Setup a VM for IoT and Firmware Analysis

IoT stands for the Internet of Things. It’s a term that we will hear and be confronted more and more in the future. There are progrnosis that we will have up to 50 billion IoT devices  connected over the internet by the year 2020.  I’d say that’s definitive a good time to start making some thoughts about the security. This article will just give a little introduction to the topic and be a possible guide how to setup a virtual machine with some necessary tools to analyze and hack IoT devices.

Below you’ll see some examples like a wireless blood pressure monitor or a smart light bulp, but the list of devices is large. I plan to write more articles in the future howto play with the „bluetooth low energy protocol“ to analyze and hack IoT devices. Another interessting part will be the extraction and emulation of firmware binaries. But first let’s setup a VM based on Kali Linux.

You can use any version of Kali Linux or setup a fresh one. I’ll use the light version virtual box image:

After importing the VM into Virtualbox, check the ethernet settings and that you’ve a connection to the internet.

Tools we want to install:

  • binwalk
  • FAT (Firmadyne,QEMU, Firmware mod kit,firmwalker,mitm proxy)
  • Kdiff3
  • Radare2
  • OpenOCD
  • Flashrom
  • Buidroot
  • GDB-Multiarch
  • GNU radio companion /GQRX
  • RTL-SDR Tools
  • Ubertooth, HackRF Tools
  • Zigbee Tools (Killerbee)

Install binwalk:

git clone https://github.com/devttys0/binwalk.git
cd binwalk
sudo ./deps.sh
sudo python ./setup.py install
sudo apt-get install python-lzma  :: (for Python 2.x) 
sudo -H pip install git+https://github.com/ahupp/python-magic

Install Firmadyne:

sudo apt-get install busybox-static fakeroot git kpartx 
netcat-openbsd nmap python-psycopg2 python3-psycopg2 snmp uml-utilities 
util-linux vlan qemu-system-arm qemu-system-mips qemu-system-x86 
qemu-utils

git clone --recursive https://github.com/firmadyne/firmadyne.git

cd ./firmadyne; ./download.sh

Edit firmadyne.config and make the FIRMWARE_DIR point to the current location of Firmadyne folder

Install Firmwareanalyse Toolkit:

pip install pexpect
git clone https://github.com/attify/firmware-analysis-toolkit
mv firmware-analysis-toolkit/fat.py .
mv firmware-analysis-toolkit/reset.py .
chmod +x fat.py 
chmod +x reset.py Adjust the paths to firmadyne and binwalk in fat.py and reset.py. Additionally, provide the root password. Firmadyne requires root privileges for some of its operations. The root password is provided in the script itself to automate the process.

Setup Firmwaremodkit:

sudo apt-get install git build-essential zlib1g-dev liblzma-dev python-magic
git clone https://github.com/brianpow/firmware-mod-kit.git

Find the location of binwalk using which binwalk. Modify the file shared-ng.inc to change the value of variable BINWALK to the value of /usr/local/bin/binwalk (if that is where your binwalk is installed).

Setup Mitm Proxy

pip install mitmproxy or apt-get install mitmproxy

Setup Firmwalker

git clone https://github.com/craigz28/firmwalker.git

sudo apt-get install git build-essential zlib1g-dev liblzma-dev python-magic
git clone https://github.com/brianpow/firmware-mod-kit.git

Install Flashrom 0.99

wget apt-get http://download.flashrom.org/releases/flashrom-0.9.9.tar.bz2
./configure
make && make install

Install Radar2

sudo apt-get install radar2

Install OpenOCD

sudo apt-get install openocd

Install gdb-multiarch

sudo apt-get install gdb-multiarch

Install gnu-radio / gqrx / rtl-sdr

sudo apt-get install gnuradio gqrx rtl-sdr

Install hackrf / ubertooth

sudo apt-get install hackrf ubertooth

Install Killerbee

apt-get install python-gtk2 python-cairo python-usb python-crypto
python-serial python-dev libgcrypt-dev
sudo apt-get install mercurial
hg clone https://bitbucket.org/secdev/scapy-com
cd scapy-com
chmod +x reset.sh
python setup.py install
cd ..
git clone https://github.com/riverloopsec/killerbee.git
cd killerbee
python setup.py install
cd tools/
chmode +x *

Additional Tools (Arduino and XTCU)

sudo apt-get install arduino arduino-core

For XTCU go to the following URL and download the linux binary:

https://www.digi.com/xctu-linux-x64

chmod +x 40002881_J.run

./40002881_J.run

Kommentar hinterlassen

Schreib einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht.


*