Finding Hard Code Secret Of D-Link Firmware(Part 1)
We will be using D-Link Firmware and find the secrets of its firmware by finding default username and password of firmware. For the firmware analysis we will be using AtiffyOS an IoT security based operating system.
- First we will download D-Link Firmware for analysis, which I have already downloaded.
2. Here we will analyze the Dlink_firmware.bin file by using binwalk tool (Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility.)-:Source Google
3. We use the command “binwalk Dlink_firmware.bin” for getting the binary image.
4. Now we will get string related data in firmware using the command “strings Dlink_Firmware.bin | less” (less command is used so that first we get less string output).
5. We found some suspicious strings that need to be analyzed.
6. Now we copy or skip some block size data using dd unix command the command is “dd if=Dlink_firmware.bin skip=917632 bs=1 of=anything”.
7. Now we extract Dlink_firmware.bin using the command “binwalk -e Dlink_firmware.bin”.
8. Now we enter into _Dlink_firmware.bin-0.extracted.
9. Now we can see squashfs-root folder where all file systems exist.
10. Now we will find some data using grep command “grep -iRn “telnet” “
11. We found some telnet script which we need to analyze.
12. Now we navigate to “/etc/scripts/misc/telnetd.sh”.
13. KABOOM!!! We found username of Dlink_Firmware and in $image_sign we will find the password which is config folder which in etc. folder.
14. Here we found the default password of firmware.
15. Stay Tuned for part 2.
Thank you
