JFFS2 Firmware Modification - IoT Pentesting Tips and Tricks
Вставка
- Опубліковано 8 вер 2024
- In this video, I show a unique problem I encountered during an IoT pentest when trying to modify a JFFS2 filesystem on a flash chip with a smaller than usual eraseblock size.
random internet post about JFFS2 that help me:
alice.physi.un...
Need IoT pentesting or reverse engineering services?
Please consider Brown Fine Security:
brownfinesecur...
IoT Hackers Hangout Community Discord Invite:
/ discord
🛠️ Stuff I Use 🛠️
🪛 Tools:
Raspberry PI Pico: amzn.to/3XVMS3K
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
- Soli Deo Gloria
💻 Social:
website: brownfinesecur...
twitter: / nmatt0
linkedin: / mattbrwn
github: github.com/nma...
#hacking #iot #cybersecurity
Holy wow! This is a perfect example of so many different benefits of "open-source" software and troubleshooting! freaking amazing, keep it rollin' Matt!
Matt, great job troubleshooting the issue! It is always cool to locate hints from years ago on the web and also surprising that the host, server, etc. is still accessible after 10 plus years.
Thank you for sharing!
Great video! Thank you for showcasing your thought process when faced with an obstacle. Learning to understand and overcome failure is a critical skill!
'wrong eraseblock size' caused me problems until I came across the same post a decade ago and I was some USB mounting stuff. Its the first thing I check when I get errors doing simple stuff with filesystems.
Early bird gets the worm!
Great job on another video, Matt! Super proud of you.
Thanks for showing the pice of old doc that was the needle in the haystack. In my job i often have to find those too and it helps to see the process. Great job
Thanks Matt another great explanation and information it would take weeks researching. Your channel is a great benefit to those that want to know how the electronics truly work. And their weaknesses to attack and/or find out what the devices around them are truly doing. Since it is a lot more than what we are told or lead to believe.
so cool video! , it will be great if you cover some part of explotation about network services in some iot devices, covering cves, debugging etc...
Interesting video, it's even nice to see how you use the shell.
btw you don't need flux for de-soldering. that will save you some clean up! the solder will melt at the same temperature with hot air whatever.
flux is mildly corrosive and helps the solder flow and adhere when soldering.
Good thing that the internet never forgets :)
Very interesting, thanks for sharing this! 😊
It would be nice to disassemble a Huawei 4G or 5G latest devices and get a shell they have password protected uart and the bootloader is kinda signed they have high level of security. Thanks for the video
Great stuff!
Very useful video. Thank you.
Wow, what a great video! 👌👌👌👍👍👍👍
I had exactly this issue 2 years ago with some cheap chinese mini router! Too bad I did not have the video on hand, I gave up :(
what router brand?
@@JupiterRoom No name, aliexpress purchase of a friend of mine.
Excellent video.
Great job matt!
Well done! Awesome
Makes you wonder why mkfs.jffs2 had that 8k erase block size to begin with. Have standards for flash chips changed recently? Is it a technical constraint that older chips couldn't erase blocks smaller than that?
Excellent timing. Any chance of doing one on SquashFS?
Did you remove the RF communication video? The one where you used a 3.5 mm connector to transmit radio frequency?
Bro I have a leappad2 and don't know what is what on the motherboard. Can you please help me or make a video firmware extracting it and making its screen display the console.
bro which OS do you use.
Arch Linux + I3WM
👍👍👍👍🎩🎩🎩🎩
`mount -o loop ..` not working ?
Loop is a block device, block devices don't have the concept of an erase block size. On real flash, to write something you first have to destroy the entire block and then write a fresh one. This video is about flash, block devices are something completely different.
KEEP HACKING THE ISP ROUTERS , YOU ARE MAKING US PROUD , KEEP CROSS COMPILING AND TTY COMMUNICATING
Why this 8KiB limit exists? 🤔
Not sure really
Been over a decade since researching this, 4KiB minimum worked on 32bit systems. mtd-utils had this same problem on 64bit systems back then. Automated tools might have been used to do some of the low level conversion for 64bit resulting in a doubling of the minimum size. Probably an oversight.
I'm a trash programmer so don't take this as truth.
@@SlinkyD Then this is very strange if this kind of filesystem should work as in real hardware (here limit 4KiB) in embedded systems, even 64bit.
@@jankomuzykant1844 I did write that 1st part kinda ambiguous and will edit. I think the problem came when mtd-utils started to be compiled for 64bit systems and they used an autotool to refactor, it just doubled the eraseblock size and nobody really checked.
Like I said, its been a decade since I had a similar problem and did the research. The only reason I came to that conclusion is because the two systems I was using at the time was a 32bit & 64bit system. The 64bit system had the problem, 32bit system was good. So I put it all in the corner of my brain until this vid.
I still got the 32bit system and I think I got the flash drive I was working on. I'll try to find out what is what if I ever get the time.
`grep -rn` # print them line numbers out
`vim file.txt +69` # open file at wanted line
`vim +69 file.txt` # the other way