FirmFlaws

Wow, another firmware tool that I am just now noticing. 😦

Firmware analysis Website and API (JSON)
Upload firmware and run static analysis (parse firmware, grep strings, search for interesting files (conf, certs, db files…), etc.).
Dependencies:  Radare2, Binwalk, rats, graphviz, pydot, Django, r2pipe, python-magic, squashfs-tools, python3-openssl
Contributors: MisterCh0c (@MisterCh0c),  Ganapati (@G4N4P4T1),  Geoffrey (@geoffreyvdberge)

https://github.com/Ganapati/firmflaws

 

Praetorian on exploiting MIPS devices, part 1

The Praetorian security blog has a very detailed and well-written blog post of a MIPS-based system, showing/discussing multiple tools (BowCaster, QIRA, BinWalk, Radare, …). And there is a Part 2 in the works!

Reversing and Exploiting Embedded Devices: The Software Stack (Part 1)
Over the course of the past few months I’ve been traveling around educating people on exploiting embedded devices. My slides alone aren’t able to provide enough information, so I wanted to write everything out for people to digest online. The following blog post is “Part 1”, which will introduce the reader to the software side of embedded devices. I decided to cover software first since most flaws reside within the software stack, ranging from binary applications to drivers. Part 2 will cover the Hardware stack with a focus on educating the reader on how JTAG actually works and how to leverage Hardware modifications to either bypass password protections or to extract secrets that may be baked into the targeted device. […]

https://www.praetorian.com/blog/reversing-and-exploiting-embedded-devices-part-1-the-software-stack

BinWalk 2.1.1 released

https://github.com/devttys0/binwalk/releases/tag/v2.1.1
http://binwalk.org/
https://github.com/devttys0/binwalk/wiki

New to 2.1.1:
    Many bug fixes
    New/improved file signatures
    Disassembly scans (using the Capstone Engine)
    Improved raw Deflate compression detection and extraction
    Raw LZMA compression detection and extraction
    Improved false positive detection for common compressions (Zlib, LZMA)
    An IDA plugin for running binwalk inside of IDA
    Integration of better extraction utilities (e.g., sasquatch for SquashFS, jefferson for JFFS2)
    Removal of all C library dependencies, including libmagic – pure Python!
    Native Windows support!