Close
0%
0%

Remoticon: Intro to Firmware Reverse Engineering

An introduction to firmware reverse engineering.

Public Chat
Similar projects worth following
Eventbrite link: https://www.eventbrite.com/e/remoticon-tickets-115886905855An introduction to firmware reverse engineering.

Workshop Details:

This workshop will give you a brief introduction to firmware and how to reverse engineer it. It will be comprised of theory, examples, and a few hands-on labs to get started with firmware reversing.

Topics that will be covered:

- Introduction to Firmware
- Why Firmware reversing
- Attack surfaces w.r.t firmware
- Introduction to tools used for firmware static and dynamic analysis.
- Examples of attacks that occurred due to vulnerabilities in the firmware.

After this workshop, you will be aware of the initial steps involved during reversing, even if you are new to this field, you will be able to get started with reversing firmware at the basic level.

Instructor: Asmita Jha

Asmita works as an IoT Security Consultant focusing on embedded device security testing and research at Payatu, India. She enjoys tinkering around with hardware, reversing, and hacking. With her extensive background in embedded development, she loves reversing firmware. She also has experience giving talks, workshops, and training at conferences like CPX360, NULLCON, and local infosec community meetups.

Adobe Portable Document Format - 2.09 MB - 11/07/2020 at 17:18

Preview
Download

  • 1
    VM setup instructions

    Hi everyone,
    Before we start with our workshop on 7th November, I request you all to keep the  VM downloaded (VM download link already shared with the registered attendees).
    Here are a few instructions for setting up :
    # Materials/Equipment required
    - Laptop with at least 50 GB free space
    - 8+ GB minimum RAM (4+GB for the VM)
    - Administrative privileges on the system
    - No/Disabled security/firewall software. The laptop should not have any privilege restrictions imposed by company policy or any security software.
    - Host Machine Software installation – You need to pre-install these applications on your laptop (not inside a VM guest)
     - Virtualbox 6.0..x version (or latest version) platform package - https://www.virtualbox.org/wiki/Downloads
     - Oracle VM VirtualBox Extension Pack for the same version of VirtualBox you installed  -  https://www.virtualbox.org/wiki/Downloads
    - Virtualization (Vx-t) option enabled in the BIOS settings for VirtualBox to work (check for this, just in case for virtual box setup do not work)

    In case you face any issue during VM setup, do let me know via this chat before the workshop day.

    Thank you all !!

View all instructions

Enjoy this project?

Share

Discussions

Asmita wrote 11/09/2020 at 00:59 point

Ah, sorry I missed the discussions here, I was looking into the "Public Chat" page, if anyone still has any questions let me know

  Are you sure? yes | no

Ketchup wrote 11/07/2020 at 16:21 point

Great Intro workshop! Thank you Asmita!

If this needs to be removed please let me know. if any one would like more information and resource links as well you can pm me.

Here is some GitHub resources for everyone to help them continue with the reverse engineering path.

https://github.com/wtsxDev/reverse-engineering

https://github.com/enaqx/awesome-pentest#reverse-engineering

https://cmu-sei.github.io/

https://github.com/trimstray/the-book-of-secret-knowledge - Has a very broad list of resources

---------

Labs/Challenges learning tools

https://guyinatuxedo.github.io/

https://www.begin.re/

  Are you sure? yes | no

Asmita wrote 11/09/2020 at 01:03 point

Thanks for sharing, great resource

  Are you sure? yes | no

FireHawk wrote 11/07/2020 at 05:23 point

I got the USB issue above, fixed by installing the extension pack according to the virtualbox popup. But I also get:

Failed to open a session for the virtual machine eXplIoT_OS_64BIT_1.3_1_1.

Not in a hypervisor partition (HVP=0) (VERR_NEM_NOT_AVAILABLE).

AMD-V is disabled in the BIOS (or by the host OS) (VERR_SVM_DISABLED).

Result Code: E_FAIL (0x80004005)
Component: ConsoleWrap
Interface: IConsole {872da645-4a9b-1727-bee2-5585105b9eed}

But apparently, windows 10 home doesn't have hyper-v available to it, and it is not an option in bios either. Not sure what to do.

The bios/mb in question is: https://www.gigabyte.com/Motherboard/GA-AB350N-Gaming-WIFI-rev-10#kf

EDIT: RESOLVED. Using VMWare, instructions popped up to disable virtualization the correct way:

1. gigabyte hides their virtualization setting in bios under advanced frequency settings, advanced again, then SVM. Enable that.

https://kb.vmware.com/s/article/2146361

see section with these instructions:

Open Registry Editor

Go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > DeviceGuard

On the right-hand side, write a new key

      a. Right Click > New > DWORD (32-bit) Value

      b. Name this Value "EnableVirtualizationBasedSecurity"
          By default, it should be 0, Double click, and confirm the value

      4. Go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Lsa

      5. On the right-hand side, write a new key

       a. Right Click > New > DWORD (32-bit) Value

       b. Name this Value "LsaCfgFlags"

 By default, it should be 0, Double click, and confirm the value

  Are you sure? yes | no

FireHawk wrote 11/07/2020 at 05:58 point

It also looks like virtualbox 6.1 doesn't support software virtualization, 6.0 is the last version that does. I downgraded to 6.0  but got "VT-x/AMD-V hardware acceleration is not available on your system. Your 64-bit guest will fail to detect a 64-bit CPU and will not be able to boot."

I suspect that with my hardware, I can only run 32-bit guest systems. That's absurd, considering I have a relatively new (Ryzen 2700x, late 2019) system.

  Are you sure? yes | no

FireHawk wrote 11/07/2020 at 06:01 point

You can disable hardware virtualization in version 6.0, but upon clicking ok on the settings box, virtualbox forces hardware virtualization on because it detected a 64 bit VM.

  Are you sure? yes | no

Victor Miranda wrote 11/06/2020 at 23:07 point

Hi folks!

I'm running VirtualBox 6.1.16 r140961 on an Arch Linux box, and I faced the following issue:

Failed to load ring-0 module 'VBoxEhciR0.r0' for device 'usb-ehci' (VERR_SYMBOL_VALUE_TOO_BIG).

My workaround: Downgraded VM's USB controller to USB 1.1.

Expect this doesn't cause collateral issues to follow the workshop.

  Are you sure? yes | no

Michael Goetzman wrote 11/06/2020 at 23:11 point

I received a similar error, and likewise removed the usb controller to correct it.

  Are you sure? yes | no

7benholmes wrote 11/06/2020 at 22:12 point

I'm getting an error saying .ova file doesn't contain an .ovf file. 

VBOX_E_FILE_ERROR (0x80BB0004) on Mac

Any ideas?

  Are you sure? yes | no

Michael Goetzman wrote 11/06/2020 at 22:19 point

Looks like a rights issue, have admin access to the virtual file?

  Are you sure? yes | no

7benholmes wrote 11/06/2020 at 23:17 point

I did have admin access. I think the file was just corrupted. I re-downloaded it and it worked fine. Thanks for the quick reply! 

  Are you sure? yes | no

Rich wrote 11/06/2020 at 22:22 point

Mine imported into VirtualBox with no problem on my MacBook.  Try the download again, maybe?  

  Are you sure? yes | no

Michael Goetzman wrote 11/06/2020 at 21:53 point

Was able to get mine working. ORacle VM Virtualbox :P

  Are you sure? yes | no

Rich wrote 11/06/2020 at 21:35 point

Mine imported correctly and booted, but I don't have the password to login.

  Are you sure? yes | no

Michael Goetzman wrote 11/06/2020 at 21:53 point

Check for the password in the google drive

  Are you sure? yes | no

Rich wrote 11/06/2020 at 22:19 point

The link from the email takes me to the HackadayRemoticon folder with only the ova file in it.  There doesn't appear to be any description associated with the file itself.

  Are you sure? yes | no

Asmita wrote 11/09/2020 at 01:00 point

Sorry, I missed the discussion here, I was looking into "Public chat" page, password is "exos"

  Are you sure? yes | no

Matt Starfield wrote 11/06/2020 at 20:54 point

Should we try to import `eXplIoT_OS_64BIT_1.ova` as a VM into Virtual Box prior to the course? I got an error "Failed to import appliance" 

Result Code: 
E_INVALIDARG (0x80070057)

  Are you sure? yes | no

Asmita wrote 11/09/2020 at 01:01 point

Was this issue soved?

  Are you sure? yes | no

Matt Starfield wrote 11/09/2020 at 15:29 point

Unfortunately, no, I wasn't able to get the VM image to import, but that's OK. I attended the session and followed along with your presentation. Thanks for following up and a great presentation!

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates