Example code for following along with my "Broken, Abandoned, and Forgotten Code" blog series
Python Shell Makefile C
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
blog_posts
part_11
part_12
part_13
part_14 updated URL to part 14 in README. Nov 5, 2015
part_2
part_3
part_5
part_6
part_7
part_8
part_9
.gitignore
LICENSE
README.md

README.md

Broken, Abandoned, and Forgotten Code

Introduction

Check out http://shadow-file.blogspot.com for a detailed series of articles on reverse engineering and exploiting Netgear SOHO routers.

This series of posts describes how abandoned, partially implemented functionality can be exploited to gain complete, persistent control of Netgear wireless routers.

In this series, I'll describe the process of specially crafting a malicious firmware image and a SOAP request in order to route around the many artifacts of incomplete implementation in order to gain persistent control of the router. I'll discuss reverse engineering the proper firmware header format, as well as the the improper one that will work with the broken code.

What's this repository for?

Many of the installments in this series will feature code that aids in the various stages of reverse engineering and exploiting the target device. Each part of the series featuring new or updated code will have a corresponding folder here. If you clone this repo, you should be able to get the latest updates whenever a new part goes up on the blog just by doing a pull.

The directory for each part will contain everything that came before it. So, for example part_12 is a superset of part_11.

Here are the parts of the series published so far (not all installments have updated source code).

part 1
part 2
part 3
part 4
part 5
part 6
part 7
part 8
part 9
part 10
part 11
part 12
part 13
part 14

Note: you will require Bowcaster, which you can get here.