Cool video however instead of using bc and calculating offsets you can just add `-e` to binwalk and it will automatically extract out all parts it finds to a sub-folder.
Found your channel because of the video of you wrecking that scammer’s database, and from someone whose parents fell victim to a similar scam, where I had to watch firsthand the level of fear, uncertainty, anger, and just general distrust of humanity that develops from someone who has to go through that, just know you did a genuine service to society, and it was so f*cking badass it brought a tear to my eye. Like the f*cking Batman of code, keep it up my man, loving your work!
Omg this is amazing. Not only I learned the beginnings of reverse engineering, I learn useful Linux utils. Can’t thank you enough. The entropy chart is so so awesome.
Good stuff, thank you. A couple of observations. LZM and the entropy you mentioned at 3:39 indicates compression not obfuscation. LZW compression creates a dictionary and then stores it at the end of the file and the offsets/dict refs are what you see at the high entropy levels. With binaries the byte sequences are rarely going to repeat often so that is why everything is skewed to the right. Also, you could just use binwalk -e instead of messing with dd tool and offset calcs. Binwalk -d also lets you cherry pick the files if you know their names or suspect some content using regex. I just learnt this today at a defcon. Fun stuff!
Excellent! Now 1) I finally understand what to use the entropy chart for and 2) a simple redirect of “lzma -d” fixes my issues with corruption errors (I kept trying to guess the end of the file).
00:58 project introduction 01:43 download firmware 02:18 binwalk 03:25 binwalk: information entropy 04:06 squashfs: compressed linux directory 04:26 dd: unpack squashfs 05:03 how to look at squashfs: mount vs extract; extract: unsquashfs 05:20 cd into extracted folder 06:00 LZMA archive 06:28 dd (+count) 07:17 lzma -d (extract and discard garbage) 07:40 binwalk onto extracted LZMA This table of content was created using "Smart Bookmarks for UA-cam" chrome extension. You can import and edit them using this extension. You can install it from the official Chrome Store Page (shortened link): smb.page.link/store
I've worked as a linux engineer for ~15 years now. You wouldn't believe the amount of people that behave like they know linux...... but don't know nearly as much as they think they do. The smartest people I've met will tell you that "I know enough but I'm always learning something new."
I watch your ads to show my support. You should definitely do another one of these, but make it so we can follow along with you. Loved it, mate. Thanks
FWIW, you don't need to separate out the squashfs... Just use: sudo losetup -o (byte offset in file) /dev/loop0 (image file name here) Then mount /dev/loop0 on a folder of your choice. I work with raw HDD images this way. It saves time for me, but YMMV by purpose. LOL, lots to learn here in the comments too!
What to do when the entire .bin firmware is showing as the LZMA compressed data? Weirdly showing a JPEG description as the first line in binwalk, so did skip= the number where the LZMA starts, then it's just all LZMA to the end, so my final dd command is dd if=firmware.bin skip= -of=firmware.lzma bs=1....... then did lzma -d and it had the same "compressed data is corrupt" error you had, but there was no file generated 🤔
Does this form the basis of how Jailbreaks happen? Like the PS3, older iOSes, the Wii (Homebrew Channel) etc. By reversing the firmware and uploading your own patch?
Hey! I was looking for reverse engineering related videos and that's how I found your channel! Awesome explanation ^.^ Could you please create a sort of series of these videos or something? I am trying to learn reverse engineering of x64 based malware. So if you find it feasible then please share videos related to this topic 😃
Hey man, Ive been trying to make small ui changes to my router firmware. I tried extracting it, and replaced a few images , now how do i do the rest and make it a working firmware. can you please answer or suggest a video to watch and understand this kind of stuff. Ive been searching all over the internet for days, maybe i dont have the right words to search but i havent found anything useful yet. this video was the closest. Thank you in advance
Fabulous. Looking for instructions on how to put the firmware image back together after changing the spelling on one web page. Thinking some combination of mksquashfs and mkimage, but cannot find instructions that match the clarity of this video.
great although i would've probably renamed your bin file and or your archive to something with a shorter name just for easier handling (ok using autocompletion does not give a crap about it but some people may want to read and understand your command). also what is that glow around your outline? i guess artifacts from a greenscreening solution...
If you could help me get a firmware for nikon d3300, which was C - 1.00 and L - 2.002 and this is what camera with the camera and this is what I need. After firmware update image quality is very bad.
great video as always, I got stuck at the unsquashfs part but kept watching anyway. whenever I tried unsquashfs Linux it gave me this message "Can't find a SQUASHFS superblock on Linux" is there anything im missing? i followed along side the video and still hit this hiccup
@@elpsykongr00 so if I connect a device to my pc, and I have a program on that pc, that download a firmware and transfers it to the usb device, can that program then “get” the firmware?
I am trying to reverse engineer a firmware and binwalk is giving up nothing. Do you know any effective tool to reverse a baremetal file? I don't think its a linux root file system and is not encrypted either. I just don't know how to do it in IDA pro or in ghidra etc. I can provide you the firmware if you or anyone else is interested. Its a Chinese goodie and I am just curious to know whats inside.
lol i wasn't expecting a reply from you haha keep up the good work! I found out about that tool while dual majoring in netsec and tech forensics 10 years ago, it can be a life saver
Hey can you explain what happens in the the social network movie hacking scene where mark is stealing pictures from different houses using scripts? Would love an detailed explanation as to what's going on in the background.
Cool video however instead of using bc and calculating offsets you can just add `-e` to binwalk and it will automatically extract out all parts it finds to a sub-folder.
Found your channel because of the video of you wrecking that scammer’s database, and from someone whose parents fell victim to a similar scam, where I had to watch firsthand the level of fear, uncertainty, anger, and just general distrust of humanity that develops from someone who has to go through that, just know you did a genuine service to society, and it was so f*cking badass it brought a tear to my eye. Like the f*cking Batman of code, keep it up my man, loving your work!
Thanks for the kind words, James. Happy to help.
Omg this is amazing. Not only I learned the beginnings of reverse engineering, I learn useful Linux utils. Can’t thank you enough. The entropy chart is so so awesome.
Good stuff, thank you. A couple of observations. LZM and the entropy you mentioned at 3:39 indicates compression not obfuscation. LZW compression creates a dictionary and then stores it at the end of the file and the offsets/dict refs are what you see at the high entropy levels. With binaries the byte sequences are rarely going to repeat often so that is why everything is skewed to the right. Also, you could just use binwalk -e instead of messing with dd tool and offset calcs. Binwalk -d also lets you cherry pick the files if you know their names or suspect some content using regex. I just learnt this today at a defcon. Fun stuff!
Accurate and straight to the point. I like it!
This dude is legendary! Thanks for the intro man.
Your presentation style is excellent for this type of video. thank you.
I really appreciate low level programming on this channel.
Keep it up ! :)
Excellent! Now 1) I finally understand what to use the entropy chart for and 2) a simple redirect of “lzma -d” fixes my issues with corruption errors (I kept trying to guess the end of the file).
that binwalk program is awesome! thank you for this video
"Reverse Engineers" - I see what you did there. Lol.
That was awesome, please continue and make more videos on this topic!
00:58 project introduction
01:43 download firmware
02:18 binwalk
03:25 binwalk: information entropy
04:06 squashfs: compressed linux directory
04:26 dd: unpack squashfs
05:03 how to look at squashfs: mount vs extract;
extract: unsquashfs
05:20 cd into extracted folder
06:00 LZMA archive
06:28 dd (+count)
07:17 lzma -d (extract and discard garbage)
07:40 binwalk onto extracted LZMA
This table of content was created using "Smart Bookmarks for UA-cam" chrome extension. You can import and edit them using this extension. You can install it from the official Chrome Store Page (shortened link): smb.page.link/store
As someone that thought I knew linux, I now understand I know nothing.
I've worked as a linux engineer for ~15 years now. You wouldn't believe the amount of people that behave like they know linux...... but don't know nearly as much as they think they do. The smartest people I've met will tell you that "I know enough but I'm always learning something new."
I watch your ads to show my support. You should definitely do another one of these, but make it so we can follow along with you. Loved it, mate. Thanks
You're the real MVP here.
One of the best reverse engineering videos I have seen so far.
This was fantastic!!! Please do more reverse engineering. Thank you.
Brilliant, hope you'll make more videos regarding this subject, I thoroughly enjoyed it!
Btw, thanks for all your effort, I really appreciate it :)
Wow, this is amazing :D
I like that the topics you cover are quite broad
Classic things that I always love, welcome to IoT security
Please keep on making such low level informative videos. Thanks for this one.
I need more of this! Been wanting to add things to Home Assistant. This is exactly what I need. Thanks!
That intro was genius, Damnit Engineer man your so cool, I’m sorry, Reverse Engineer man
Thanks for this. I want to examine my Hikvision IP cameras.
This is the video that will make me go down baaaaad, in the rabbit hole ;)
Great intro into RE
Cool, did have no idea starting is so easy, thanks for sharing!
Can't wait for the UART video
very profesisonal. i felt like i was in a ted talk
That was brilliant! Jake from UK 🇬🇧
You spelled State Farm wrong. 😉
Best reverse engineering video I've seen. And he wasn't wearing a black hoodie?!?!
From the UK 🇬🇧. Thank you
Can you post a link to where you got that firmware? I searched for the exact version on Netgear's site but couldn't find it. Wanted to follow along.
champion - encourage bored young people to look inside the machine - marvelous
FWIW, you don't need to separate out the squashfs... Just use:
sudo losetup -o (byte offset in file) /dev/loop0 (image file name here)
Then mount /dev/loop0 on a folder of your choice. I work with raw HDD images this way. It saves time for me, but YMMV by purpose.
LOL, lots to learn here in the comments too!
cool video, learned something new again. thanks for sharing.
YOU DON'T NEED dd TO EXTRACT THE FILES.
Just use binwalk -e file.img
Where's the fun in that?
Freakin Finally Im getting to the bottom of some of this !
What to do when the entire .bin firmware is showing as the LZMA compressed data? Weirdly showing a JPEG description as the first line in binwalk, so did skip= the number where the LZMA starts, then it's just all LZMA to the end, so my final dd command is dd if=firmware.bin skip= -of=firmware.lzma bs=1....... then did lzma -d and it had the same "compressed data is corrupt" error you had, but there was no file generated 🤔
Can’t give this video enough thumbs 👍👍👍
Yes do a UART video please. Your explanations are really good.
Great video. You should make more rev. Engineering videos!
Very informative. Thanks man.
This was awesome! Thanks
Does this form the basis of how Jailbreaks happen? Like the PS3, older iOSes, the Wii (Homebrew Channel) etc. By reversing the firmware and uploading your own patch?
Hey! I was looking for reverse engineering related videos and that's how I found your channel! Awesome explanation ^.^
Could you please create a sort of series of these videos or something? I am trying to learn reverse engineering of x64 based malware. So if you find it feasible then please share videos related to this topic 😃
Hey man, Ive been trying to make small ui changes to my router firmware. I tried extracting it, and replaced a few images , now how do i do the rest and make it a working firmware. can you please answer or suggest a video to watch and understand this kind of stuff. Ive been searching all over the internet for days, maybe i dont have the right words to search but i havent found anything useful yet. this video was the closest. Thank you in advance
This was fascinating
Very nice video. Is there any way to modify files in the firmware and pack this back to a new firmware?
Fabulous. Looking for instructions on how to put the firmware image back together after changing the spelling on one web page. Thinking some combination of mksquashfs and mkimage, but cannot find instructions that match the clarity of this video.
You are great at explaining what you are doing 👍 you should do more reverse engineering videos 🙂
Very informative video , Thank you !
Binwalk shows empty result on my firmware file...entropy is all 1. what should I do
Is it possible to modify the extracted firmware? Recompile it then flash it back?
how to find and replace tv logo using this software.Can u do tutorial.
hello engineer man, where do u find firmware updates? for fitbit especially?
How to re-compress it after changing?
This is a terrific video.
would also be nice to see some ways would you would call best practice to modify and pack again back
great although i would've probably renamed your bin file and or your archive to something with a shorter name just for easier handling (ok using autocompletion does not give a crap about it but some people may want to read and understand your command). also what is that glow around your outline? i guess artifacts from a greenscreening solution...
If atmega328 mcu lock with lock bits high voltage programmer can reset lock bits without code or programe lossing?
Where can one get more info on reverse engineering hardware? Is there a community out there?
Good stuff! Thanks!
This is amazing. More!!!
ok after 30 hours of study I might be able to understand 1/8th of what you just showed.
Hi, as you extract img file use it in a fresh start in a virtual box. If I'm wrong tech us install cases. Everything is a mind storm. Thanks.
If you could help me get a firmware for nikon d3300, which was C - 1.00 and L - 2.002 and this is what camera with the camera and this is what I need. After firmware update image quality is very bad.
WOW! Using DD? Impressive.
any videos on reverse engineering intel 8051 binaries?
I want know how to decompress zlib bin file?
Would this also work with reverse engineering Nvidia vBIOS?!
Took me one second to subscribe👌👍
this is wizzard level shit right here.
great video as always, I got stuck at the unsquashfs part but kept watching anyway.
whenever I tried unsquashfs Linux it gave me this message "Can't find a SQUASHFS superblock on Linux" is there anything im missing? i followed along side the video and still hit this hiccup
Please! More reverse engineering!!!
I got a question how did you learn this ?
Hey man, which OS are you using in this video?
I'm using Xubuntu.
keep up good work bro :)
How would I get the firmware, if it’s being downloaded from a server into my computer and then into a device via USB?
try wireshark
@@elpsykongr00 so if I connect a device to my pc, and I have a program on that pc, that download a firmware and transfers it to the usb device, can that program then “get” the firmware?
Which linux distro do you use?
I am trying to reverse engineer a firmware and binwalk is giving up nothing. Do you know any effective tool to reverse a baremetal file? I don't think its a linux root file system and is not encrypted either. I just don't know how to do it in IDA pro or in ghidra etc. I can provide you the firmware if you or anyone else is interested. Its a Chinese goodie and I am just curious to know whats inside.
How to re bundle it to binary
Pro-Tip. dcfldd is dd with a status bar. Its pretty sweet
Huh, nice one. I didn't know about this tool. For progress I often did dd | pv | dd.
lol i wasn't expecting a reply from you haha keep up the good work! I found out about that tool while dual majoring in netsec and tech forensics 10 years ago, it can be a life saver
I read every comment, just not practical to respond to everything.
I tried this on the Telekom Speedport Smart firmware but binwalk didn't find anything.
Obfuscated I guess.
Can you help me with a Huawei modem to extract firmware friend?
Hey there... I have a microscope. I would like to fix the firmware.. was Just wondering if you please could help me do this...
hi you can help me for install on frameware in linux centos or anyone linux version on the hp server
Awesome ! :)
The OS in the title would help.
Was interested in phone OS/Firmware, thats what i though it was.
Anyone have any Experience
Making of the Kosher NOKIA Phone
of have Flash file
Engineer Man reverse engineering? Morelike... Reenigne Man.
I dig it.
@@EngineerMan i would too, but it's clearly not a domain name
i wish that I wish I could understand so much I would like to solve a driver.
Good day man.., very interesting vid here.. any way i can PM you..?
Some more firmwares for revesrse: mega.nz/folder/aWoGFS5B#6dvgkfn-W7HveZAEVXBhEg
Hey can you explain what happens in the the social network movie hacking scene where mark is stealing pictures from different houses using scripts? Would love an detailed explanation as to what's going on in the background.
thank you but how compressed files after editing ?
AI series please
but... you did't reverse engineer any firmware :(
do on jffs2
how to?
what's up with that raised eyebrow?