Cool video however instead of using bc and calculating offsets you can just add `-e` to binwalk and it will automatically extract out all parts it finds to a sub-folder.
Found your channel because of the video of you wrecking that scammer’s database, and from someone whose parents fell victim to a similar scam, where I had to watch firsthand the level of fear, uncertainty, anger, and just general distrust of humanity that develops from someone who has to go through that, just know you did a genuine service to society, and it was so f*cking badass it brought a tear to my eye. Like the f*cking Batman of code, keep it up my man, loving your work!
Omg this is amazing. Not only I learned the beginnings of reverse engineering, I learn useful Linux utils. Can’t thank you enough. The entropy chart is so so awesome.
Good stuff, thank you. A couple of observations. LZM and the entropy you mentioned at 3:39 indicates compression not obfuscation. LZW compression creates a dictionary and then stores it at the end of the file and the offsets/dict refs are what you see at the high entropy levels. With binaries the byte sequences are rarely going to repeat often so that is why everything is skewed to the right. Also, you could just use binwalk -e instead of messing with dd tool and offset calcs. Binwalk -d also lets you cherry pick the files if you know their names or suspect some content using regex. I just learnt this today at a defcon. Fun stuff!
Excellent! Now 1) I finally understand what to use the entropy chart for and 2) a simple redirect of “lzma -d” fixes my issues with corruption errors (I kept trying to guess the end of the file).
I watch your ads to show my support. You should definitely do another one of these, but make it so we can follow along with you. Loved it, mate. Thanks
I've worked as a linux engineer for ~15 years now. You wouldn't believe the amount of people that behave like they know linux...... but don't know nearly as much as they think they do. The smartest people I've met will tell you that "I know enough but I'm always learning something new."
00:58 project introduction 01:43 download firmware 02:18 binwalk 03:25 binwalk: information entropy 04:06 squashfs: compressed linux directory 04:26 dd: unpack squashfs 05:03 how to look at squashfs: mount vs extract; extract: unsquashfs 05:20 cd into extracted folder 06:00 LZMA archive 06:28 dd (+count) 07:17 lzma -d (extract and discard garbage) 07:40 binwalk onto extracted LZMA This table of content was created using "Smart Bookmarks for RUclips" chrome extension. You can import and edit them using this extension. You can install it from the official Chrome Store Page (shortened link): smb.page.link/store
What to do when the entire .bin firmware is showing as the LZMA compressed data? Weirdly showing a JPEG description as the first line in binwalk, so did skip= the number where the LZMA starts, then it's just all LZMA to the end, so my final dd command is dd if=firmware.bin skip= -of=firmware.lzma bs=1....... then did lzma -d and it had the same "compressed data is corrupt" error you had, but there was no file generated 🤔
Fabulous. Looking for instructions on how to put the firmware image back together after changing the spelling on one web page. Thinking some combination of mksquashfs and mkimage, but cannot find instructions that match the clarity of this video.
Hey man, Ive been trying to make small ui changes to my router firmware. I tried extracting it, and replaced a few images , now how do i do the rest and make it a working firmware. can you please answer or suggest a video to watch and understand this kind of stuff. Ive been searching all over the internet for days, maybe i dont have the right words to search but i havent found anything useful yet. this video was the closest. Thank you in advance
FWIW, you don't need to separate out the squashfs... Just use: sudo losetup -o (byte offset in file) /dev/loop0 (image file name here) Then mount /dev/loop0 on a folder of your choice. I work with raw HDD images this way. It saves time for me, but YMMV by purpose. LOL, lots to learn here in the comments too!
Does this form the basis of how Jailbreaks happen? Like the PS3, older iOSes, the Wii (Homebrew Channel) etc. By reversing the firmware and uploading your own patch?
If you could help me get a firmware for nikon d3300, which was C - 1.00 and L - 2.002 and this is what camera with the camera and this is what I need. After firmware update image quality is very bad.
Hey! I was looking for reverse engineering related videos and that's how I found your channel! Awesome explanation ^.^ Could you please create a sort of series of these videos or something? I am trying to learn reverse engineering of x64 based malware. So if you find it feasible then please share videos related to this topic 😃
great although i would've probably renamed your bin file and or your archive to something with a shorter name just for easier handling (ok using autocompletion does not give a crap about it but some people may want to read and understand your command). also what is that glow around your outline? i guess artifacts from a greenscreening solution...
great video as always, I got stuck at the unsquashfs part but kept watching anyway. whenever I tried unsquashfs Linux it gave me this message "Can't find a SQUASHFS superblock on Linux" is there anything im missing? i followed along side the video and still hit this hiccup
@@elpsykongr00 so if I connect a device to my pc, and I have a program on that pc, that download a firmware and transfers it to the usb device, can that program then “get” the firmware?
I am trying to reverse engineer a firmware and binwalk is giving up nothing. Do you know any effective tool to reverse a baremetal file? I don't think its a linux root file system and is not encrypted either. I just don't know how to do it in IDA pro or in ghidra etc. I can provide you the firmware if you or anyone else is interested. Its a Chinese goodie and I am just curious to know whats inside.
lol i wasn't expecting a reply from you haha keep up the good work! I found out about that tool while dual majoring in netsec and tech forensics 10 years ago, it can be a life saver
Hey can you explain what happens in the the social network movie hacking scene where mark is stealing pictures from different houses using scripts? Would love an detailed explanation as to what's going on in the background.
Cool video however instead of using bc and calculating offsets you can just add `-e` to binwalk and it will automatically extract out all parts it finds to a sub-folder.
Found your channel because of the video of you wrecking that scammer’s database, and from someone whose parents fell victim to a similar scam, where I had to watch firsthand the level of fear, uncertainty, anger, and just general distrust of humanity that develops from someone who has to go through that, just know you did a genuine service to society, and it was so f*cking badass it brought a tear to my eye. Like the f*cking Batman of code, keep it up my man, loving your work!
Thanks for the kind words, James. Happy to help.
Omg this is amazing. Not only I learned the beginnings of reverse engineering, I learn useful Linux utils. Can’t thank you enough. The entropy chart is so so awesome.
Good stuff, thank you. A couple of observations. LZM and the entropy you mentioned at 3:39 indicates compression not obfuscation. LZW compression creates a dictionary and then stores it at the end of the file and the offsets/dict refs are what you see at the high entropy levels. With binaries the byte sequences are rarely going to repeat often so that is why everything is skewed to the right. Also, you could just use binwalk -e instead of messing with dd tool and offset calcs. Binwalk -d also lets you cherry pick the files if you know their names or suspect some content using regex. I just learnt this today at a defcon. Fun stuff!
This dude is legendary! Thanks for the intro man.
Your presentation style is excellent for this type of video. thank you.
Accurate and straight to the point. I like it!
I really appreciate low level programming on this channel.
Keep it up ! :)
Brilliant explanation and demonstration - subscription worthy!
Excellent! Now 1) I finally understand what to use the entropy chart for and 2) a simple redirect of “lzma -d” fixes my issues with corruption errors (I kept trying to guess the end of the file).
that binwalk program is awesome! thank you for this video
That was awesome, please continue and make more videos on this topic!
I watch your ads to show my support. You should definitely do another one of these, but make it so we can follow along with you. Loved it, mate. Thanks
You're the real MVP here.
Please keep on making such low level informative videos. Thanks for this one.
"Reverse Engineers" - I see what you did there. Lol.
Brilliant, hope you'll make more videos regarding this subject, I thoroughly enjoyed it!
Btw, thanks for all your effort, I really appreciate it :)
As someone that thought I knew linux, I now understand I know nothing.
I've worked as a linux engineer for ~15 years now. You wouldn't believe the amount of people that behave like they know linux...... but don't know nearly as much as they think they do. The smartest people I've met will tell you that "I know enough but I'm always learning something new."
Wow, this is amazing :D
I like that the topics you cover are quite broad
One of the best reverse engineering videos I have seen so far.
I need more of this! Been wanting to add things to Home Assistant. This is exactly what I need. Thanks!
00:58 project introduction
01:43 download firmware
02:18 binwalk
03:25 binwalk: information entropy
04:06 squashfs: compressed linux directory
04:26 dd: unpack squashfs
05:03 how to look at squashfs: mount vs extract;
extract: unsquashfs
05:20 cd into extracted folder
06:00 LZMA archive
06:28 dd (+count)
07:17 lzma -d (extract and discard garbage)
07:40 binwalk onto extracted LZMA
This table of content was created using "Smart Bookmarks for RUclips" chrome extension. You can import and edit them using this extension. You can install it from the official Chrome Store Page (shortened link): smb.page.link/store
This was fantastic!!! Please do more reverse engineering. Thank you.
This is the video that will make me go down baaaaad, in the rabbit hole ;)
Cool, did have no idea starting is so easy, thanks for sharing!
That intro was genius, Damnit Engineer man your so cool, I’m sorry, Reverse Engineer man
very profesisonal. i felt like i was in a ted talk
Thanks for this. I want to examine my Hikvision IP cameras.
Classic things that I always love, welcome to IoT security
What to do when the entire .bin firmware is showing as the LZMA compressed data? Weirdly showing a JPEG description as the first line in binwalk, so did skip= the number where the LZMA starts, then it's just all LZMA to the end, so my final dd command is dd if=firmware.bin skip= -of=firmware.lzma bs=1....... then did lzma -d and it had the same "compressed data is corrupt" error you had, but there was no file generated 🤔
From the UK 🇬🇧. Thank you
Can you post a link to where you got that firmware? I searched for the exact version on Netgear's site but couldn't find it. Wanted to follow along.
That was brilliant! Jake from UK 🇬🇧
You spelled State Farm wrong. 😉
how to find and replace tv logo using this software.Can u do tutorial.
would also be nice to see some ways would you would call best practice to modify and pack again back
Fabulous. Looking for instructions on how to put the firmware image back together after changing the spelling on one web page. Thinking some combination of mksquashfs and mkimage, but cannot find instructions that match the clarity of this video.
cool video, learned something new again. thanks for sharing.
Binwalk shows empty result on my firmware file...entropy is all 1. what should I do
Hey man, Ive been trying to make small ui changes to my router firmware. I tried extracting it, and replaced a few images , now how do i do the rest and make it a working firmware. can you please answer or suggest a video to watch and understand this kind of stuff. Ive been searching all over the internet for days, maybe i dont have the right words to search but i havent found anything useful yet. this video was the closest. Thank you in advance
Very nice video. Is there any way to modify files in the firmware and pack this back to a new firmware?
Best reverse engineering video I've seen. And he wasn't wearing a black hoodie?!?!
How to re-compress it after changing?
Is it possible to modify the extracted firmware? Recompile it then flash it back?
Very informative. Thanks man.
any videos on reverse engineering intel 8051 binaries?
This was awesome! Thanks
FWIW, you don't need to separate out the squashfs... Just use:
sudo losetup -o (byte offset in file) /dev/loop0 (image file name here)
Then mount /dev/loop0 on a folder of your choice. I work with raw HDD images this way. It saves time for me, but YMMV by purpose.
LOL, lots to learn here in the comments too!
Can't wait for the UART video
Can’t give this video enough thumbs 👍👍👍
Great intro into RE
If atmega328 mcu lock with lock bits high voltage programmer can reset lock bits without code or programe lossing?
YOU DON'T NEED dd TO EXTRACT THE FILES.
Just use binwalk -e file.img
Where's the fun in that?
Does this form the basis of how Jailbreaks happen? Like the PS3, older iOSes, the Wii (Homebrew Channel) etc. By reversing the firmware and uploading your own patch?
I want know how to decompress zlib bin file?
Very informative video , Thank you !
Yes do a UART video please. Your explanations are really good.
Where can one get more info on reverse engineering hardware? Is there a community out there?
If you could help me get a firmware for nikon d3300, which was C - 1.00 and L - 2.002 and this is what camera with the camera and this is what I need. After firmware update image quality is very bad.
Freakin Finally Im getting to the bottom of some of this !
Hey! I was looking for reverse engineering related videos and that's how I found your channel! Awesome explanation ^.^
Could you please create a sort of series of these videos or something? I am trying to learn reverse engineering of x64 based malware. So if you find it feasible then please share videos related to this topic 😃
This was fascinating
Took me one second to subscribe👌👍
Great video. You should make more rev. Engineering videos!
Hi, as you extract img file use it in a fresh start in a virtual box. If I'm wrong tech us install cases. Everything is a mind storm. Thanks.
Would this also work with reverse engineering Nvidia vBIOS?!
I got a question how did you learn this ?
hello engineer man, where do u find firmware updates? for fitbit especially?
You are great at explaining what you are doing 👍 you should do more reverse engineering videos 🙂
great although i would've probably renamed your bin file and or your archive to something with a shorter name just for easier handling (ok using autocompletion does not give a crap about it but some people may want to read and understand your command). also what is that glow around your outline? i guess artifacts from a greenscreening solution...
great video as always, I got stuck at the unsquashfs part but kept watching anyway.
whenever I tried unsquashfs Linux it gave me this message "Can't find a SQUASHFS superblock on Linux" is there anything im missing? i followed along side the video and still hit this hiccup
How would I get the firmware, if it’s being downloaded from a server into my computer and then into a device via USB?
try wireshark
@@elpsykongr00 so if I connect a device to my pc, and I have a program on that pc, that download a firmware and transfers it to the usb device, can that program then “get” the firmware?
How to re bundle it to binary
This is amazing. More!!!
Can you help me with a Huawei modem to extract firmware friend?
champion - encourage bored young people to look inside the machine - marvelous
I am trying to reverse engineer a firmware and binwalk is giving up nothing. Do you know any effective tool to reverse a baremetal file? I don't think its a linux root file system and is not encrypted either. I just don't know how to do it in IDA pro or in ghidra etc. I can provide you the firmware if you or anyone else is interested. Its a Chinese goodie and I am just curious to know whats inside.
Hey there... I have a microscope. I would like to fix the firmware.. was Just wondering if you please could help me do this...
This is a terrific video.
ok after 30 hours of study I might be able to understand 1/8th of what you just showed.
I tried this on the Telekom Speedport Smart firmware but binwalk didn't find anything.
Obfuscated I guess.
hi you can help me for install on frameware in linux centos or anyone linux version on the hp server
Good stuff! Thanks!
Which linux distro do you use?
Pro-Tip. dcfldd is dd with a status bar. Its pretty sweet
Huh, nice one. I didn't know about this tool. For progress I often did dd | pv | dd.
lol i wasn't expecting a reply from you haha keep up the good work! I found out about that tool while dual majoring in netsec and tech forensics 10 years ago, it can be a life saver
I read every comment, just not practical to respond to everything.
Hey man, which OS are you using in this video?
I'm using Xubuntu.
keep up good work bro :)
Good day man.., very interesting vid here.. any way i can PM you..?
The OS in the title would help.
Was interested in phone OS/Firmware, thats what i though it was.
WOW! Using DD? Impressive.
Anyone have any Experience
Making of the Kosher NOKIA Phone
of have Flash file
this is wizzard level shit right here.
thank you but how compressed files after editing ?
Please! More reverse engineering!!!
Hey can you explain what happens in the the social network movie hacking scene where mark is stealing pictures from different houses using scripts? Would love an detailed explanation as to what's going on in the background.
Awesome ! :)
i wish that I wish I could understand so much I would like to solve a driver.
Engineer Man reverse engineering? Morelike... Reenigne Man.
I dig it.
@@EngineerMan i would too, but it's clearly not a domain name
but... you did't reverse engineer any firmware :(
do on jffs2
how to?
Some more firmwares for revesrse: mega.nz/folder/aWoGFS5B#6dvgkfn-W7HveZAEVXBhEg
AI series please