/dev/ttyS0

@nmatt0 Can confirm. @nmatt0 has great stuff as always, and the whole embedded systems village was awesome.

Embedded Systems Village has been hoppin! Come check it out if you haven't yet!

Had a blast doing this podcast!!

Discovered internal Google files inside the sandbox. Extracted a 579MB binary too big to just print out. Used Binwalk to unpack it and found… source code. linkedin.com/posts/kislayy_…

Just in time for a happy new year with better firmware analysis. Now with the enhanced binwalk decryptor available in EMBA. SBOM, known vulnerabilities, static analysis, emulation and much more (Screenshots from DIR-822 Rev C) github.com/e-m-b-a/emba

@pravda79 Binwalk definitely *should* handle those. Bug reports are always welcome, if you can provide a sample firmware image or link (either here or on the github page) I can take a look. Thanks!

@devttyS0 When I did RE work on D-Link devices some time ago, binwalk had multiples issues extracting things from the firmware file like SquashFS file systems, some certificates, etc - that is what I meant with binary blobs. I'll keep your repo for reference in the future, thanks

Just in time for Christmas: a repository for decrypting many encrypted D-Link firmware images. Also integrated into Binwalk for auto-magic decryption & extraction. github.com/devttys0/delink

@GM4AJK I did, though I haven’t posted content there in some time now

@devttyS0 Didn't you once have a YouTube channel, or am I confused?

@pravda79 lol that’s the main purpose of binwalk, what binary blob(s) are you referring to? unblob is good, it does some things binwalk doesn’t (and ice-versa), I keep both tools installed on my system for RE work.

@devttyS0 Nice, this will come handy - binealk is not super effective at figuring out the magic headers and sectores within the binary blob, gotta work the sectors which is time-consuming and tedious. Do you have an opinion about the unblob tool?

EMBA release alert with version 1.5.1 - Rise from the dead or Binwalk is back in town. We have a big update for all you #SBOM/#IoT/#firmware and binary analysis people out there. EMBA is getting faster and more powerful with new binwalk v3 and more SBOM github.com/e-m-b-a/emba/r…

@nmatt0 Nice work! :) FYI, Binwalk disables text formatting when it's not outputting to a terminal, so piping the output to `tee -` might help when using large terminal fonts for your videos.

Sometimes the fastest way to crack a password hash is to "Google" it. #iot #device #passwords

making progress ... say hi to all new binwalk in EMBA

@braincode Interesting, carving out the SquashFS images and running unsquashfs manually provides a partial extraction, but encounters a decompression failure part-way through.

@devttyS0 NAND indeed (Micron MT29F1G0), here's the output from binwalk_v3 (git clone fresh from today) and also the dumped flash if you are curious: #wQHG_cidg3rXzM6qvC71Dsa-ksIU7YOtplsmkXRNuRc" target="_blank" rel="nofollow noopener">mega.nz/file/65xDmYZC#…

Decrypt D-Link DIR-850L B1 firmware version 2.20. I should create a repository for these. openssl aes-256-cbc -nopad -d -in encrypted.bin -out decrypted.bin -K 0721010d2e79773a283633570f5a710b4340160f442b3d39317a66461a195b10 -iv 3b1d064e2f7f633003295a2d13660942

@braincode I don't, but maybe I should create one. :) Interesting about the SquashFS image, was the flash chip NAND perchance? Could be an issue with OOB/spare data in the raw flash dump.

@devttyS0 Also, do you have some "bins" repository to share BLOBs? I recently dumped a TSOP flash firmware that has weird squashfs sections, not handled well by binwalk-v3 (sasquatch)...

#BHMEA24 is finally happening… come to the EMBA Arsenal session tomorrow

Finally got some real excuse to play with the new Rust rewrite of Binwalk (v3). It is absurdly faster in most tasks, to the point that I had to verify if my batch is really running and finishing tasks or just throwing mishandled errors.

@rawz0ne openssl expects the input file to start with "Salted__"; the firmware itself has a 0x41 byte header, which has to be removed first. I haven't tested E15A1_FW120B01_revise.bin, but confirmed to work with E15A1_FW120B01.bin.

@devttyS0 E15A1_FW120B01_revise.bin & E15A1_FW120B01.bin throws "bad magic number".

Happy Veteran's Day! 🇺🇸 D-Link E15 firmware decryption: openssl aes-128-cbc -in enc.bin -out dec.bin -d -md sha256 -k 044b4e59846ecee953662ff2238fcc23

@sundhaug92 That one was a bit trickier than the others. Required hardware access + an exploit to pop a root shell. :)

@devttyS0 How'd you get that?