RomHack 2019 speakers

Valerio Di Giampietro

Valerio Di Giampietro is an IT Infrastructure Manager with a strong technical knowledge and experience in cloud based and on premise infrastructures, networking, web servers, Oracle and mySQL databases, large Linux installations, virtualisation environments, storage area networking, IoT and embedded devices.
He is a Linux enthusiast since 1993 and he is passionate about electronics and technology since when he was a child.

Reverse engineering of IoT devices: hack a home router

[ Video | Slides ]

Introduction to firmware reverse engineering process of IoT devices. The process, described hacking on a home router, is applicable to IoT devices with an open source Operating System such as Linux based IoT devices.

The process is based on
1. Information Gathering of hardware and software, to identify main device components, to locate UART and JTAG interfaces and to get the firmware file or the EEPROM content and the root file system
2. Building a debugging friendly Emulation Environment, to run IoT binaries, using QEMU and with a root file system built with a build system like "BuildRoot"
3. Techniques to analyse, hack, reverse engineer and modify the firmware using file system analysis, analysing the output on the system console and using the Gnu Debugger in the emulation environment

What is original in this approach is the building of an emulated environment, with a kernel and a root file system, similar to the IoT device and with same or compatible versions of libraries, compiled with debugging information.
This allows the reverse engineering of interesting IoT device binaries, in the emulated environment, using the Gnu Debugger GDB, putting breakpoints in library function entries. This is easier and faster than using IDA Pro on binaries and libraries without debugging information.

Reverse engineering and firmware modification of the home router, made by the author on a recent D-Link model, requires overcoming difficult obstacles: the firmware upgrade file and the kernel are cryptographically signed to prevent firmware modification and unsigned kernel loading by the boot-loader.

[ Back to Program page ]

Cyber Saiyan

Cyber Saiyan is the non-profit organization that takes care of the organization of RomHack
Follow us, make a donation or becomes a member

Privacy policy