Lexmark encrypts the firmware update packages provided to consumers, making the binary analysis more difficult. With little over a month of research time assigned and few targets to look at, NCC Group decided to remove the flash memory and extract the firmware using a programmer, firmware which we (correctly) assumed would be stored unencrypted. This allowed us to bypass the firmware update package encryption. With the firmware extracted, the binaries could be reverse-engineered to find vulnerabilities that would allow remote code execution.
...moreSummary
Total Articles Found: 1
Top sources:
Top Keywords:
Top Authors
Top Articles:
- Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)
Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)
Published: 2022-02-17 10:25:41
Popularity: 1
Author: Catalin Visinescu
Keywords: