A couple of days ago I bought an air conditioner. The system has a wireless module. By analyzing the ports, I could see that port 22 is open.
I have obtained the file that is responsible for managing the connection with the outside and internally (the interface).
The file is of type BFLT executable - version 4 ram. Here is more detailed information. (extracted from radare)
type bFLT (Executable file) class bflt file backupServer arch arm fd 6 bits 32 size 0x3d804 machine unknown iorw t true os Linux blksz 0x0 minopsz 4 mode -r-- maxopsz 4 block 0x100 pcalign 4 format bflt subsys Linux havecode true endian little pic false stripped false canary false static true nx false linenum false crypto false lsyms false va false relocs false bintype bflt binsz 251908 This file I have been able to virtualize with qemu-arm.
In the BFLT files there is a section containing all the string and using IDA Pro with the bfltldr plugin to relocate the strings. For debugging I have used the architecture arm litte endian generic
Analyzing the application with IDA Pro, I was able to observe that it expects from the outside some commands with a format and some parameters.
The parameters I have but the arguments do not as it is complicated to debug without having any kind of information about the name of each function.
The operating system used by the application I think is GNU/Linux or a variant.
My goal is to analyze the arguments and parameters that are passed via socket to try to find some vulnerability (buffer overflow, ...) and inject a shell to open a backdoor.
The problem I have is that I find it costly to debug the application since in IDA Pro are the memory addresses in the functions and I would like to know if there is any change memory addresses, by the names of known functions of the GNU/Linux.
