Reversing Firmware

Akash Kandhare
4 min readJul 18, 2019

Hello Everyone! I writing this blog about how to reverse firmware.

Let’s see!….. How does that work?

Any IoT device you use, you will be interacting with firmware, and this is because firmware can be thought of as the actual code that runs on an IoT or embedded device. For this post, we will start by looking at various ways to extract the file system from firmware, and then move into going deeper into analyzing binaries for vulnerabilities.

First of all which firmware does reverse firstly download that file.

Unzip the downloaded file that is in the form of the zip file, through this command unzip DCS-932L_REVA_FIRMWARE_1.14.04.ZIP.

you can see in that two files that’s namely PDF and bin file, then I used the head command to try read binary files head dcs932l_v1.14.04.bin.

by using this command I got binary files formatted but not read by human eyes. that’s format read the only computer.

Then, I used string command to makes it possible to view the human-readable characters within any file strings -10 dcs932l_v1.14.04.bin|head

then I got some printable character text, which can read this text.

Next step I used the Binwalk command. Binwalk command designed for reverse engineering. it is designed for identifying files and code embedded inside of firmware images. binwalk dcs932l_v1.14.04.bin

I got three parts namely Decimal, Hexadecimal, Description. decimal parts show file location in decimal formats. hexadecimal parts show file location in hexadecimal formats and description parts shows of what was found at that location. I found using Binwalk a U-Boot string at 106352. At 327680, see a uImage header telling us that you find the OS kernel image in an LZMA archive that starts at 327744.

Before unpacking that LZMA archive and dig through it, need to carve it out of the larger binary by run dd if=dcs932l_v1.14.04.bin skip=327744 bs=1 of=kernel.lzma

You can check to ensure the LZMA archive came through OK by running file kernel .lzma.

Next, unpack that LZMA archive by running unlzma kernel.lzma

if you have to see what you have unpacked file by run command file kernel.

Next, I am going to run the binwalk against the data file with the binwalk kernel.

So, many outputs came there, including another LZMA archive at 4038656. If you scroll up to the top of the binwalk output you will see the Linux kernel version.

The next task is to extract that LZMA saw in there. use dd if=kernel skip=4038656 bs=1 of=mystery.lzma

and unpack the results with unlzma mystery.lzma. then, run by file mystery command.

it’s got a cpio archive format, then cpio format makes mkdir cpio and cd cpio. then unpacked cpio with cpio -idm — no-absolute-filenames < ../mystery.

then, I run command ls -l

The file system got me and I can explore.

Conclusion: Hence, the above showed result I extracted the whole file system by using reverse engineering techniques.

--

--