When #dtrx and #patool doesn't help, try #binwalk.

Now available as #rust crate as well! ☺️❤️

https://dilawars.notion.site/binwalk-and-friends-is-all-you-need-to-extract-arbitrary-binary-files-141e579bff898014a3e0e65a51e273d8

I had always wanted to try Kaitai Struct. This workshop of Eloise Brocas at @hack_lu
on exploring firmware just gave me the opportunity to do that on a custom firmware format.

https://ide.kaitai.io/devel/#
https://doc.kaitai.io

#kaitai #firmware #binwalk #unblob #hacklu2024

Oh cool, #binwalk has been rewritten in #Rust and a beta is available.

(Word is that it's significantly faster than the older v2.)

https://github.com/ReFirmLabs/binwalk/tree/binwalkv3

ah yes

extracting a zip file using #binwalk

a totally normal thing to do

TIL about #binwalk's `-M` or `--matryoshka` option :'D

https://github.com/ReFirmLabs/binwalk/wiki/Usage#-m---matryoshka

Just did some baby steps on reverse engineering firmware on day 20 of #AdventOfCyber2022 with #Binwalk and #FirmwareModKit
Tomorrow will be the day of hacking a camera of some sort.

#tryhackme

DOOM On a Desk Phone is Just the Tip of the Iceburg

These days we expect even the cheapest of burner smartphones to feature a multi-core processor, at least a gigabyte of RAM, and a Linux-based operating system. But obviously those sort of specs are unnecessary for an old school POTS desktop phone. Well, that's what we thought. Then [Josh Max] wrote in to tell us about his adventures in hacking the CaptionCall, and now we're eager to see what the community can do with root access on a surprisingly powerful Linux phone.

As the names implies, the CaptionCall is a desk phone with an LCD above the keypad that shows real-time captions. Anyone in the United States with hearing loss can get one of these phones for free from the government, so naturally they sell for peanuts on the second hand market. Well, at least they did. Then [Josh] had to go ahead and crack the root password for the ARMv7 i.MX6 powered phone, started poking around inside of its 4 GB of onboard NAND, and got the thing running DOOM.

Tapping into the serial port.

If you're interested in the technical details, [Josh] has done a great job taking us step by step through his process. It's a story that will be at least somewhat familiar to anyone who's played around with embedded Linux devices, and unsurprisingly, starts with locating a serial port header on the PCB.

Finding the environment variables to pretty tightly locked down, he took the slow-route and dumped the phone's firmware 80 characters at a time with U-Boot's "memory display" command. Passing the recovered firmware image through binwalk and a password cracker got him the root credentials in short order, and from there, that serial port got a whole lot more useful.

[Josh] kicked the phone's original UI to the curb, set up an ARM Debian Jessie chroot, and started working his way towards a fully functional Linux environment. With audio, video, and even keypad support secured, he was ready to boot up everyone's favorite 1993 shooter. He's been kind enough to share his work in a GitHub repository, and while it might not be a turn-key experience, all the pieces are here to fully bend the hardware to your will.

Historically, running DOOM on a new piece of hardware has been the harbinger of bigger and better things to come. With unfettered access to its Linux operating system up for grabs, we predict the CaptionCall is going to become a popular hacking target going forward, and we can't wait to see it.

#linuxhacks #softwarehacks #binwalk #deskphone #doesitrundoom #doom #embeddedlinux #serialport #uboot