While browsing the internets, I saw a tweet from devttyS0 giving away a key enabling the deciphering of a firmware. I decided to take a look.
After unciphering and extracting, I found a binary called ftd. I quickly found a vuln, and decided to make something of it. This is a mipsRE LE binary.
RELRO No RelRO
STACK CANARY No canary found
NX No
PIE No PIE
RPATH No RPATH
RUNPATH No RUNPATH
Symbols No Symbols
FORTIFYFortified No
Fortifiable 00
FILE ftd
$
Although I didn't understood what was the purpose of "ftd", I understood that it listen network from wlan0 and br0, and parse ethernet frames with ethertype 0x890D. The code is basically
while (1) {
received_size = recvfrom(fd, buf, 0x2000, 0, var1, var2);
parse_buf(var3, var4, buf, received_size);
}
and parse_buf() does something like:
{
char dst[1550]; //pay attention to this size
switch (buf->pkt_type)
{
(...)
}
if buf->pkt_type == 0x64 {
(...)
}
else
{
(...)
memcpy(dst->data, buf->data, buf->len);
}
}
=> More informations about this toot | View the thread | More toots from clathetic@infosec.exchange
text/geminiThis content has been proxied by September (3851b).