Supply Chain Risk: The HiSilicon Backdoor

Supply Chain Risk: The HiSilicon Backdoor

Supply Chain Risk: The HiSilicon Backdoor The HiSilicon / Xiongmai Backdoor and 3rd Party Component Risk Last week saw a flurry of news about a research report by Vladislav Yarmak describing a backdoor in the firmware of DVR/NVR devices built using the video...
Reverse Engineering My Router’s Firmware with binwalk

Reverse Engineering My Router’s Firmware with binwalk

Reverse Engineering My Router’s Firmware with binwalk Author: Sergio Prado (reposted with permission) A few days ago I decided to reverse engineer my router’s firmware image with binwalk. I’ve bought the TP-Link Archer C7 home router. Not one of the best, but...
D-Link: A Firmware Security Analysis – Part 4

D-Link: A Firmware Security Analysis – Part 4

D-Link: A Firmware Security Analysis – Part 4 Firmware Exploitation This is the part you’ve been waiting for right? We’ve downloaded a firmware, scoured through it for hours, found a vulnerability, emulated it, and now it’s time to write an exploit. Our goal is...
Source Code Analysis: A False Sense of Firmware Security

Source Code Analysis: A False Sense of Firmware Security

Source Code Analysis: A False Sense of Firmware Security The Truth About Source Code Analyzers   Welcome to a World of False Positives Source code analysis produces a large amount of “false positive” results, which is one of the biggest complaints we...
D-Link: A Firmware Security Analysis – Part 4

D-Link: A Firmware Security Analysis – Part 3

D-Link: A Firmware Security Analysis – Part 3 The Firmware Exploitation Methodology In part two of our firmware analysis, we discovered a potential overflow in the administration server, alphapd. It appears if you send a long string in the WEPEncryption field to...