Firmware Vulnerability Analysis presented at Atlseccon 2015

by Jeremy Richards,

Summary : Bad code is everywhere and the tools to dig it up are maturing at an astonishing rate. The day of reckoning has come device manufacturers who have neglected the adoption of secure development practices. Join us as we dive into firmware updates for many different devices and uncover undocumented 'recovery features' (backdoors), hardcoded accounts, direct url access/permissions issues and buffer overflows.
This presentation will discuss bindiff for automated extraction and dd to carve useful data out of firmware files manually. We use IDA to dive deep and analyze MIPS ELF binaries. We use QEMU to emulate processes remote debug in IDA with GDB.