Setup a VM for Firmware /IOT analysis

The Internet of Things“ will be a term that we will hear and be confronted more and more in the future. Such a thing can be a person with a heart monitor implant or simply a „smart watch“, „fitness tracker“ or any other embedded device that can be connected or controlled over the internet. Below you’ll see some examples and the list is huge:

 

I was asking myself what kind of opensource tools do we have to analyze the firmware of embedded/IOT devices and did some researches. In this post I want to show you how you can build your own virtual machine with some opensource tools to get started. First let’s download a preinstalled Image of KALI Linux.

https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/

Before starting the VM we have to made sure in the network settings of Virtualbox that our virtual machine has access to the internet.

Tools we want to install:

  • binwalk
  • FAT (Firmadyne,QEMU, Firmware mod kit,firmwalker,mitm proxy)
  • Kdiff3
  • Radare2
  • OpenOCD
  • Flashrom
  • Buidroot
  • GDB-Multiarch
  • GNU radio companion /GQRX
  • RTL-SDR Tools
  • Ubertooth, HackRF Tools
  • Zigbee Tools (Killerbee)

Navigate to: https://github.com/attify/firmware-analysis-toolkit

First let’s install binwalk and the firmware analysis toolkit:

sudo apt-get install binwalk

Install firmadyne and dependencies:

sudo apt-get install busybox-static fakeroot git kpartx
netcat-openbsd nmap python-psycopg2 python3-psycopg2 snmp uml-utilities
util-linux vlan qemu-system-arm qemu-system-mips qemu-system-x86
qemu-utils

git clone --recursive https://github.com/firmadyne/firmadyne.git

cd ./firmadyne; ./download.sh

Edit firmadyne.config and make the FIRMWARE_DIR point to the current location of Firmadyne folder.

Setting up FAT

git clone https://github.com/attify/firmware-analysis-toolkit
mv firmware-analysis-toolkit/fat.py .
mv firmware-analysis-toolkit/reset.sh .
chmod +x fat.py 
chmod +x reset.sh
vi fat.py

Here, edit the line number 9 which is firmadyne_path = '/root/tools/firmadyne' to the correct path in your system.

Setting up Firmware-mod-kit

sudo apt-get install git build-essential zlib1g-dev liblzma-dev python-magic
git clone https://github.com/brianpow/firmware-mod-kit.git

Find the location of binwalk using which binwalk . Modify the file shared-ng.inc to change the value of variable BINWALK to the value of /usr/local/bin/binwalk (if that is where your binwalk is installed)

Setting up MITM Proxy

apt-get install mitmproxy

Setting up Firmwalker

git clone https://github.com/craigz28/firmwalker.git

sudo apt-get install git build-essential zlib1g-dev liblzma-dev python-magic
git clone https://github.com/brianpow/firmware-mod-kit.git

Install Flashrom 0.99

wget apt-get http://download.flashrom.org/releases/flashrom-0.9.9.tar.bz2
./configure
make && make install

Install Radar2

sudo apt-get install radar2

Install OpenOCD

sudo apt-get install openocd

Install gdb-multiarch

sudo apt-get install gdb-multiarch

Install gnu-radio / gqrx / rtl-sdr

sudo apt-get install gnuradio gqrx rtl-sdr

Install hackrf / ubertooth

sudo apt-get install hackrf ubertooth

Install Killerbee

apt-get install python-gtk2 python-cairo python-usb python-crypto
python-serial python-dev libgcrypt-dev
sudo apt-get install mercurial
hg clone https://bitbucket.org/secdev/scapy-com
cd scapy-com
chmod +x reset.sh
python setup.py install
cd ..
git clone https://github.com/riverloopsec/killerbee.git
cd killerbee
python setup.py install
cd tools/
chmode +x *

Additional Tools (Arduino and XTCU)

sudo apt-get install arduino arduino-core

For XTCU go to the following URL and download the linux binary:

https://www.digi.com/xctu-linux-x64

chmod +x 40002881_J.run

./40002881_J.run

Now we are done and ready to start with some exercise 🙂

 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.