|
after asking two separate mods about this but getting no reply I figured I'd post it anyway and if it breaks the rules I'll take whatever punishment it deserves i've been learning a fair amount of infosec stuff lately, mostly about unpacking and looking into firmware for all sorts of devices. I want to look at their underlying OS, some web app testing, and maybe even learn to do some decompiling and binary emulation. It's going well but I want to try and learn as I go and pick up some tips along the way. So I thought about making a let's play kinda thing. Why don't we get some POS Chinese firmware for a camera or something and all look at it and see if we can't teach us some infosec skills? we need some ground rules though: * don't touch the poop: that means no shodan or networks you don't own. Download the firmware or use your own device * we have to follow responsible disclosure. I'm not an expert on that so maybe someone should take responsibility for it * explain everything as you go and don't keep everything to yourself. This is supposed to be an educational experience Is this a good idea or a monumentally poo poo idea?
|
#
?
Jan 31, 2017 21:55
|
|
|
|
| # ? Apr 25, 2024 09:21 |
|
|
autism
|
|
#
?
Jan 31, 2017 22:00
|
|
|
probably. but that's how poo poo gets found and fixed. guess no takers for this then? anyone dabbling in this kinda thing but not getting anywhere?
|
|
#
?
Feb 1, 2017 18:47
|
|
|
you should have made a thread where you did something cool instead of making a thread to ask if it's ok to make a thread
|
|
#
?
Feb 1, 2017 18:52
|
|
|
|
|
#
?
Feb 1, 2017 19:42
|
|
|
in a sense I sort of have. I'll look for some things to download. cameras or dvrs? anyone got any suggestions for good IoT things to hack? is the thought that Chinese stuff will be more lovely a good one? or have I been playing too much Shenzhen I/O?
|
|
#
?
Feb 1, 2017 20:10
|
|
|
thehustler posted:* we have to follow responsible disclosure. lol pussy im not sure how you expect this to work on a public forum
|
|
#
?
Feb 1, 2017 20:12
|
|
|
Rufus Ping posted:lol pussy well to be fair there's the paywall? maybe we can get the thread moved to private game servers or it's loving stupid (it's that)
|
|
#
?
Feb 1, 2017 20:15
|
|
|
thehustler posted:in a sense I sort of have. I'll look for some things to download. cameras or dvrs? a nuclear power plant or a bank
|
|
#
?
Feb 1, 2017 20:16
|
|
|
op is an ideas guy, if someone could just do the work that would be great
|
|
#
?
Feb 1, 2017 22:22
|
|
|
i've cracked ur mom's internet of things dildo
|
|
#
?
Feb 1, 2017 22:32
|
|
|
let's not
|
|
#
?
Feb 1, 2017 22:55
|
|
|
good (?) effort op. maybe you can post some critical disassembled code for us and we can poke at it, but I don't see you getting any traction by asking us to do work
|
|
#
?
Feb 1, 2017 23:02
|
|
|
can someone work on the PS4 firmware for me so i can get free gamez, thanks!
|
|
#
?
Feb 1, 2017 23:43
|
|
|
ill start the wiki
|
|
#
?
Feb 1, 2017 23:47
|
|
|
I assume you've played through microcorruption if not, play through microcorruption "play"
|
|
#
?
Feb 1, 2017 23:48
|
|
|
I really wasn't expecting someone to do the work, I expected us to all chip in with different bits and maybe different folk had different skills and we could do tutorials and things but maybe this isn't a good medium for it
|
|
#
?
Feb 1, 2017 23:58
|
|
|
Uncle at Nintendo posted:can someone work on the PS4 firmware for me so i can get free gamez, thanks! there's nothing on the ps4 worth playing, so you're fine as is
|
|
#
?
Feb 2, 2017 00:02
|
|
|
akadajet posted:there's nothing on the ps4 worth playing, so you're fine as is best post in what is a lovely thread
|
|
#
?
Feb 2, 2017 00:12
|
|
|
assuming you know how to use binwalk, just pick something and get started. probs gonna be pretty boring though, at best you'll find a ton of poo poo with hardcoded passwords or shell access that's left open ipcams are interesting because their firmware is usually poo poo, and people tend to have them connected directly to the internet.
|
|
#
?
Feb 2, 2017 00:18
|
|
|
that was something I'd considered for the reason you stated. or cameras, I'd already got some of those. hardcoded creds can't be that popular still, surely? I found some in some wireless presentation gateways at work but unfortunately someone had beaten me to it a few years ago did allow me to tell our security guy that he sucks for not keeping the firmware up to date though, it's patched now
|
|
#
?
Feb 2, 2017 00:23
|
|
|
it's still pretty common. also in those home gateway/modem combos isps hand out. it's harder to find firmware for those though
|
|
#
?
Feb 2, 2017 00:35
|
|
|
infernal machines posted:it's still pretty common. also in those home gateway/modem combos isps hand out. it's harder to find firmware for those though well some are rebadged from a manufacturer so some of the firmware can be shared. but no, I can't get any for mine. JTAG well beyond my skills right now, sadly. not good at electronics
|
|
#
?
Feb 2, 2017 00:41
|
|
|
isps usually do custom badged distributions of the generic firmware. all the interesting stuff is in the isp specific versions though, because they tend to be horrific hackjobs
|
|
#
?
Feb 2, 2017 00:46
|
|
|
binwalkin' right into the garbage
|
|
#
?
Feb 2, 2017 04:01
|
|
|
why isnt finding vulnerabilities in firmware called sounding modern infosec missing some easy layups smdh
|
|
#
?
Feb 2, 2017 06:44
|
|
|
Captain Foo posted:binwalkin' right into the garbage 
|
|
#
?
Feb 2, 2017 21:08
|
|
|
seriously go play microcorruption its cool and good https://microcorruption.com/login
|
|
#
?
Feb 2, 2017 21:42
|
|
|
Bloody posted:seriously go play microcorruption its cool and good https://microcorruption.com/login this does actually look p cool thanks
|
|
#
?
Feb 2, 2017 23:54
|
|
|
Breakfast All Day posted:why isnt finding vulnerabilities in firmware called sounding 
|
|
#
?
Feb 3, 2017 00:52
|
|
|
responsible disclosure is loving stupid
|
|
#
?
Feb 3, 2017 00:59
|
|
|
hack the bank, op
|
|
#
?
Feb 3, 2017 10:37
|
|
|
Once when working for some poo poo startup I changed some SuperMicro firmware to display our company's logos on boot and it was really easy to modify, just needed to change a checksum somewhere in the binary and their firmware dl site was FTP also I had no experience doing that kind of thing before and the ease with which I could modify it concerned me hth op
|
|
#
?
Feb 3, 2017 20:24
|
|
|
is firmware with DES encryption securing the root password or pre-generated SSH private keys still a rampant thing?
|
|
#
?
Feb 4, 2017 04:26
|
|
|
i figured out i can bruteforce the 4-digit pin for my fuji instax printer, which was pretty fun other options for bypassing this security involve holding the power button down for 5 seconds or so
|
|
#
?
Feb 4, 2017 12:33
|
|
|
|
| # ? Apr 25, 2024 09:21 |
|
|
Jimmy Carter posted:is firmware with DES encryption securing the root password or pre-generated SSH private keys still a rampant thing? a bunch of stuff I downloaded was encrypted and I was annoyed. people are learning I guess. ps microcorruption loving rocks
|
|
#
?
Feb 4, 2017 16:03
|
|