynamically elf embedded engineers entries environment equipment example executable executable/etc/hotplug executable/etc/init executable/etc/rc executable/etc/uci executable/etc/zabbix executable/usr/bin/get executable/usr/bin/simet executable/usr/bin/teste executable/usr/bin/wifionoff: executable/usr/lib/lua/luci/controller/simet executable/www/luci exif external extracting fabio factory file files filesystem:binwalk find firmware firmwareas first focus for for atheros forensic forensics free from from http://simet generic get grep hacking handing have header heat heffner here home hosts: how hping3 htm: html http https i18n ico: icon icon/www/luci ida idea identified identify iframe image important include: info information init initial install installed interesting interlaced/www/simet/cgi interlaced/www/simet/nic interlaced/www/simet/nonet interlaced/www/simet/view internally internet iptables is available to isp its jpeg jpg: js: kdiff3 to key/etc/dropbear/id keys keys: keys:password kit know known let libs like like:ssh line lines/sbin/fw3: lines/www/simet/ceptro linesthis link linked list of list: listed lmo: long look lots lua lua: mac management maps may md5 measure minilogo miniupnpd miniupnpd: mips mips32 mod modems modified monitor more msb new next nic nice not now nsa object official one ones openssh openwrt order organization organized other out packet page has particular png png: port porta25: portuguese posix post pre present prism pro project public qemu quality queries quick quite read recent regions rel2 reports requests:cronjobs reset reset: resource reverse review reviewed separately root routers rsa: rules:the run script scripts section securing settings settings:as sgi sh: shared shell simet simet: simetbox similar: simple site site: openwrt size/lib/libpthread size/usr/bin/auto size/usr/bin/simet size/usr/bin/sshreversetunnel: size/usr/lib/libip6tc size/usr/lib/libjson size/usr/lib/libnfnetlink size/usr/lib/libpcap size/usr/lib/libssl size/usr/lib/libz size/usr/lib/uhttpd size/usr/sbin/autossh: size/usr/sbin/hping3: size/usr/sbin/miniupnpd: size/usr/sbin/zabbix size/usr/share/libiwinfo/hardware small so: soho some source specially speed spoofing spoofing:script spoofing:zabbix squashfs ssh/known standalone standard/www/simet/simetbox start starting static/bootstrap/cascade static/bootstrap/favicon static/bootstrap/html5 status status/index/upnp symbolic sysv tab tale talk targeting technique test text text/etc/config/upnpd: text/etc/dropbear/authorized text/etc/hotplug text/lib/lib |
| Tags | |
| Stories | |
| Notes | ★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.