Pwn@Home An Attack Path to jailbreaking your home router

Recommendations

Info

Set-top-box Router Firmware Firmware retrieval and bootloader extraction NAND read Firmware can be downloaded from operator network or MTD # for i in ‘seq 0 5‘; do echo -n "$i - "; cat /sys/class/mtd/mtd$i/name; done 0 - all 1 - u-boot ; bootloader 2 - serial 3 - calibration 4 - bank0 ; firmware 5 - nvram ; non volatile RAM # dd if=/dev/mtd4 of=bank0 bs=4096
Set-top-box Router Firmware Firmware retrieval and bootloader extraction Dump of bootloader Bootloader is also readable from a NAND NAND content is repeated every 0x20000 bytes dd if=/dev/mtd1 of=u-boot bs=4096 count=32 $ strings -n 10 u-boot - Decompress ... - Decompression failed. - Decompress done, jumping. CodeReal: invalid data Signal raised!
Page 1 and 2: Pwn@Home An Attack Path to jailbrea
Page 3 and 4: Set-top-box Router Firmware Context
Page 5 and 6: Set-top-box Router Firmware Targets
Page 7 and 8: Set-top-box Router Firmware Plan 1
Page 9: Set-top-box Router Firmware Code ex
Page 12 and 13: Set-top-box Router Firmware Code ex
Page 16 and 17: Set-top-box Router Firmware Chroot
Page 22 and 23: Set-top-box Router Firmware Plan 1
Page 32 and 33: Set-top-box Router Firmware Arbitra
Page 45: Set-top-box Router Firmware Firmwar
Page 49 and 50: Set-top-box Router Firmware Firmwar
Page 51 and 52: Set-top-box Router Firmware Kernel
Page 53 and 54: Set-top-box Router Firmware File sy
Page 55 and 56: Set-top-box Router Firmware Untethe
Page 57 and 58: Set-top-box Router Firmware Untethe
Page 59: Set-top-box Router Firmware Conclus

Pwn@Home An Attack Path to jailbreaking your home router

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?