Reverse engineering of IoT devices: hack a home router
Introduction to firmware reverse engineering process of IoT devices. The process, described hacking on a home router, is applicable to IoT devices with an open source Operating System such as Linux based IoT devices.
The process is based on
1. Information Gathering of hardware and software, to identify main device components, to locate UART and JTAG interfaces and to get the firmware file or the EEPROM content and the root file system
2. Building a debugging friendly Emulation Environment, to run IoT binaries, using QEMU and with a root file system built with a build system like "BuildRoot"
3. Techniques to analyse, hack, reverse engineer and modify the firmware using file system analysis, analysing the output on the system console and using the Gnu Debugger in the emulation environment
What is original in this approach is the building of an emulated environment, with a kernel and a root file system, similar to the IoT device and with same or compatible versions of libraries, compiled with debugging information.
This allows the reverse engineering of interesting IoT device binaries, in the emulated environment, using the Gnu Debugger GDB, putting breakpoints in library function entries. This is easier and faster than using IDA Pro on binaries and libraries without debugging information.
Reverse engineering and firmware modification of the home router, made by the author on a recent D-Link model, requires overcoming difficult obstacles: the firmware upgrade file and the kernel are cryptographically signed to prevent firmware modification and unsigned kernel loading by the boot-loader.
[ Back to Lineup page