-
Notifications
You must be signed in to change notification settings - Fork 0
Home
mmilburn edited this page Nov 28, 2014
·
8 revisions
The purpose of this wiki is:
- To document my thought process, and the methods (some of my mistakes too!) used to analyze this firmware.
- To hopefully provide a pretty good reverse engineering tutorial (most tutorials don't seem to get past running "strings" on the binary).
This is a little difficult to describe. Essentially you need to make educated guesses based on your observations, then test your guesses. Follow KISS (keep it simple, stupid) principles. Here are a few hints:
- Put yourself in the shoes of the creator. How would you do it?
- Exploit software modularity (e.g. If firmware X is made by company Z and firmware Y was made by company Z, are they likely to be similar?)
- Re-examine basic definitions if necessary (e.g. Just what is a firmware, and what should it do?)
- Look at data and form beliefs (e.g. "kinda looks like word 4 is a CRC"). Test those beliefs ("if word 4 is a CRC, then it should have these properties").
- That "Frame of Mind" thing I just mentioned
- Familiarity with *nix shells
- Stubborness
- A cross compile environment (I've been using the toolchain provided by OpenWRT as well as crosstool-ng)
Ideally, with a modicum of effort one should be able to look at my write-ups and reconstruct my work. Statements aren't useful if you can't test them (falsifiability). Let me know if you think something needs more clarification.