Firmadyne Installation & Emulation of Firmware

 

 Introduction

Firmadyne can be used to perform emulation and analysis of Linux based firmware.


Installation

Install Ubuntu 18.04 LTS and upgrade all packages:

sudo apt update
sudo apt upgrade

Install and configure other packages:

sudo apt-get install busybox-static fakeroot git dmsetup kpartx netcat-openbsd nmap python3-psycopg2 snmp uml-utilities util-linux vlan python3-pip python3-magic

sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10

git clone --recursive https://github.com/firmadyne/firmadyne.git

git clone https://github.com/ReFirmLabs/binwalk.git
cd binwalk
sudo ./deps.sh
sudo python ./setup.py install

cd ..
sudo apt-get install postgresql
sudo -u postgres createuser -P firmadyne
Give firmadyne as password.
sudo -u postgres createdb -O firmadyne firmware
sudo -u postgres psql -d firmware < ./firmadyne/database/schema

cd firmadyne
./download.sh

sudo apt-get install qemu-system-arm qemu-system-mips qemu-system-x86 qemu-utils

nano firmadyne.config

Uncomment FIRMWARE_DIR and set its value to path of firmadyne folder. Use Ctrl + o to save changes and Ctrl + x to exit.


Emulation

Download the firmware which needs to be analyzed.

wget http://www.downloads.netgear.com/files/GDC/WNAP320/WNAP320%20Firmware%20Version%202.0.3.zip

Extract components of firmware:

sudo ./sources/extractor/extractor.py -b Netgear -sql 127.0.0.1 -np -nk "WNAP320 Firmware Version 2.0.3.zip" images

Find the ID generated during extraction, use it in next steps. In this case it is 1.

./scripts/getArch.sh ./images/1.tar.gz
./scripts/tar2db.py -i 1 -f ./images/1.tar.gz
sudo ./scripts/makeImage.sh 1
./scripts/inferNetwork.sh 1

Interface IP will be displayed. Here it is 192.168.0.100. Start the emulation:

./scratch/1/run.sh

Login to console using credential admin/password. Login to web UI at 192.168.0.100 using same credential.

File system can be mounted using:

sudo ./scripts/mount.sh 1


Run Analysis

SNMP

./analyses/snmpwalk.sh 192.168.0.100
less snmp.public.txt
less snmp.private.txt

Web

./analyses/webAccess.py 1 192.168.0.100 log.txt
less log.txt

Port Scan

sudo nmap -O -sV 192.168.0.100

Exploit

Install Metasploit.

sudo apt install curl
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
chmod 755 msfinstall && \
./msfinstall

Start Metasploit for the first time to complete initial configuration.

msfconsole

Exit from metasploit.

mkdir exploits
less exploits/exploit.metasploit.log
python ./analyses/runExploits.py -t 192.168.0.100 -o exploits/exploit -e x

Demo



Comments

  1. Is this still working ? i tried but ran into lot of error can you please make a latest version of this from scratch

    Waiting for your video notification on YT

    ReplyDelete

Post a Comment

Popular posts from this blog

Decrypt TP-Link config.bin Configuration Backup File

Extract / Create Cramfs File System from Ubuntu 20.04