Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to get free Wi-Fi in a whole City

3,720 views

Published on

Description how-to find backdoors in SOHO routers.

Published in: Devices & Hardware
  • Follow the link, new dating source: ♥♥♥ http://bit.ly/2u6xbL5 ♥♥♥
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Sex in your area is here: ♥♥♥ http://bit.ly/2u6xbL5 ♥♥♥
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

How to get free Wi-Fi in a whole City

  1. 1. Scary Story: How to get free Wi-Fi in a whole City Yurii Bilyk, 2014
  2. 2. AGENDA • Embedded device architecture overview • Tools overview • Workshop (DEMO)
  3. 3. Files • Files Archive : –zip : http://goo.gl/UuKK51 –7zip : http://goo.gl/Q7mcnI • FMK : http://goo.gl/pWZzNk • Binwalk : http://goo.gl/U1TODl
  4. 4. Operation Systems
  5. 5. Operation Systems Linux – Kernel 2.4 or 2.6 VxWorks – Real time OS ZyNOS – Zyxel proprietary OS
  6. 6. Linux Busybox tools uClibc compiler /proc File System
  7. 7. Hardware Design
  8. 8. Hardware SoC – System On Chip Flash, DRAM, Wi-Fi, Ethernet Serial Console JTAG Interface
  9. 9. SoC MIPS Architecture No Floating point operations Embedded USB controller 32 bit CPU
  10. 10. Flash Serial, Parallel NAND, NOR Flash MTD instead of FTL
  11. 11. Serial Console Additional functions: recovery, debug, boot opt, etc Software Debug Works with OS/Loader
  12. 12. JTAG Works directly with SoC Full access to the Flash and Hardware Hardware Debug options
  13. 13. Firmware Structure
  14. 14. Firmware Boot Loader Kernel File System Tag (Header)
  15. 15. Flash MTD Spitted into chunks (partitions) Boot, Kernel, FS, Settings, Logs
  16. 16. Kernel Compressed Usually with enabled debug via serial port Linux 2.4 or 2.6
  17. 17. File System CRAMFS SQUASHFS JFSS2 Compressed, uses MTD etc
  18. 18. Musthave Set of Tools
  19. 19. Tools Firmware unpackers Static analysis (Decompile) Dynamic analysis (Debug)
  20. 20. Tools Firmware Mod Kit, Binwalk IDA, strings, etc GDB, QEMU, On Device
  21. 21. WPS Tools WPS Vulnerabilities: • only 8 digit pin • pin can be divided into 2 parts • last digit is control sum Reaver/WASH – tool to hack WPS Aircrack-ng – tool to hack Wi-Fi
  22. 22. DEMO TIME
  23. 23. WEB Materials • http://pudeev.livejournal.com/ • http://www.devttys0.com/ • http://robocraft.ru/blog/electronics/404.html • http://wiki.openwrt.org/ • http://routerpwn.com/

×