Advent of Cyber 2022 [Day 20] Firmware | Binwalkin’ around the Christmas tree-Simple Write up
Task 25-Firmware | Binwalkin’ around the Christmas tree-Advent of Cyber 2022 [Day 20]-Answers Write-up and Walkthrough By Karthikeyan Nagaraj
What is Firmware Reverse Engineering?
Every embedded system, such as cameras, routers, smart watches etc., has pre-installed firmware, which has its own set of instructions running on the hardware’s processor.
It enables the hardware to communicate with other software running on the device. The firmware provides low-level control for the designer/developer to make changes at the root level.
Firmware Reversing Steps
- The firmware is first obtained from the vendor’s website or extracted from the device to perform the analysis.
- The obtained/extracted firmware, usually a binary file, is first analyzed to figure out its type (bare metal or OS based).
- It is verified that the firmware is either encrypted or packed. The encrypted firmware is more challenging to analyze as it usually needs a tricky workaround, such as reversing the previous non-encrypted releases of the firmware or performing hardware attacks like Side Channel Attacks (SCA) to fetch the encryption keys.
- Once the encrypted firmware is decrypted, different techniques and tools are used to perform reverse engineering based on type.
BinWalk: A firmware extraction tool that extracts code snippets inside any binary by searching for signatures against many standard binary file formats like
zip, tar, exe, ELF,etc.Binwalk has a database of binary header signatures against which the signature match is performed.
The common objective of using this tool is to extract a file system like
Squashfs, yaffs2, Cramfs, ext*fs, jffs2,etc., which is embedded in the firmware binary. The file system has all the application code that will be running on the device.
Open the Machine’s Split View
Task 25 [Day 20] Firmware Binwalkin’ around the Christmas tree
1. What is the flag value after reversing the file firmwarev2.2-encrypted.gpg?
cd bin
binwalk -E -N firmwarev2.2-encrypted.gpg 
cd ..
cd bin-unsigned/
extract-firmware.sh firmwarev1.0-unsigned
Password: Santa1010
grep -ir paraphrase
cat fmk/rootfs/gpg/secret.txt
Paraphrase : Santa@2022
gpg — import fmk/rootfs/gpg/private.key
Type the Paraphrase that we Found
gpg --import fmk/rootfs/gpg/public.key
gpg --list-secret-keys
Once the keys are imported, McSkidy decrypts the firmware using the gpg command. Again change the directory by entering the command cd .. and then cd bin
cd ..
cd bin
gpg firmwarev2.2-encrypted.gpg
cat ~/bin/fmk/rootfs/flag.txt 
Ans: THM{WE_GOT_THE_FIRMWARE_CODE}2. What is the Paraphrase value for the binary firmwarev1.0_unsigned?
Ans: Santa@20223. After reversing the encrypted firmware, can you find the build number for rootfs?
Use the Command below to find the Firmware of rootfs
Make Sure, you are in the rootfs Directory
ls -lah * | grep rootfs
Ans: 2.6.31Thank you for Reading!!
Happy Hacking ~
Author : Karthikeyan Nagaraj ~ Cyberw1ngTHM , TryHackMe , TryHackMe Advent of Cyber 2022 , TryHackMe Advent of Cyber 4 Day 20, Ethical Hacking , Write up , Walk through , TryHackMe Advent of Cyber 2022 Day 20Answers
