My favourite thing about John is not his elite computing skills, its his ability to slot 'hey' into each sentence and it go almost unnoticed because he does it so well. We need a hey counter John!
You are insanely talented. You're super smart. I think people who reverse engineer firmware are some of the most intelligent among us and I aspire to be that spry. Have a nice day!
@@S0L4RW4V3 We are not hiring at the moment, BUT! IoT security is one of the most understaffed departments, so if this is your interest, and you pursue it, finding a job should be easy.
It has only been recent years where we started arguing to clients that they had to replace legacy firewalls. It used to be we didn't do anything with them if they were still working but then several high profile vulnerabilities pushed us into a updating and replacing program. It is crazy as we had clients with 15 year old firewalls at one point.
I'm still trying to process the three DNS powershell scripts that you analyzed recently. Watching you slice and dice those scripts was INSANE! Now I need to figure out how to get a text message when you create new content so I can pull my car to the side of the road and watch your stuff the second it comes out!
Being able to push out a bad firmware update to networked devices, takes a lot of patience but if you like that type of thing... Router firmware typically is a small file, just getting familiar with that can be fun too. Knowing how to modify and package 'bad code' is another whole skill-set. Printers are also fun, PRET helps with that, a bit of an older tool now too. They never patch , smart devices are lucky if they get one update 2 tops before its forgotten and forever vulnerable. I'd keep the hardware part, and software separate if its a topic you are going to spend time on. I'd be happy to see you go through it lol , make my brain itch.
Hey, there's this guy called save it for parts and basically he hacks hardware and firmware for just about anything, including reading satellites. Would think it would be pretty awesome for someone who's on the software side to team up with someone on the hardware side to do some bad ass hacks, ya know... for education and cuz people be broke... and omg cables be pricey
I see quite a few people upset cause its sponsored content so just wanted to come down here and say i thought the video was awesome. It brings to light an attac vector people often overlook and shows off a dope tool in the process. Keep up the good work brother!
Ironically this video is seeding an attack vector. Consider the false sense of security this video provides to the viewers. Security research is really fricking hard, these tools don't really help other than maybe give false sense of security or just make things way worse by amateurs using it to spam repositories with bogus CVEs.
Well thanks for writing this because RUclips Vanced skips sponsorships and I was wondering why it skiped half of the video (litterally) I was starting to get disappointed by the app but since you're saying that it really was a sponsorship then I guess it's normal
TL;DR be weary of people promising easy buttons, there ain't no such thing... I vomited at that sponsor. There's a lot of bogus CVE claims and such automation tools presented as a solution is harmful to security in my opinion. Security is hard, this could easily give someone who doesn't know much about it a false sense of security which in itself is bad and should be presented with those caveats mentioned rather than as a good tool.
We understand that security is complex and there are no easy solutions. BugProve is designed to assist security professionals by automating repetitive tasks, not to replace them. We take CVE claims seriously and strive to minimize false positives. Our goal is to educate users about the tool's limitations, ensuring it complements a broader security strategy. Program analysis and automated vulnerability discovery are challenging, so some false positives are unavoidable. However, static analysis techniques like abstract interpretation and data flow analysis are well-regarded in academia for their effectiveness, despite their limitations. These methods help optimize and secure systems and are indispensable in many safety-critical domains such as aerospace and defense. In less safety-critical domains, such as IoT, budget constraints have often left end-user and consumer security risks overlooked, creating a false sense of security. We're working to change that by equipping embedded developers and product security engineers with powerful tools to tackle these challenges. While we prioritize delivering an easy-to-use experience, we emphasize that maintaining a mature secure software development cycle, vulnerability management process, and secure coding practices in C and C++ is not easy. We value your concerns and are committed to transparency and continuous improvement. I hope this addresses some of your concerns. Best regards, Attila, BugProve
A bit of a stinker, John. You're normally not one to sucker viewers into videos that are basically an ad. It'd be great if you can hint to videos being ads in the title or image.
IoT Reverse Engineering? A P1G, Like You CANT Do That. YOUR GOD Can. 1: Firmware (Software), is Obfuscated. You Simply Cant Look at it and Reverse Engineer. How it Works is Hidden in Billions of Lines of Code. The MINIONS are Very Big. They Can. (20 to 40 Years). US: (40 to 80) Years. You: You Have to Wait a Million Years, before You EVOLVE into Something Else. 2: That Firmware, Calls Functions Hidden in Silicone. Its Very Expensive to Reverse Large Silicone Chips. How Did "I" Do it. OUR: Wifi and 4G/LTE and 10 Gigabit Ethernet and HOW the PCI Express Bus Works. We Could Make That. Just Not Compatible with Theirs. IT IS NOW. "I" Can, See 100 Kilometres. "I" Can Recognise THAT ARM CORTEX A-57 CPU. (And Hardware Devices, Using it) "I" Can Recognise: Which Android Emulators to Reverse Engineer - To figure Out How That A-57 CPU, Works. Like How, Were Reverse Engineering Macintosh. Like, I Can SEE: MicroFocus is Microsoft/Intel. Fujitsu is IBM/ORACLE. SONY is TCL/ALCATEL LUCENT. Motorola is Apple. "I" Can Recognise - Which Hardware to ATTACK (To Figure Out: How to Do WiFi, 4G/LTE, 10 Gigbit Ethernet, PCI Express Bus). My Father CANT See 100 Kilometres Like I Can. Fujitsu: Thinks there's Lots of companies, Using The RED Colour for its Logos. That's Not the Case for Me. The RED, Fujitsu is Using, isn't The Same as The Red that Other Companies are Using.
My favourite thing about John is not his elite computing skills, its his ability to slot 'hey' into each sentence and it go almost unnoticed because he does it so well. We need a hey counter John!
now am listening keenly 😂😂
I think I'm gonna plug his channel into a tool that searches caption data and search for 'hey' lol
Dark mode is on the roadmap, no worries.
This is cool, are you hiring😮? I'm an IOT noob tho😢. If you are hiring, ...after I finish my cpts I will be applying haha. So cool
You are insanely talented. You're super smart. I think people who reverse engineer firmware are some of the most intelligent among us and I aspire to be that spry. Have a nice day!
@@S0L4RW4V3 We are not hiring at the moment, BUT! IoT security is one of the most understaffed departments, so if this is your interest, and you pursue it, finding a job should be easy.
Do you guys keep copies of all the binaries uploaded? Are you guys hoarding a bunch of stolen firmware? 🤔
It has only been recent years where we started arguing to clients that they had to replace legacy firewalls. It used to be we didn't do anything with them if they were still working but then several high profile vulnerabilities pushed us into a updating and replacing program. It is crazy as we had clients with 15 year old firewalls at one point.
Glad you took time to read the article!
Yay! Im an EE in embedded firmware, I love seeing you do this. Please more!
*Whenever you make a video it is always helpful and I get to learn something new!*
Please make a series about firmware analysis and bug hunting! Absolut cool stuff and would love to learn more about it!
I'm still trying to process the three DNS powershell scripts that you analyzed recently. Watching you slice and dice those scripts was INSANE! Now I need to figure out how to get a text message when you create new content so I can pull my car to the side of the road and watch your stuff the second it comes out!
Amazing. Might have to talk to my dad about changing our wifi password tho
I used telnet to connect to my router and netcat to dump all files and memory.
Being able to push out a bad firmware update to networked devices, takes a lot of patience but if you like that type of thing... Router firmware typically is a small file, just getting familiar with that can be fun too. Knowing how to modify and package 'bad code' is another whole skill-set. Printers are also fun, PRET helps with that, a bit of an older tool now too. They never patch , smart devices are lucky if they get one update 2 tops before its forgotten and forever vulnerable. I'd keep the hardware part, and software separate if its a topic you are going to spend time on. I'd be happy to see you go through it lol , make my brain itch.
Hey, there's this guy called save it for parts and basically he hacks hardware and firmware for just about anything, including reading satellites. Would think it would be pretty awesome for someone who's on the software side to team up with someone on the hardware side to do some bad ass hacks, ya know... for education and cuz people be broke... and omg cables be pricey
I see quite a few people upset cause its sponsored content so just wanted to come down here and say i thought the video was awesome. It brings to light an attac vector people often overlook and shows off a dope tool in the process.
Keep up the good work brother!
Ironically this video is seeding an attack vector. Consider the false sense of security this video provides to the viewers.
Security research is really fricking hard, these tools don't really help other than maybe give false sense of security or just make things way worse by amateurs using it to spam repositories with bogus CVEs.
The guy's vocabulary burst 50 nerves in less than 1ns.
Was waiting for this for quite a while tbh.. thanks! :)
Woah BugProve looks cool
you're the only youtuber whose videos i have to slow down.
😊Lots of love from Nepal..!❤
I really like how Cyber Security researchers are coming on RUclips and teaching us stuff for absolutely FREE.
Thanks JH.❤️🔥
That would be pretty interesting. Opening a firmware to a forrest camera, and finding a bunch of stuff there.
Thanks for posting
Absolutely amazing, thank you John!!
Pls show us how to use esp32 to manuclipate networks
Kavigihan is also a very good box creator on HTB 😉 Hi Kavi !
I hope to see more similar content for hardware hacking
this ad for this video is longer than the content
yeah, John has done that before for example about some laptop. I was thinking maybe he'll show some reversing but no the whole video is just an ad.
Well thanks for writing this because RUclips Vanced skips sponsorships and I was wondering why it skiped half of the video (litterally)
I was starting to get disappointed by the app but since you're saying that it really was a sponsorship then I guess it's normal
Thanks
Awesome, wanna c more, keep up the good work
Pretty fun commercial.
BugProve doesn't work for my embedded devices, but the idea is awesome.
I'll catch up on this on tiktok ;) seriously though. Thanks for all you do John!
1:25 not using ublock origin?😜
You Are The Best
If Jhon said " i don't know... " he's going to master the it😊👋
Any link to binwalk or those tool developers like if the utility of the tools are usually this bit intense what about the tools creat? 😲😲😲😲
It does not support .bin file
❤❤Super ❤❤❤❤
Hello 👋
Nice
A big sponsor chunk
at least can we see the password?!
😀😀
Openwrt
not great, just a long form ad lol
TL;DR be weary of people promising easy buttons, there ain't no such thing...
I vomited at that sponsor.
There's a lot of bogus CVE claims and such automation tools presented as a solution is harmful to security in my opinion.
Security is hard, this could easily give someone who doesn't know much about it a false sense of security which in itself is bad and should be presented with those caveats mentioned rather than as a good tool.
We understand that security is complex and there are no easy solutions. BugProve is designed to assist security professionals by automating repetitive tasks, not to replace them. We take CVE claims seriously and strive to minimize false positives. Our goal is to educate users about the tool's limitations, ensuring it complements a broader security strategy.
Program analysis and automated vulnerability discovery are challenging, so some false positives are unavoidable. However, static analysis techniques like abstract interpretation and data flow analysis are well-regarded in academia for their effectiveness, despite their limitations. These methods help optimize and secure systems and are indispensable in many safety-critical domains such as aerospace and defense.
In less safety-critical domains, such as IoT, budget constraints have often left end-user and consumer security risks overlooked, creating a false sense of security. We're working to change that by equipping embedded developers and product security engineers with powerful tools to tackle these challenges. While we prioritize delivering an easy-to-use experience, we emphasize that maintaining a mature secure software development cycle, vulnerability management process, and secure coding practices in C and C++ is not easy.
We value your concerns and are committed to transparency and continuous improvement. I hope this addresses some of your concerns.
Best regards,
Attila, BugProve
Lmao vampire
First
fuck :P
My GOD... TP-LINK in certain cases... leave me... open mouth.
A bit of a stinker, John. You're normally not one to sucker viewers into videos that are basically an ad. It'd be great if you can hint to videos being ads in the title or image.
second
Bugprove literally looks like they stole my buddy’s tool ReFirm (which Microsoft bought) and called it a different name.
IoT Reverse Engineering? A P1G, Like You CANT Do That. YOUR GOD Can.
1: Firmware (Software), is Obfuscated. You Simply Cant Look at it and Reverse Engineer. How it Works is Hidden in Billions of Lines of Code. The MINIONS are Very Big. They Can. (20 to 40 Years). US: (40 to 80) Years. You: You Have to Wait a Million Years, before You EVOLVE into Something Else.
2: That Firmware, Calls Functions Hidden in Silicone. Its Very Expensive to Reverse Large Silicone Chips.
How Did "I" Do it. OUR: Wifi and 4G/LTE and 10 Gigabit Ethernet and HOW the PCI Express Bus Works.
We Could Make That. Just Not Compatible with Theirs. IT IS NOW.
"I" Can, See 100 Kilometres. "I" Can Recognise THAT ARM CORTEX A-57 CPU. (And Hardware Devices, Using it)
"I" Can Recognise: Which Android Emulators to Reverse Engineer - To figure Out How That A-57 CPU, Works. Like How, Were Reverse Engineering Macintosh. Like, I Can SEE: MicroFocus is Microsoft/Intel. Fujitsu is IBM/ORACLE. SONY is TCL/ALCATEL LUCENT. Motorola is Apple.
"I" Can Recognise - Which Hardware to ATTACK (To Figure Out: How to Do WiFi, 4G/LTE, 10 Gigbit Ethernet, PCI Express Bus).
My Father CANT See 100 Kilometres Like I Can.
Fujitsu: Thinks there's Lots of companies, Using The RED Colour for its Logos. That's Not the Case for Me. The RED, Fujitsu is Using, isn't The Same as The Red that Other Companies are Using.
Nice