Uncategorized

FirmFlaws

Wow, another firmware tool that I am just now noticing.😦

Firmware analysis Website and API (JSON)
Upload firmware and run static analysis (parse firmware, grep strings, search for interesting files (conf, certs, db files…), etc.).
Dependencies:  Radare2, Binwalk, rats, graphviz, pydot, Django, r2pipe, python-magic, squashfs-tools, python3-openssl
Contributors: MisterCh0c (@MisterCh0c),  Ganapati (@G4N4P4T1),  Geoffrey (@geoffreyvdberge)

https://github.com/Ganapati/firmflaws

 

Standard
Uncategorized

Firminator

I just learned about Firminator. Sad that it has been around for some time and I am just noticing it.😦 They are looking for donations:

Firminator
The first (afaik) open source (wannabe) firmware vulnerability scanner.
Firminator goal is to provide static & dynamic analysis of firmwares. For the dynamic analysis the firmwares will be emulated using firmadyne.

http://www.firminator.io/

https://github.com/misterch0c/firminator_backend

https://twitter.com/Firminat0r/

 

Standard
Uncategorized

Microsoft OMI: WMI for Linux

WMI, the Windows-centric API wrapper the DMTF CIM standard, has an OMI variant that works outside of Windows. I don’t understand why Microsoft didn’t just submit OMI to DMTF, instead of OpenGroup…🙂

Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI’s small footprint, it also demonstrates very high performance. RPM and DEB packages are provided for the installation of OMI on most enterprise Linux distributions. To install OMI, download the correct package for your Linux computer. […]

https://github.com/Microsoft/omi

http://www.opengroup.org/software/omi

Open Management Infrastructure

Standard
Uncategorized

Peerlyst: List of Car Security Tools

https://www.peerlyst.com/posts/resource-list-of-car-hacking-tools-car-security-tools-and-car-security-resources-ben-ferris

PS: ‘ve not been good at tags connecting car-related posts (I will henceforth use “car hacking” for this), so here are the nearest-related posts; the last one is  a similar list of car security links:

The Car Hacker’s Handbook

The Most Hackable Cars

Awesome Vehicle Security list created

Standard
Uncategorized

Using Radare to emulate BIOS

(There’s a Twitter URL for it, but I’ve lost it, sorry.)
Emulating a simple bootloader

Generally speaking, emulating a bootloader is simpler than it is for regular binaries, because they lack external libraries and usually have direct access to memory and hardware. In this case, the bootloader is a binary for x86 architecture which runs in 16-bits real mode using BIOS calls to perform its loading duties and textual input/output. The idea here is to emulate Cropta1 crackme using radare2 ESIL emulation, providing the needed BIOS via a trivial quick & dirty python implementation of just what it’s needed to run the crackme code. There are several ways to do it, I tried two of them and here is the story. […]

http://radare.today/posts/emulating-simple-bootloader/

 

Standard