Creating Malicious Firmware with Firmware-Mod-Kit

June 18, 2013

Firmware-Mod-Kit to make Malicious Firmware

The intent of this tech segment is really to show how insecure devices are, and how we need to be cautious when rooting, modifying or updating firmware. Where it first starts is a tool create by Craig Heffner and Jeremy Collake ( download here ). It allows you to take firmware and strip it down to its root file system, Craig uses that and binwalk a lot in his blog for embedded device hacking devttys0 . The use of the collection of scripts is completely easy, however, it saves you tons and tons of time, doing any of it manually would take hours if not days. Lets dive right into it.
First, we need to extract the firmware we have. I am using a router that is running dd-wrt, so I figure that would be a good firmware to get and rip apart. First, we run the command ./extract-firmware.sh filename. This will decompress the firmware and put it nicely into a “fmk/” directory.

Next we extract the dd-wrt gui (web sites) by typing ./ddwrt-gui-extract.sh:

We then find our target page Info.htm, open it and add in our XSS beef hook:

We package it all up and with ./ddwrt-gui-rebuild & ./build-firmware. When its done, we flash our router with the new firmware. When we come back to the page… our browser is now hooked and expoited.

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Researcher for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

A young woman with a smartphone walks past a billboard advertisement for YouTube.

Threat Management

Majority of YouTube accounts Google terminated in Q3 linked to China

Steve ZurierAugust 29, 2022

While some of the 1,546 YouTube channels terminated by Google emanated from Russia, the vast majority blocked were linked to China.

Content

DevSecOps Scanning Challenges & Tips

Bill BrennerOctober 26, 2021

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

Content

It Should Be ‘Cybersecurity Culture Month’

Bill BrennerOctober 19, 2021

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news