ً

@0xricksanchez

Vulnerability researcher | Anything low-level excites me | Zoo manager @ | My tweets are my own |

0x434b.dev
加入于 2017年5月
151 个照片和视频 照片和视频

推文

你屏蔽了 @0xricksanchez

确定要查看这些推文吗?查看推文不会取消屏蔽 @0xricksanchez

  1. 置顶推文
    7月15日

    For the time being here is the 4th and final part of my little D-Link reversing blog:

    2回复 10 转推 36 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  2. 转推了
    8月3日

    Last time I blogged about how to write a custom firmware decryption routine for a bunch of Dlink firmware images and this is what happened. A thread:

    2回复 24 转推 71 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  3. 8月3日

    ... when there a more than enough willing people that are willing to provide you with a free pentest of your products. Wouldn't that be more beneficial?

    1 转推 2 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  4. 8月3日

    I mean I get that providing firmware integrity measures is useful and all but from what it looks like at first glance swapping out the certificate does not change anything? Also, why even bothering 'inventing' a home brew encryption scheme in the first place...

    1回复 1 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  5. 8月3日

    So is it just me who fails to see how changing the certificate solves the issue of "malicious users [...] changing the firmware that is loaded and executed by the device" when these exact people can just grab the latest firmware and unpack it again to do their research?

    1回复 1 转推 3 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  6. 8月3日

    This does not change the fact, that the binary responsible for decryption a firmware ('imgdecrypt') is still unchanged with all the same hard coded cipher constants that lets you unpack the new firmware without any modifications to the script

    1回复 1 转推 4 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  7. 8月3日

    "The firmware encryption key is unique to this router model and does not affect other models ". I guess they're referring to the fact that the public.pem certificate is different across devices. This is true. They even changed the certificate in the new hot fixed FW linked above

    1回复 2 转推 4 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  8. 8月3日

    "The issue is limited to the DIR-3040-US model", which is clearly not true as I have shown in my blog that you can unpack and grab all firmware image contents of at least the following models DIR-882, DIR-1960, DIR-2660, DIR-3060

    1回复 1 转推 2 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  9. 8月3日

    As a result was notified and made aware of this 'security issue' (which I don't think it is btw). They acknowledged it nevertheless and issued a new firmware update claiming the following:

    1回复 1 转推 2 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  10. 8月3日

    The possibility of decrypting these FW images was later confirmed by another researcher and the story was even picked up by

    1回复 1 转推 3 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  11. 8月3日

    Last time I blogged about how to write a custom firmware decryption routine for a bunch of Dlink firmware images and this is what happened. A thread:

    2回复 24 转推 71 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  12. 7月29日

    Honestly, this is so dope! Good visualizations help so much to grasp any concept

    0:28
    What's it like to be inside AFL? We wrote a tool to find out! Much much more to come, but it generates random programs which report real-time information over shared memory, then over websockets to a visualization!
    5 喜欢
    撤销
  13. 7月22日

    This is awkward...

    1 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  14. 7月22日

    I guess I can remove "getting quoted on a news site" from my bucket list now 😏✌️

    D-Link blunder: Firmware encryption key exposed in unencrypted image -
    2回复 8 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  15. 转推了
    7月15日

    For the time being here is the 4th and final part of my little D-Link reversing blog:

    2回复 10 转推 36 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  16. 7月16日

    Apparently some markdown code blocks broke, which I did not notice yesterday. Article should be all fixed now

    2 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  17. 7月15日

    Chapter 2020 is getting better by the minute :)

    2 转推 14 喜欢
    撤销
  18. 7月15日

    And here is the repo containing all the code

    2 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销
  19. 7月11日

    As the tweet gained so much traction I decided to update the repository with some categories and a handful of new papers! If I missed some good ones please hit me up or create a PR! I'll try to keep the list up 2 date with new publications :)!

    Don't know if you need this but I recently compiled a (non-exhaustive) list of academic papers related to fuzzing, binary analysis and exploit dev.. If you still need something to read during quarantine here you go:
    显示这个主题帖
    3 转推 12 喜欢
    撤销
  20. 7月10日

    Apparently you still need something to read 😁. I’ll extend and improve categorization within the next few days

    6 喜欢
    显示这个主题帖
    显示这个主题帖
    撤销

@0xricksanchez 尚未发过任何推文。

加载似乎需要一段时间。

Twitter 可能超载或出现了暂时故障。重试或访问 Twitter 状态以了解更多信息。

    你可能还喜欢

    ·