Firmware-Mod-Kit to make Malicious Firmware
The intent of this tech segment is really to show how insecure devices are, and how we need to be cautious when rooting, modifying or updating firmware. Where it first starts is a tool create by Craig Heffner and Jeremy Collake ( download here ). It allows you to take firmware and strip it down to its root file system, Craig uses that and binwalk a lot in his blog for embedded device hacking devttys0 . The use of the collection of scripts is completely easy, however, it saves you tons and tons of time, doing any of it manually would take hours if not days. Lets dive right into it.
First, we need to extract the firmware we have. I am using a router that is running dd-wrt, so I figure that would be a good firmware to get and rip apart. First, we run the command ./extract-firmware.sh filename. This will decompress the firmware and put it nicely into a “fmk/” directory.
Next we extract the dd-wrt gui (web sites) by typing ./ddwrt-gui-extract.sh:
We then find our target page Info.htm, open it and add in our XSS beef hook:
We package it all up and with ./ddwrt-gui-rebuild & ./build-firmware. When its done, we flash our router with the new firmware. When we come back to the page… our browser is now hooked and expoited.