Top Internet of Things Daily & Weekly

Peering Into Firmware

Peering Into Firmware  #IoT #Cloud #BigData

  • Today, I’m going to show you how to use binwalk to extract a kernel image and filesystem from a firmware using embedded Linux.
  • I’m going to use the firmware image from TP-Link’s NC200 Cloud Camera.
  • You can download the firmware image from TP-Link’s site if you want to follow along.
  • You can use the other if you’d like something slightly different.
  • We have another one, too; take a look filesystem is very interesting — this is where the binaries that provide the cloud and camera services live.

Learn how to use binwalk to extract a kernel image and filesystem from a firmware image from TP-Link’s NC200 Cloud Camera using embedded Linux.

@craigbrownphd: Peering Into Firmware #IoT #Cloud #BigData

Today, I’m going to show you how to use binwalk to extract a kernel image and filesystem from a firmware using embedded Linux. This is actually a very common configuration; embedded Linux is a very popular alternative to writing your own embedded system from scratch.

I’m going to use the firmware image from TP-Link’s NC200 Cloud Camera. You can download the firmware image from TP-Link’s site if you want to follow along. And seriously, kudos to TP-Link — if you look around their site, they’re distributing the source code they’re using in their devices. Granted, I think that GPL compliance is part of the reason they’re doing it, but still, other companies don’t and it’s a really good idea. It allows folks to start to develop their own apps on TP-Link’s devices, potentially creating an IoT platform for TP-Link. It also gives cybersecurity researchers something to work with so they can find potential problems before others do. Good for them.

Anyway, let’s look at the NC200 firmware. They have two versions up. I downloaded the A version for this. You can use the other if you’d like something slightly different. First, let’s take a quick look through the contents:

This by itself is interesting. We can already see the bootloader used, the kernel, the target CPU architecture, and the filesystem type. JFFS2 is what OpenWRT uses, too, by the way.

But we can go farther than this – check this out:

Now, move into the _NC200_2.1.7_Build_160315_Rel.27420.bin.extracted directory and take a look around. The bootloader image is in the 19E70 file and the kernel components are in the _1F160.extracted directory. The filesystem, uncompressed, is in the jffs2-root directory. We have another one, too; take a look at _NC200_2.1.7_Build_160315_Rel.27420.bin.extracted/_1F160.extracted/_432000.extracted/cpio-root.

The filesystem is very interesting — this is where the binaries that provide the cloud and camera services live. We’ll take a closer look at these next.

Peering Into Firmware