Summary

Total Articles Found: 3

Top sources:

Top Keywords:

Top Authors

Top Articles:

  • Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)
  • Tool Release: Sinking U-Boots with Depthcharge
  • Properly Signed Certificates on CPE Devices

Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)

Published: 2022-02-17 10:25:41

Popularity: 1

Author: Catalin Visinescu

Keywords:

  • Hardware & Embedded Systems
  • Reverse Engineering
  • Lexmark encrypts the firmware update packages provided to consumers, making the binary analysis more difficult. With little over a month of research time assigned and few targets to look at, NCC Group decided to remove the flash memory and extract the firmware using a programmer, firmware which we (correctly) assumed would be stored unencrypted. This allowed us to bypass the firmware update package encryption. With the firmware extracted, the binaries could be reverse-engineered to find vulnerabilities that would allow remote code execution.

    ...more

    Tool Release: Sinking U-Boots with Depthcharge

    Published: 2020-07-22 16:00:49

    Popularity: 1

    Author: Jon Szymaniak

    Keywords:

  • Hardware & Embedded Systems
  • Research
  • Tool Release
  • Depthcharge
  • embedded systems
  • U-Boot
  • Depthcharge is an extensible Python 3 toolkit designed to aid security researchers when analyzing a customized, product-specific build of the U-Boot bootloader. This blog post details the motivations for Depthcharge’s creation, highlights some key features, and exemplifies its use in a “tethered jailbreak” of a smart speaker that leverages secure boot functionality. I boot, you … Continue reading Tool Release: Sinking U-Boots with Depthcharge →

    ...more

    Properly Signed Certificates on CPE Devices

    Published: 2020-02-04 09:04:08

    Popularity: None

    Author: m4ttlewis

    Keywords:

  • Cryptography
  • Hardware & Embedded Systems
  • Research
  • UK/European Research
  • Certificates
  • CPE
  • Router
  • 🤖: ""Secure Certs Only""

    During late January 2020, a hot topic surfaced between security professionals on an issue that has historically had different proposed solutions. This blog post seeks to explore these solutions and identify pragmatic approaches to risk reduction on this specific issue concerning Customer Premises Equipment (CPE) security. Two security researchers (Tom Pohl and Nick Starke) analysed … Continue reading Properly Signed Certificates on CPE Devices →

    ...more

    end