Firmware Visual Analysis Part-1

Introduction

Firmware analysis gives more understanding about the embedded device and what it contains.
It helps to,

  • Identify vulnerabilities in the embedded device firmware.
  • Improve product stability and resistance to attacks.
  • Do security auditing
  • Removal of copy protection
  • Extend functionality
  • Create backdoors

Use it for good, bad or ugly, firmware analysis is definitely fun.

How much data you’ll get just by looking at the visualisation of a binary file? Is that enough to compromise a system?

Sometimes the answer is yes.

Visual analysis is one of the efficient methods in firmware analysis, especially in case of unknown firmware images.
We could take a binary file, firmware image or virtually anything to do a visual analysis. Sometimes hard troubles can crack, just by looking into it with the right tools. We could even tell the CPU instruction set architecture from a visual analysis.

Tools

Binwalk

Binwalk is not just used for visual analysis. It’s a fast, easy to use tool for analysing, reverse engineering, and extracting firmware images. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules.

entropy analysis using binwalk

You can get it from https://github.com/devttys0/binwalk

Bin2bmp

This is a python script to visualise binary data in a graphical form. It’s really interesting to look at different types of files.

output of bin2bmp

You can get it from https://sourceforge.net/projects/bin2bmp/

pixd

If you prefer the command line way of getting things done, here you are. It visualises the binary file in a terminal emulator. Pretty useful if the file size is small.

pixd is a tool for visualising binary data using a colour palette. It is in a lot of ways akin to a hexdump tool, except using coloured squares to represent each octet. – from github

file fingerprints generated by pixd

You’ll get pixd from https://github.com/FireyFly/pixd

Conclusion

Visual inspection is a primary step, which could help you greatly. Although firmware visualisation can help you in various ways, It’s not a complete solution. To get more out of your firmware analysis you may have to combine it with other popular methods.

References

https://media.blackhat.com/us-13/US-13-Zaddach-Workshop-on-Embedded-Devices-Security-and-Firmware-Reverse-Engineering-WP.pdf
https://github.com/devttys0/binwalk/wiki
https://github.com/devttys0/binwalk/wiki/Quick-Start-Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + seventeen =