Cool video however instead of using bc and calculating offsets you can just add `-e` to binwalk and it will automatically extract out all parts it finds to a sub-folder.
Found your channel because of the video of you wrecking that scammer’s database, and from someone whose parents fell victim to a similar scam, where I had to watch firsthand the level of fear, uncertainty, anger, and just general distrust of humanity that develops from someone who has to go through that, just know you did a genuine service to society, and it was so f*cking badass it brought a tear to my eye. Like the f*cking Batman of code, keep it up my man, loving your work!
Omg this is amazing. Not only I learned the beginnings of reverse engineering, I learn useful Linux utils. Can’t thank you enough. The entropy chart is so so awesome.
Good stuff, thank you. A couple of observations. LZM and the entropy you mentioned at 3:39 indicates compression not obfuscation. LZW compression creates a dictionary and then stores it at the end of the file and the offsets/dict refs are what you see at the high entropy levels. With binaries the byte sequences are rarely going to repeat often so that is why everything is skewed to the right. Also, you could just use binwalk -e instead of messing with dd tool and offset calcs. Binwalk -d also lets you cherry pick the files if you know their names or suspect some content using regex. I just learnt this today at a defcon. Fun stuff!
Excellent! Now 1) I finally understand what to use the entropy chart for and 2) a simple redirect of “lzma -d” fixes my issues with corruption errors (I kept trying to guess the end of the file).
I watch your ads to show my support. You should definitely do another one of these, but make it so we can follow along with you. Loved it, mate. Thanks
I've worked as a linux engineer for ~15 years now. You wouldn't believe the amount of people that behave like they know linux...... but don't know nearly as much as they think they do. The smartest people I've met will tell you that "I know enough but I'm always learning something new."
Hey! I was looking for reverse engineering related videos and that's how I found your channel! Awesome explanation ^.^ Could you please create a sort of series of these videos or something? I am trying to learn reverse engineering of x64 based malware. So if you find it feasible then please share videos related to this topic 😃
FWIW, you don't need to separate out the squashfs... Just use: sudo losetup -o (byte offset in file) /dev/loop0 (image file name here) Then mount /dev/loop0 on a folder of your choice. I work with raw HDD images this way. It saves time for me, but YMMV by purpose. LOL, lots to learn here in the comments too!
00:58 project introduction 01:43 download firmware 02:18 binwalk 03:25 binwalk: information entropy 04:06 squashfs: compressed linux directory 04:26 dd: unpack squashfs 05:03 how to look at squashfs: mount vs extract; extract: unsquashfs 05:20 cd into extracted folder 06:00 LZMA archive 06:28 dd (+count) 07:17 lzma -d (extract and discard garbage) 07:40 binwalk onto extracted LZMA This table of content was created using "Smart Bookmarks for RUclips" chrome extension. You can import and edit them using this extension. You can install it from the official Chrome Store Page (shortened link): smb.page.link/store
What to do when the entire .bin firmware is showing as the LZMA compressed data? Weirdly showing a JPEG description as the first line in binwalk, so did skip= the number where the LZMA starts, then it's just all LZMA to the end, so my final dd command is dd if=firmware.bin skip= -of=firmware.lzma bs=1....... then did lzma -d and it had the same "compressed data is corrupt" error you had, but there was no file generated 🤔
Does this form the basis of how Jailbreaks happen? Like the PS3, older iOSes, the Wii (Homebrew Channel) etc. By reversing the firmware and uploading your own patch?
Hey man, Ive been trying to make small ui changes to my router firmware. I tried extracting it, and replaced a few images , now how do i do the rest and make it a working firmware. can you please answer or suggest a video to watch and understand this kind of stuff. Ive been searching all over the internet for days, maybe i dont have the right words to search but i havent found anything useful yet. this video was the closest. Thank you in advance
Fabulous. Looking for instructions on how to put the firmware image back together after changing the spelling on one web page. Thinking some combination of mksquashfs and mkimage, but cannot find instructions that match the clarity of this video.
great video as always, I got stuck at the unsquashfs part but kept watching anyway. whenever I tried unsquashfs Linux it gave me this message "Can't find a SQUASHFS superblock on Linux" is there anything im missing? i followed along side the video and still hit this hiccup
great although i would've probably renamed your bin file and or your archive to something with a shorter name just for easier handling (ok using autocompletion does not give a crap about it but some people may want to read and understand your command). also what is that glow around your outline? i guess artifacts from a greenscreening solution...
If you could help me get a firmware for nikon d3300, which was C - 1.00 and L - 2.002 and this is what camera with the camera and this is what I need. After firmware update image quality is very bad.
I am trying to reverse engineer a firmware and binwalk is giving up nothing. Do you know any effective tool to reverse a baremetal file? I don't think its a linux root file system and is not encrypted either. I just don't know how to do it in IDA pro or in ghidra etc. I can provide you the firmware if you or anyone else is interested. Its a Chinese goodie and I am just curious to know whats inside.
@@elpsykongr00 so if I connect a device to my pc, and I have a program on that pc, that download a firmware and transfers it to the usb device, can that program then “get” the firmware?
lol i wasn't expecting a reply from you haha keep up the good work! I found out about that tool while dual majoring in netsec and tech forensics 10 years ago, it can be a life saver
Hey can you explain what happens in the the social network movie hacking scene where mark is stealing pictures from different houses using scripts? Would love an detailed explanation as to what's going on in the background.
Cool video however instead of using bc and calculating offsets you can just add `-e` to binwalk and it will automatically extract out all parts it finds to a sub-folder.
Found your channel because of the video of you wrecking that scammer’s database, and from someone whose parents fell victim to a similar scam, where I had to watch firsthand the level of fear, uncertainty, anger, and just general distrust of humanity that develops from someone who has to go through that, just know you did a genuine service to society, and it was so f*cking badass it brought a tear to my eye. Like the f*cking Batman of code, keep it up my man, loving your work!
Thanks for the kind words, James. Happy to help.
Omg this is amazing. Not only I learned the beginnings of reverse engineering, I learn useful Linux utils. Can’t thank you enough. The entropy chart is so so awesome.
Accurate and straight to the point. I like it!
I really appreciate low level programming on this channel.
Keep it up ! :)
Your presentation style is excellent for this type of video. thank you.
Good stuff, thank you. A couple of observations. LZM and the entropy you mentioned at 3:39 indicates compression not obfuscation. LZW compression creates a dictionary and then stores it at the end of the file and the offsets/dict refs are what you see at the high entropy levels. With binaries the byte sequences are rarely going to repeat often so that is why everything is skewed to the right. Also, you could just use binwalk -e instead of messing with dd tool and offset calcs. Binwalk -d also lets you cherry pick the files if you know their names or suspect some content using regex. I just learnt this today at a defcon. Fun stuff!
This dude is legendary! Thanks for the intro man.
Excellent! Now 1) I finally understand what to use the entropy chart for and 2) a simple redirect of “lzma -d” fixes my issues with corruption errors (I kept trying to guess the end of the file).
that binwalk program is awesome! thank you for this video
That was awesome, please continue and make more videos on this topic!
This was fantastic!!! Please do more reverse engineering. Thank you.
I watch your ads to show my support. You should definitely do another one of these, but make it so we can follow along with you. Loved it, mate. Thanks
You're the real MVP here.
Classic things that I always love, welcome to IoT security
"Reverse Engineers" - I see what you did there. Lol.
Wow, this is amazing :D
I like that the topics you cover are quite broad
I need more of this! Been wanting to add things to Home Assistant. This is exactly what I need. Thanks!
One of the best reverse engineering videos I have seen so far.
Brilliant, hope you'll make more videos regarding this subject, I thoroughly enjoyed it!
Btw, thanks for all your effort, I really appreciate it :)
As someone that thought I knew linux, I now understand I know nothing.
I've worked as a linux engineer for ~15 years now. You wouldn't believe the amount of people that behave like they know linux...... but don't know nearly as much as they think they do. The smartest people I've met will tell you that "I know enough but I'm always learning something new."
Best reverse engineering video I've seen. And he wasn't wearing a black hoodie?!?!
Thanks for this. I want to examine my Hikvision IP cameras.
That intro was genius, Damnit Engineer man your so cool, I’m sorry, Reverse Engineer man
Can you post a link to where you got that firmware? I searched for the exact version on Netgear's site but couldn't find it. Wanted to follow along.
very profesisonal. i felt like i was in a ted talk
Please keep on making such low level informative videos. Thanks for this one.
Cool, did have no idea starting is so easy, thanks for sharing!
From the UK 🇬🇧. Thank you
Hey! I was looking for reverse engineering related videos and that's how I found your channel! Awesome explanation ^.^
Could you please create a sort of series of these videos or something? I am trying to learn reverse engineering of x64 based malware. So if you find it feasible then please share videos related to this topic 😃
cool video, learned something new again. thanks for sharing.
That was brilliant! Jake from UK 🇬🇧
You spelled State Farm wrong. 😉
Yes do a UART video please. Your explanations are really good.
Great intro into RE
FWIW, you don't need to separate out the squashfs... Just use:
sudo losetup -o (byte offset in file) /dev/loop0 (image file name here)
Then mount /dev/loop0 on a folder of your choice. I work with raw HDD images this way. It saves time for me, but YMMV by purpose.
LOL, lots to learn here in the comments too!
Great video. You should make more rev. Engineering videos!
Can't wait for the UART video
YOU DON'T NEED dd TO EXTRACT THE FILES.
Just use binwalk -e file.img
Where's the fun in that?
00:58 project introduction
01:43 download firmware
02:18 binwalk
03:25 binwalk: information entropy
04:06 squashfs: compressed linux directory
04:26 dd: unpack squashfs
05:03 how to look at squashfs: mount vs extract;
extract: unsquashfs
05:20 cd into extracted folder
06:00 LZMA archive
06:28 dd (+count)
07:17 lzma -d (extract and discard garbage)
07:40 binwalk onto extracted LZMA
This table of content was created using "Smart Bookmarks for RUclips" chrome extension. You can import and edit them using this extension. You can install it from the official Chrome Store Page (shortened link): smb.page.link/store
What to do when the entire .bin firmware is showing as the LZMA compressed data? Weirdly showing a JPEG description as the first line in binwalk, so did skip= the number where the LZMA starts, then it's just all LZMA to the end, so my final dd command is dd if=firmware.bin skip= -of=firmware.lzma bs=1....... then did lzma -d and it had the same "compressed data is corrupt" error you had, but there was no file generated 🤔
Does this form the basis of how Jailbreaks happen? Like the PS3, older iOSes, the Wii (Homebrew Channel) etc. By reversing the firmware and uploading your own patch?
You are great at explaining what you are doing 👍 you should do more reverse engineering videos 🙂
This was awesome! Thanks
Very informative. Thanks man.
champion - encourage bored young people to look inside the machine - marvelous
hello engineer man, where do u find firmware updates? for fitbit especially?
Can’t give this video enough thumbs 👍👍👍
Binwalk shows empty result on my firmware file...entropy is all 1. what should I do
Very nice video. Is there any way to modify files in the firmware and pack this back to a new firmware?
Hey man, Ive been trying to make small ui changes to my router firmware. I tried extracting it, and replaced a few images , now how do i do the rest and make it a working firmware. can you please answer or suggest a video to watch and understand this kind of stuff. Ive been searching all over the internet for days, maybe i dont have the right words to search but i havent found anything useful yet. this video was the closest. Thank you in advance
Fabulous. Looking for instructions on how to put the firmware image back together after changing the spelling on one web page. Thinking some combination of mksquashfs and mkimage, but cannot find instructions that match the clarity of this video.
This is the video that will make me go down baaaaad, in the rabbit hole ;)
Very informative video , Thank you !
Is it possible to modify the extracted firmware? Recompile it then flash it back?
Where can one get more info on reverse engineering hardware? Is there a community out there?
Freakin Finally Im getting to the bottom of some of this !
This is a terrific video.
This was fascinating
great video as always, I got stuck at the unsquashfs part but kept watching anyway.
whenever I tried unsquashfs Linux it gave me this message "Can't find a SQUASHFS superblock on Linux" is there anything im missing? i followed along side the video and still hit this hiccup
would also be nice to see some ways would you would call best practice to modify and pack again back
great although i would've probably renamed your bin file and or your archive to something with a shorter name just for easier handling (ok using autocompletion does not give a crap about it but some people may want to read and understand your command). also what is that glow around your outline? i guess artifacts from a greenscreening solution...
How to re-compress it after changing?
This is amazing. More!!!
how to find and replace tv logo using this software.Can u do tutorial.
I got a question how did you learn this ?
ok after 30 hours of study I might be able to understand 1/8th of what you just showed.
WOW! Using DD? Impressive.
Hi, as you extract img file use it in a fresh start in a virtual box. If I'm wrong tech us install cases. Everything is a mind storm. Thanks.
If atmega328 mcu lock with lock bits high voltage programmer can reset lock bits without code or programe lossing?
Good stuff! Thanks!
If you could help me get a firmware for nikon d3300, which was C - 1.00 and L - 2.002 and this is what camera with the camera and this is what I need. After firmware update image quality is very bad.
I want know how to decompress zlib bin file?
Which linux distro do you use?
I am trying to reverse engineer a firmware and binwalk is giving up nothing. Do you know any effective tool to reverse a baremetal file? I don't think its a linux root file system and is not encrypted either. I just don't know how to do it in IDA pro or in ghidra etc. I can provide you the firmware if you or anyone else is interested. Its a Chinese goodie and I am just curious to know whats inside.
Would this also work with reverse engineering Nvidia vBIOS?!
any videos on reverse engineering intel 8051 binaries?
Hey man, which OS are you using in this video?
I'm using Xubuntu.
keep up good work bro :)
How would I get the firmware, if it’s being downloaded from a server into my computer and then into a device via USB?
try wireshark
@@elpsykongr00 so if I connect a device to my pc, and I have a program on that pc, that download a firmware and transfers it to the usb device, can that program then “get” the firmware?
How to re bundle it to binary
Can you help me with a Huawei modem to extract firmware friend?
Pro-Tip. dcfldd is dd with a status bar. Its pretty sweet
Huh, nice one. I didn't know about this tool. For progress I often did dd | pv | dd.
lol i wasn't expecting a reply from you haha keep up the good work! I found out about that tool while dual majoring in netsec and tech forensics 10 years ago, it can be a life saver
I read every comment, just not practical to respond to everything.
Hey there... I have a microscope. I would like to fix the firmware.. was Just wondering if you please could help me do this...
Please! More reverse engineering!!!
I tried this on the Telekom Speedport Smart firmware but binwalk didn't find anything.
Obfuscated I guess.
Took me one second to subscribe👌👍
this is wizzard level shit right here.
The OS in the title would help.
Was interested in phone OS/Firmware, thats what i though it was.
Awesome ! :)
hi you can help me for install on frameware in linux centos or anyone linux version on the hp server
Good day man.., very interesting vid here.. any way i can PM you..?
Anyone have any Experience
Making of the Kosher NOKIA Phone
of have Flash file
thank you but how compressed files after editing ?
Hey can you explain what happens in the the social network movie hacking scene where mark is stealing pictures from different houses using scripts? Would love an detailed explanation as to what's going on in the background.
Engineer Man reverse engineering? Morelike... Reenigne Man.
I dig it.
@@EngineerMan i would too, but it's clearly not a domain name
but... you did't reverse engineer any firmware :(
i wish that I wish I could understand so much I would like to solve a driver.
AI series please
do on jffs2
how to?
Plant 20 million trees #teamtrees
Some more firmwares for revesrse: mega.nz/folder/aWoGFS5B#6dvgkfn-W7HveZAEVXBhEg