Pwn@Home An Attack Path to jailbreaking your home router

Recommendations

Info

Set-top-box Router Firmware File system decryption File system decryption Kernel contains a key used to decrypt the file system Use elite IDA script to extract it. Or subtile regexp: re.findall(’\x00[0-9a-f]64\x00’, kernel) with open(’rootfs.sqfs.enc’) as fp: rootfs_encrypted = fp.read() rc4 = ARC4.new(KERNEL_KEY) rc4.decrypt(’a’ * 3072) rootfs = rc4.decrypt(rootfs_encrypted) SquashFS compressed with LZMA
Set-top-box Router Firmware Untethering Plan 1 Introduction 2 Set-top-box 3 Router 4 Firmware Firmware retrieval and bootloader extraction Kernel decryption File system decryption Untethering 5 Conclusion
Page 1 and 2:
Pwn@Home An Attack Path to jailbrea
Page 3 and 4: Set-top-box Router Firmware Context
Page 5 and 6: Set-top-box Router Firmware Targets
Page 7 and 8: Set-top-box Router Firmware Plan 1
Page 9: Set-top-box Router Firmware Code ex
Page 12 and 13: Set-top-box Router Firmware Code ex
Page 16 and 17: Set-top-box Router Firmware Chroot
Page 22 and 23: Set-top-box Router Firmware Plan 1
Page 32 and 33: Set-top-box Router Firmware Arbitra
Page 45 and 46: Set-top-box Router Firmware Firmwar
Page 51 and 52: Set-top-box Router Firmware Kernel
Page 53: Set-top-box Router Firmware File sy
Page 57 and 58: Set-top-box Router Firmware Untethe
Page 59: Set-top-box Router Firmware Conclus
show all

Pwn@Home An Attack Path to jailbreaking your home router

Create successful ePaper yourself

Delete template?

Save as template?