Router firmware modification and backdooring
Рет қаралды 27,580
6 жыл бұрынIn this video, I will demonstrate how to modify router firmware with router modification toolkit and put a basic msfvenom bind shell backdoor inside of it.
Please note that if you do anything wrong you may end up bricking the router.
firmware-mod-kit: github.com/rampageX/firmware-...
About me: I am Chirag Jariwala (@CJHackerz)
I am independent cybersecurity analyst and researcher and have been self-learner in this space quite for a while.
GitHub: github.com/CJHackerz
Twitter: / cjhackerz
LinkedIn: / cjhackerz
Our Facebook page: / sector443
@cjhackerz 2 жыл бұрын
I am still amazed how people watch this video and subscribe to my channel, with hope one day I will produce content. That's freaking amazing. Whoever who did you are awesome and I can't be less thankful. Time flies it been like ages ago I published this video, lot of stuff happened in my life from now on instead of having regret of not sharing knowledge I am going to take small steps in to the direction. As first I am removing Mr. Robot sound track since I realized "why I am letting someone else get money out of my content, where myself is not even eligible for YPR (KZbin Partner Program). Like that slowly I will make changes to channel as I find time. Again thanks for your attention, have a nice day!
@younesmessaoudi1440 2 жыл бұрын
Question: what's the point from backdooring a router if it's not gonna give you a reverse or bund shell to an external ip
@cjhackerz 2 жыл бұрын
@@younesmessaoudi1440 you can still get remote reverse shell on static IP, easy way is to use Kali Linux on free tier ec2 instance. That's how all botnets works. They Infact certain vulnerability and to maintain persistence they connect over remote server on cloud or dedicated one under control of attacker, which has static IP. In this video just for demo I gone with bind shell.
@linqui756 Жыл бұрын
Eu estava a procura de conhecimento para modificar os roteadores, tipo predefinir uma senha ou nome do Wi-Fi após reset
@technologic5031 11 ай бұрын
how are you bro? can you make more videos please?
@RX_100.0 7 ай бұрын
Still active??
@cyberghost8734 5 жыл бұрын
You are crazy dude actually it felt like elliot on his terminal taking down ecorp lol wish I had enough time and passion to be like you
@senlol7225 5 жыл бұрын
Subscribed from CS Army! :D
@linuxinside6188 3 жыл бұрын
Subscribed , plz upload more on reversing firmware , and IOT stuff .
@sam09metal 5 жыл бұрын
Damn, you really know your shit. Subbed! Here for future videos!
@cjhackerz 5 жыл бұрын
Thanks :D sure I will start uploading soon....
@RawApeFromAlbion 5 ай бұрын
Awesome
@rtdctatr 3 жыл бұрын
Nice
@tanmaybora359 3 жыл бұрын
You are awesome.... Please return back with new videos...
@cjhackerz 3 жыл бұрын
I wish I could do KZbin, but to show attacks in IoT Security further I need hardware which can cost me thousands of USD. And I don't have enough money to purchase recording gear as well. But if time permits I do have plans of covering various topics on ARM revsere engineering stuff. Good to see there are still people out there having intrest into my content, and I am extremely sorry for not delivering stuff.
@tanmaybora359 3 жыл бұрын
@@cjhackerz You can think about some other stuff realted to hacking which will be affordable to you...
@sunhaa3645 6 жыл бұрын
Second sub~ Really interesting.
@DeepakKumar-ym1wr 3 жыл бұрын
Cool
@aymana-bt9qn 4 күн бұрын
when i modify my Dlink Firmware and then return flashing in the router i get error image CRC failed how i can pybass this fanction and keep flashing right with out any error please help me
@luckybhawsar8701 4 ай бұрын
Hi please help me . after i build firmware i got an error : Firmware header not supported; firmware checksums may be incorrect.
@goodboy-yo5dm 2 ай бұрын
is this possible with .fskernal (zyxel modem) file update ? it has jffs2 and ubifs files in it
@msejahousemovement2185 Жыл бұрын
Is there a windows version of the software used int his video?
@proFFGaming2 Жыл бұрын
Can you tell me how we can change router Mac I'd, serial and model number?
@westernvibes1267 4 жыл бұрын
So backdooring firmware is a post exploitation technique? After you get admin access, to gain persistence?
@cjhackerz 4 жыл бұрын
Yes true it's post exploitation
@westernvibes1267 4 жыл бұрын
@@cjhackerz cool also one last question. Can we just unpack and repack every firmware with this tool?
@ozziecutanee8360 4 жыл бұрын
the second command you used "dd" how can i get it on my system?
@cjhackerz 4 жыл бұрын
dd (data duplicator) is available on all linux distribution by default
@narsoanelpistear239 4 жыл бұрын
I might be able to give me a course on firwmare router ... and changed some firwamre with jtag directly to the PCB. and wanted to play with firwmare..health of mexico
@eduardojosebetancourtdaboi8258 3 ай бұрын
Hola. Me puedes ayudar a degradar un firmware con mi Router? Desde que lo actualice a la versión más reciente me quedo en Router con problemas de red WiFi.
@yamdutislive978 Жыл бұрын
Can you unlock firmware locked by isp?
@watchingtheworldcollapsesl127 2 жыл бұрын
@CJHackerz is it possible to change the default username and password in the firmware itself, so that even if the router is reset the username and password does not change, ever
@cjhackerz 2 жыл бұрын
Yeah if you know what configuration responsible for credentials you can change them and upload modified firmware to router. The video itself is all about firmware modification my example is putting backdoor, in your case you can change the username and password in configuration file of network service (telnet etc.) But yeah after reset if you are using vendor provided firmware it will use the default username and password.
@internetid583 3 жыл бұрын
hello sir , how edit frimware mifi huawei e5577?
@auliahutapea1178 4 жыл бұрын
How about (unlzma kernel.lzma)=data corrupt.. how i can fix this??
@waldemarrenato6911 3 жыл бұрын
its better to use binwalk -e [name of the firmware file], than use dd
@larryslobster7881 3 жыл бұрын
Hey, when you used the command dd you should of set the block size bs to 1 and set skip to the place of the squashfs location just swapped them that why some get errors trying to unsquashfs after
@rumahwifi2483 4 жыл бұрын
Hey brother how can i do this for tenda?? I try folder in the desktop/firmware-mod-kit/src/others/squashfs-3.4- cisco# make -j4.. after this notworking???
@rumahwifi2483 4 жыл бұрын
root@hattahutapea:~/Desktop/firmware-mod-kit/src/others/squashfs-3.4-cisco# make -j4 make -C squashfs-tools make[1]: warning: jobserver unavailable: using -j1. Add '+' to parent make rule. make[1]: Entering directory '/root/Desktop/firmware-mod-kit/src/others/squashfs-3.4-cisco/squashfs-tools' gcc mksquashfs.o read_fs.o sort.o lzmainterface.o LzmaEnc.o LzFind.o LzmaDec.o -lz -lpthread -lm -lstdc++ -o mksquashfs /usr/bin/ld: mksquashfs.o: in function `create_inode': mksquashfs.c:(.text+0x2e03): undefined reference to `major' /usr/bin/ld: mksquashfs.c:(.text+0x2e10): undefined reference to `minor' collect2: error: ld returned 1 exit status make[1]: *** [Makefile:17: mksquashfs] Error 1 make[1]: Leaving directory '/root/Desktop/firmware-mod-kit/src/others/squashfs-3.4-cisco/squashfs-tools' make: *** [Makefile:4: all] Error 2 root@hattahutapea:~/Desktop/firmware-mod-kit/src/others/squashfs-3.4-cisco#
@akshayyadav5914 2 жыл бұрын
Can any way to extract a firmware from router?
@riccardodisalvatore1883 Жыл бұрын
Is it possible to change firmware, if I do so, to a network locked modem?
@danielpal06 2 ай бұрын
pudiste?
@mahirfr 3 жыл бұрын
my firmware is .img what to do?
@HawK40x 2 ай бұрын
What if I don't have firmware download able? Is there's any chance that I can get it from the router?
@cjhackerz 2 ай бұрын
Yes from either JTAG or flash memory you can either desolider flash chip and read it or hook up 8-pin SOIC adapter www.sparkfun.com/products/13153 which than you can wire it over SPI supported board to read data, raspberry pi for example. It has GPIO pins for SPI to read and write data.
@HawK40x 2 ай бұрын
@@cjhackerzhey is there's any chance that I can get your contact please? I got a project and I'm working on it I just want to ask some questions so I could study it more and try to break it
@raffaeleriddle 3 жыл бұрын
What if we can't access to router's admin panel?
@cjhackerz 3 жыл бұрын
You can exploit existing vulnerability to get shell or find your own RCE zero day :)
@mohammedhijela8950 4 жыл бұрын
How ubi Extract ?
@auliahutapea1178 4 жыл бұрын
Wow.. amazing.. can't edit this file on windows 7???
@cjhackerz 4 жыл бұрын
Commands only works for linux operating system. If u are interested to be IoT security I would recommend you to start learning kali linux, there plenty of KZbin channels teaching u that check out HackerSploit, TheCyberMentor.
@crellagecommunity7168 4 жыл бұрын
hey, man nice content one thing I really looking for a way of unlocking or debranding my rooter Smile 4G model: SM-LT200+ IMEI: 863081034379350, but the thing is it needs a 16byt pin not normal one 12 code for unlocking. What I know from my small knowledge is that they just full customize it and made to support one sim card and I even manage to get the chance of put those "unlock code" after tweaking the HTML coz they just hide it to not show off. Can U help me with that? hope u are not confused there.
@Nwafixto 3 жыл бұрын
I am also interested in the solution to your problem
@mnageh-bo1mm 5 жыл бұрын
really !!!!!! what if he resets the router what happens and where did the checksum before accepting the upgrade go ??
@cjhackerz 5 жыл бұрын
Good question... Backdoor is placed under /usr/bin folder where other core system binaries reside so when reset happens changes only applies to configuration files (which contains your router settings such as WiFi password, SSID, dhcp table, internet connection settings etc), not to core system programs or file system. Network routers don't perform checksum since the hash of the .bin file with each update doesn't remain same.
@mnageh-bo1mm 5 жыл бұрын
@@cjhackerz hi thanks for the detailed reply. .. can you a video about huawei router and decrypting it's config ... cause when i extracted the firmware files i didn't find any html files at all ! Here is the tutorial hg658c.wordpress.com/2017/12/04/decrypting-configuration-files-from-other-huawei-home-gateway-routers/
@storkille1745 3 жыл бұрын
CJHackerz Hey bro...good job btw. My router got hacked couple days ago. No matter what I did and how many times I reset my router. He got back in again in a sec. He got in first by PnUp port, I forgot to turn it off. But this guy is consistent, he comes back and back again. He replaced my original firmware so lot of security settings was removed, plus all the configuration I did never got to the system, only stayed in configuration file. I know the only way is to flash the thing, my router is huawei with Orange internet company in Morocco. Any tips on how to block this donkey
@larryslobster7881 3 жыл бұрын
They only do this when there is a automatic update from the internet it checks the checksum of the downloaded firmware vs it once its installed
@WoLFyy2009 3 жыл бұрын
its nice if u inject beef script inside index of router lol
@haechan9847 2 жыл бұрын
are you still active brother?
@user-pw5oo8pn5y 10 ай бұрын
Bro Can you Make More simple tutorial for beginners.
@morsianisdz5821 11 ай бұрын
I have a router i want to unlock it by modifying its frameware, like making it disable sim card checking or add sim card id to the whitelist or accepting any random NCK unlocking code Pleade help me I ll pay you
@zsbalak Жыл бұрын
Can I contact you? I wanna hire for a work.
@thanosfisherman 3 жыл бұрын
Could you reverse engineer a router firmware with the ultimate goal to extract the default WPA key generation algorithm? If yes then take my money.
@cjhackerz 3 жыл бұрын
Not sure about but yeah in the past people have indeed figured out flaws in WPS instead www.devttys0.com/2015/04/reversing-belkins-wps-pin-algorithm/ I am not that skilled yet.
@thanosfisherman 3 жыл бұрын
@@cjhackerz thanks. It appears that such a task would require some solid assembly skills.
@deltabravo58 3 жыл бұрын
'bs' and 'skip' at the beginning are right this way?!
@clearlyclearor Жыл бұрын
countless errors when i try it for my netis router
@jacobweaver8505 3 жыл бұрын
when i run "usquashfs rootfs.img" i get the following error? any idea what im doing wrong here? "Can't find a SQUASHFS superblock on rootfs.img"
@hb3643 7 күн бұрын
🧁🧁🧁 Sweet 🎂🎂🎂
@atharvmahajan4714 Жыл бұрын
I want your help sir so how I will contact you?
@HawK40x 27 күн бұрын
Hey i have alot of questions can i get ur Discord id or anything please?
@cjhackerz 26 күн бұрын
Same username on each and every site that exists on Internet
@Aleks1337. 5 жыл бұрын
Nice
@tomatobros Жыл бұрын
hey i get a 7z file when I "binwalk -e xx.bin" then i can't unpack that .7z file whats the sorcery?
TechnoVerse
Рет қаралды 13 М.
BestXYZshare
Рет қаралды 23 М.
Matt Brown
Рет қаралды 21 М.