{"id":704,"date":"2020-08-23T00:05:28","date_gmt":"2020-08-22T23:05:28","guid":{"rendered":"https:\/\/cybercop-training.ch\/?p=704"},"modified":"2020-09-07T21:25:43","modified_gmt":"2020-09-07T20:25:43","slug":"analyzing-router-firmware-p4","status":"publish","type":"post","link":"https:\/\/cybercop-training.ch\/?p=704","title":{"rendered":"Analyzing Router Firmware P4"},"content":{"rendered":"

Challenge 4 – Investigating Modifications<\/strong><\/p>\n

\n

Original and modified\u00a0OpenWRT<\/a>\u00a0router firmware are provided to us (openwrt-ar750-sysupgrade.bin.orig<\/strong> and openwrt-ar750-sysupgrade.bin respectively<\/strong>). Analyze the firmware and answer the following questions:<\/p>\n

    \n
  1. When was the libc package was added in modified firmware? Provide the time in DD\/MM\/YY HH:MM:SS PM format (GMT).<\/li>\n
  2. A file was modified to add a backdoor to the firmware. Provide the name the file.<\/li>\n
  3. A newly added file contains a token for Amazon cloud. Locate that file and retrieve the token.<\/li>\n<\/ol>\n<\/blockquote>\n

    Let’s begin \ud83d\ude0e<\/p>\n

    \"\"<\/a><\/p>\n

    After extraction of both firmware files, I need a tool to compare and locate file changes.<\/p>\n

    \"\"<\/a><\/p>\n

    For that I’ll use the git diff command<\/a><\/p>\n

    git diff --no-index _openwrt-ar750-sysupgrade.bin.orig.extracted\/ _openwrt-ar750-sysupgrade.bin.extracted\/<\/code><\/p>\n