0%

introduction

foreword

In the process of penetration and vulnerability mining of embedded devices, many problems have been encountered. One is that some devices do not have telnetd or ssh services to obtain an interactive shell, and the other is that memory corruption vulnerabilities such as stack overflow are usually Null bytes are truncated, so it is more troublesome to construct reverse_shellcode, so this tool was developed to exploit the vulnerability. This tool is developed based on the PWN module and currently uses the python2 language,Has been updated to python3

fuction

This tool is embedded in the security test of the device. There are two main functions:

  1. Generate backdoor programs of various architectures. The backdoor program is packaged in shellless pure shellcode and is smal in size.Armv5, Armv7, Armv8, mipsel, mips are now supported, and they are still being updated

  2. Generate reverse_shell shellcode of various architectures during the exploit process, and no null bytes, which facilitates the exploitation of memory corruption vulnerabilities on embedded devices. Armv5, Armv7, Armv8, mipsel, mips are now supported, and they are still being updated

  3. Fixed some bugs that the reverse_shellcode and reverse_backdoor ports were selected too big, and added the function of generating bindshell with specified ports and passwords under x86 and x64and beautified the generation process****(This feature will be updated to various architectures)
    Add support armvelv7_bind_shell(2022.10.27)

install

1
2
pip install hackebds
pip install -U hackebds

Instructions for use

Read more »

记录踩坑,换了很多的设备前前后后花了不少钱,最后使用jlinkv9山寨机成功的使用OpenOCD调试树莓派4b aarch64的cpu内核,网上商家都说不支持cortex-A72和cortex-A53系列的,瞎扯淡,最关键是openOCD的信息要传递正确,将CPU的信息传递给jlink。

JTAG

关于JTAG

IOT-security

Read more »

前言preface

​ 最近在漏洞挖掘过程中,涉及到了一些基础的知识比如BIOS,uboot,qemu模拟的方面。

​ 首先开始我们需要了解机器是怎么运行的

​ 一般我们使用的机器都是windows或者Linux,(本人是高端MAC本🤣),

​ Recently, in the process of vulnerability mining, some basic knowledge has been involved, such as BIOS, uboot and QEMU simulation.
First, we need to understand how the machine works
Generally, the machines we use are windows or Linux (I am a high-end MAC🤣),

什么是BIOS?他有什么用,他做了什么?按下开机键的时候机器干了啥?

问:

计算机是最讲逻辑,他会按照他的规则去运行,但是我们不知道他是怎么运行的,我们点开一个程序,或者说我们开机,计算机都会反馈给我们结果但是里面是怎样的呢,它对我们来说就像一个黑盒子,我们只要双击按钮。回到底层,当我们按下开机按钮的那一瞬间,计算机在干嘛呢?

Q:

The computer is the most logical. It will run according to its rules, but we don’t know how it runs. When we click a program or turn it on, the computer will feed back to us the results. But what’s inside? It’s like a black box to us. We just need to double-click the button. Back to the bottom, what is the computer doing when we press the start button?

Read more »

Command injection of ToTolink series

Preface

​ Last year, I found some command injection problems on totolink ex200 products, but I found that this vulnerability does not only exist in ex200. Due to the uniformity of embedded device firmware of the manufacturer, this vulnerability will still exist if the same type of firmware is used in different devices。

​ I will sort out the devices with cve-2021-43711 type vulnerabilities and their affected firmware within a period of time

​ This vulnerability is very simple to exploit and does not require authentication

List of affected equipment(updating)

​ Here is a brother who sorted out all the device types and output the CVE ID

total

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
1:
ToTolink EX200 http://totolink.net/home/menu/detail/menu_listtpl/download/id/144/ids/36.html

link :http://totolink.net/data/upload/20210428/7979e841521515eb83b45aacf5b67f9a.zip

Firmware: TOTOLINK_CS133E-EN_EX200_WX005_8196E_SPI_4M32M_V4.0.3c.7646_B20201211_ALL.web

2:
TOTOLINK A800R http://totolink.net/home/menu/detail/menu_listtpl/download/id/166/ids/36.html

link :http://totolink.net/data/upload/20201223/5425d375a083ea6952abc47ee7cc4a6b.zip

Firmware: V4.1.2cu.5137_B20200730
3:
TOTOLINK A300RU http://totolink.net/home/menu/detail/menu_listtpl/download/id/168/ids/36.html

LINK : http://totolink.net/data/upload/20210111/c5bd257ad1a977679618faee0526bf0c.zip

Firmware: V5.9c.5185_B20201128

Read more »