Blog

We specialize in Products, Application and Infrastructure security assessments and deep technical security training.

...
...

Firmware Visual Analysis Part-1

by Abhijith Soman
26/06/2017

Firmware Visual Analysis Part-1

Introduction

Firmware analysis gives more understanding about the embedded device and what it contains.
It helps to,

  • Identify vulnerabilities in the embedded device firmware.
  • Improve product stability and resistance to attacks.
  • Do security auditing
  • Removal of copy protection
  • Extend functionality
  • Create backdoors

Use it for good, bad or ugly, firmware analysis is definitely fun.

How much data you’ll get just by looking at the visualisation of a binary file? Is that enough to compromise a system?

Sometimes the answer is yes.

Visual analysis is one of the efficient methods in firmware analysis, especially in case of unknown firmware images.
We could take a binary file, firmware image or virtually anything to do a visual analysis. Sometimes hard troubles can crack, just by looking into it with the right tools. We could even tell the CPU instruction set architecture from a visual analysis.

Tools

Binwalk

Binwalk is not just used for visual analysis. It’s a fast, easy to use tool for analysing, reverse engineering, and extracting firmware images. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules.

entropy analysis using binwalk

You can get it from https://github.com/devttys0/binwalk

Bin2bmp

This is a python script to visualise binary data in a graphical form. It’s really interesting to look at different types of files.

output of bin2bmp

You can get it from https://sourceforge.net/projects/bin2bmp/

pixd

If you prefer the command line way of getting things done, here you are. It visualises the binary file in a terminal emulator. Pretty useful if the file size is small.

pixd is a tool for visualising binary data using a colour palette. It is in a lot of ways akin to a hexdump tool, except using coloured squares to represent each octet. – from github

file fingerprints generated by pixd

You’ll get pixd from https://github.com/FireyFly/pixd

Conclusion

Visual inspection is a primary step, which could help you greatly. Although firmware visualisation can help you in various ways, It’s not a complete solution. To get more out of your firmware analysis you may have to combine it with other popular methods.

References

https://media.blackhat.com/us-13/US-13-Zaddach-Workshop-on-Embedded-Devices-Security-and-Firmware-Reverse-Engineering-WP.pdf
https://github.com/devttys0/binwalk/wiki

Token Stealing with Windows Update KB4054518

5-July-2019
Blogger
Siddhant Badhe

Introduction of Tcache bins in Heap management

13/03/2019
Blogger
Gaurav Nayak

6 Must have tools for your iOS pentesting toolkit

22/02/2019
Blogger
Akansha Kesharwani

Latest news See all news

23-Oct-2013
Luxembourg

We will be delivering a workshop on ARM Android Xploitation Primer at Hack.lu

22-May-2014
Moscow, Russia

We will be delivering a workshop on ARM Exploitation at PHDays

22-Sep-2014
Ghent, Belgium

We will be delivering 3 days training on ARM Android Exploitation at Brucon