openvasmd stopopenvasmd startThursday, January 8, 2015
Tuesday, January 6, 2015
DNS leak and why should I care?
https://www.dnsleaktest.com/
When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity. DNS or the domain name system is used to translate domain names such as www.privacyinternational.org into numerical IP addresses e.g. 123.123.123.123 which are required to route packets of data on the Internet. Whenever your computer needs to contact a server on the Internet, such as when you enter a URL into your browser, your computer contacts a DNS server and requests the IP address. Most Internet service providers assign their customers a DNS server which they control and use for logging and recording your Internet activities. Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity network. DNS leaks are a major privacy threat since the anonymity network may be providing a false sense of security while private data is leaking. If you are concerned about DNS leaks, you should also understand transparent DNS proxy technology to ensure that the solution you choose will stop DNS leak.
How to extract firmware with little – big endian.
Here is tutorial in different format:
https://docs.google.com/document/d/1EfCzsmX2mHWSOu8qsJFDszly3Of11AW5AtTZb3Wkez4/pub
https://docs.google.com/document/d/1EfCzsmX2mHWSOu8qsJFDszly3Of11AW5AtTZb3Wkez4/pub
I got the task to get as much as possible information from unknown Firmware.
The file is flash_dump.bin
Pre-analyses with WinHex or Hex readers shows nothing.
So I need to use Kali Linux… Some staff is missing on Kali Linux and I have to preinstall it.
Tools which you need to preinstall before start working with firmware:
! On my Kali version those tools are preinstalled and I do not need to install it. If you will find that you do not have this tools here is steps how to install it.
Binwalk:
Check if binwalk is latest version, in terminal windows:
apt-get install binwalk
apt-get install binwalk
It shows that binwalk already latest version. You can force to install new version with this commands
- wget https://binwalk.googlecode.com/files/binwalk-1.2.2-1.tar.gz
- tar xvzf binwalk-1.2.2-1.tar.gz
- cd binwalk-1.2.2-1/src
- dir
- ./debian_quick_install.sh
Firmware-Mod-Kit
- apt-get install git
- apt-get install build-essential
- apt-get install zlib
- apt-get install zlib1g-dev
- apt-get install liblzma-dev
- apt-get install python-magic
- apt-get install firmware-mod-kit
If you need to find where it is installed, use the command:
- find / -name extract-firmware.sh
In my case it is installed in: /opt/firmware-mod-kit/trunk/
Now we need to transfer firmware BIN file in Kali directory. I found the glitch that my Kali VM cannot see my USB Flash drive, and I fix it with this ( select USB 3 )
I found that the easy way to work for extracting the image to copy it in the same folder where Firmware mod kit installed
I’m using MC for this
Now we need to look inside of the image, to understand what we can get from it.
Let’s extract the readable strings with commands:
Strings flash_dump/bin >strings.txt
And
binwalk -S flash_dump.bin > list.txt
And after looking on that files we can see some strange strings:
First highlighted word is definitely should be “unknown” and “free”.
This is happened because architecture of processors which using this BIN file is 16 bit and decompiling is 32 bit.
You can search in internet for understanding “Little Big endian”.
You can search in internet for understanding “Little Big endian”.
Basically we need to switch each next bit with previous one: 1<>2, 3<>4, n<>(n+1)
This is can be easily done with command:
- dd if=flash_dump.bin of=conv.bin conv=swab
it will convert “strange” bin file into conv.bin.
And now let’s run again:
- strings conv_dump/bin >strings_corr.txt
And
- binwalk -S conv_dump.bin > list_corr.txt
Now we can read it.
Let’s extract the files form the conv.bin image with command:
- ./extract-firmware.sh conv.bin
Now you have extracted files which you can analyse and modify.
With different firmware – from ASUS router RT-AC68U, it is just 2 simple steps, because not confusing part with “little-big endian”
Before extracting let’s verify that no little-big endian conversion required.
Take the firmware which is in the different format: RT-AC68U_3.0.0.4_374_5656-g8d0a991.trx
And run command:
- Strings RT-AC68U_3.0.0.4_374_5656-g8d0a991.trx > strings.txt
In the files strings.txt - let’s go in the end and we can see that all text is readable:
You have to copy this firmware into directory where firmware-mod-kit located and run command
- ./extract-firmware.sh RT-AC68U_3.0.0.4_374_5656-g8d0a991.trx
Same “fmk” folder with extracted and ready for analyses files.
Subscribe to:
Posts (Atom)