Dissecting Firmware Images Only Knowing The Target Device

If you have not read part 1, you can view it here: https://medium.com/codex/reverse-engineering-bare-metal-low-level-kernel-images-with-qemu-getting-started-c705b7b14d35

Now that we have our environment set up, we are now ready to reverse the binary! For this, I will be demonstrating how to do a basic ret2text exploit using a CTF challenge I wrote for UMDCTF, Furor. You can download a copy of this here: https://github.com/UMD-CSEC/UMDCTF-2021-Public-Challenges/tree/master/Pwnables/furor

Since there are a lot of concepts to cover just with solving this CTF challenge, we are going to break this into two articles: one focused on initial high-level reversing and another focused on in-depth reversing of ARM and exploitation.

I am WittsEnd2 — Founder of Ragnar Security. My mission is to give everyone to make complex cybersecurity topics easier to learn. Particularly, I focus on teaching Binary Exploitation and Reverse Engineering.

Why did I start doing Reverse Engineering and Binary Exploitation?

I started to learn Reverse Engineering as a way to solve difficult challenges. Take for example CTF Challenges focused on Reverse Engineering. They are designed to find a flag (generally in a format like FLAG{}), and if you are successful, you get points for your team. Professionally, this is similar to any other software. …

I am WittsEnd2, founder of Ragnar Security. Today, we will be exploring Seccomp, a Linux kernel security feature. We will explore this through the challenge insecure_seccomp from UIUCTF. Some of the things we will discuss is:

  • What is Seccomp?
  • Why is it useful?
  • What happens when you misconfigure it and the instance has a vulnerability.

If you have not already, follow us on:

What is Seccomp?

Seccomp is a system call in the Linux kernel which restricts what other system calls the user can execute (one of the messages Seccomp uses when a user is…

Hello everyone, I am WittsEnd2: founder of Ragnar Security, and I will be continuing to teach you how to reverse engineer (and exploit) bare-metal firmware. In part three, we are going to be focusing on analyzing assembly from the CTF Challenge I wrote — furor. We will explore some of the important concepts of ARM (32 bit) and some things to look out for when reverse engineering and exploiting ARM.

There are some concepts in part one and part twothat we do not go over in part three. It is a good idea to read them prior to continuing (or…

This tutorial will be a part of a series for bare metal reverse engineering

My curiosity for embedded systems has grown since taking when I took apart a few Android phones. Although not an embedded system itself, I knew that phones were going to eventually overtake computers; thus, I wanted to learn more about them. That’s when I began learning ARM and encountering many similarities between them and embedded devices. After that, it was off to the races for me: I started learning everything there is to know about embedded devices.

What is an embedded system? — An embedded system…

I am WittsEnd2 — Founder of Ragnar Security. My mission is to give everyone to make complex cybersecurity topics easier to learn. Particularly, I focus on teaching Binary Exploitation and Reverse Engineering.

One weekend, bored because COVID decided to shut everything down, my friend and I decided to take apart a couple of phones for the fun of it. The phones that we took apart were the Motorolla E (2nd Generation). Our goal was to see the internals of the phone and determine whether we could put them back together.

Taking Apart the Motorola E

The approach we decided to take to take apart the…

In the previous article, we discussed the origins of vulnerabilities and how having an offensive mindset can be a great tool for defense. Now, we are going to learn the fundamentals of assembly code because it is the foundation for reverse engineering. In addition, most binary disassembly software are not able to translate bytes into C-like code (except for Ghidra, and there are a few exceptions to this that we will talk about later).

As mentioned before, assembly languages can be thought of as a list of instructions that describes exactly what the computer is doing. …

When people think about binary exploitation, they might think of Mr. Robot, hacking things quickly, and being able to gain access to some secret E-Corp server. The truth is, exploitation and hacking are slow, meticulous, and requires a lot of patience. By learning it, we will learn how to secure our software. It’s a puzzle that evolves continuously and there is always something to learn from it. In this series of blog posts, we will be learning secure coding through the eyes of an attacker. …

We are creating this post to share my initiative to create an open source repository for CTF Tools. The objective of this is to figure out ways to make solving difficult CTF challenges easier and discover innovative ways to solve common cyber security issues together. This effort requires all of us to come together to develop, critique, and learn about cyber security.

There are already many tools out there such as brute-force scripts, angr, Z3, etc; however, the repository will condense this into one place and hopefully develop a more plug-and-play aspect to the code we add. Some of the…

Cyber-attacks come in all shapes and forms: DDOS, identity theft, and spyware; however, ransomware is now becoming one of the most common types. It gained in popularity because Bitcoin made it significantly easier to receive anonymous payments. As a result, most ransomware encrypts files to disable a user/computer system and bribe the victim to unlock the computer. This has successfully been achieved many times with the likes WannaCry, TeslaCrypt, and the targeted attack on Baltimore City. As we continue today, we will analyze how the malware originated, current trends, and how to protect yourself from the malware.

Ransomware has been…

Ragnar Security

Shielding you from security vulnerabilities!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store