+1 (512) 588 6950
What is Firmware Reverse Engineering?
Every embedded system, such as cameras, routers, smart watches etc., has pre-installed firmware, which has its own set of instructions running on the hardware’s processor.
It enables the hardware to communicate with other software running on the device. The firmware provides low-level control for the designer/developer to make changes at the root level.
Firmware Reversing Steps
BinWalk: A firmware extraction tool that extracts code snippets inside any binary by searching for signatures against many standard binary file formats like
zip, tar, exe, ELF,etc.
Binwalk has a database of binary header signatures against which the signature match is performed.
The common objective of using this tool is to extract a file system like
Squashfs, yaffs2, Cramfs, ext*fs, jffs2,etc., which is embedded in the firmware binary. The file system has all the application code that will be running on the device.
Open the Machine’s Split View
cd bin binwalk -E -N firmwarev2.2-encrypted.gpg
cd .. cd bin-unsigned/ extract-firmware.sh firmwarev1.0-unsigned
grep -ir paraphrase cat fmk/rootfs/gpg/secret.txt
Paraphrase : Santa@2022
gpg — import fmk/rootfs/gpg/private.key
Type the Paraphrase that we Found
gpg --import fmk/rootfs/gpg/public.key gpg --list-secret-keys
Once the keys are imported, McSkidy decrypts the firmware using the gpg command. Again change the directory by entering the command cd .. and then cd bin
cd .. cd bin gpg firmwarev2.2-encrypted.gpg cat ~/bin/fmk/rootfs/flag.txt
Use the Command below to find the Firmware of rootfs
Make Sure, you are in the rootfs Directory
ls -lah * | grep rootfs
Thank you for Reading!!
Happy Hacking ~
THM , TryHackMe , TryHackMe Advent of Cyber 2022 , TryHackMe Advent of Cyber 4 Day 20, Ethical Hacking , Write up , Walk through , TryHackMe Advent of Cyber 2022 Day 20Answers