34
Firmware Analysis of Linksys E900 v. 1.0.09.002 HID Linksys E900 v. 1.0.09.002 Device Name E900 Vendor Linksys Device Class Routers Version 1.0.09.002 Release Date 1970-01-01 Size 7.39 MiB (7,746,560 Byte)

Firmware Analysis of Linksys E900 v. 1.0.09

  • Upload
    others

  • View
    9

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Firmware Analysis of Linksys E900 v. 1.0.09

Firmware Analysis of Linksys E900 v. 1.0.09.002

HID Linksys E900 v. 1.0.09.002Device Name E900Vendor LinksysDevice Class RoutersVersion 1.0.09.002Release Date 1970-01-01Size 7.39 MiB (7,746,560 Byte)

Page 2: Firmware Analysis of Linksys E900 v. 1.0.09

Unpacker (v. 0.7)

Plugin generic carverExtracted 2Output:

DECIMAL HEXADECIMAL DESCRIPTION——————————————————————————–0 0x0 BIN-Header, board ID: E900, hardware version: 4702, firmware version: 1.0.0, build date: 2018-08-0832 0x20 TRX firmware header, little endian, image size: 7745536 bytes,CRC32: 0x756770AD, flags: 0x0, version: 1, header size: 28 bytes, loader offset: 0x1C, linuxkernel offset: 0x14FDFC, rootfs offset: 0x060 0x3C gzip compressed data, maximum compression, has original file name: ”piggy”, from Unix, last modified: 2018-08-08 05:28:281375772 0x14FE1C Squashfs filesystem, little endian, non-standard signature, version 3.0, size: 6365444 bytes, 1718 inodes, blocksize: 65536 bytes, created: 2018-08-08 05:33:15

Entropy 0.89

1

Page 3: Firmware Analysis of Linksys E900 v. 1.0.09

File Type (v. 1.0)

File Type dataMIME application/octet-streamContaining Files application/CDFV2 (2)

application/gzip (1)application/octet-stream (3)application/x-executable (67)application/x-object (27)application/x-sharedlib (116)filesystem/squashfs (1)image/gif (42)image/jpeg (8)image/png (17)image/x-icon (1)inode/symlink (7)text/plain (990)

2

Page 4: Firmware Analysis of Linksys E900 v. 1.0.09

Binwalk (v. 0.5.2)

Signature Analysis:

DECIMAL HEXADECIMAL DESCRIPTION——————————————————————————–0 0x0 BIN-Header, board ID: E900, hardware version: 4702, firmware version: 1.0.0, build date:2018-08-0832 0x20 TRX firmware header, little endian, image size: 7745536 bytes, CRC32: 0x756770AD,flags: 0x0, version: 1, header size: 28 bytes, loader offset: 0x1C, linux kernel offset: 0x14FDFC,rootfs offset: 0x060 0x3C gzip compressed data, maximum compression, has original file name: ”piggy”, from Unix,last modified: 2018-08-08 05:28:281375772 0x14FE1C Squashfs filesystem, little endian, non-standard signature, version 3.0, size:6365444 bytes, 1718 inodes, blocksize: 65536 bytes, created: 2018-08-08 05:33:15

Entropy GraphSummary:

Base64 standard index tableBoot section Start 0x14 End 0x10000Boot section Start 0x17 End 0x10000Boot section Start 0x2A End 0x0CRC32 polynomial tableCopyright string: ”Copyright (C) 1998-2001 Angus Mackay.”Copyright string: ”Copyright (C) 2008 Matthew Strait

3

Page 5: Firmware Analysis of Linksys E900 v. 1.0.09

Copyright string: ”Copyright (C) 2008 Matthew Strait; See ../LICENSE”Copyright string: ”Copyright (C) 2009Copyright string: ”Copyright (C) 2009 Matthew Strait; See ../LICENSE”Copyright string: ”Copyright (C) Paul Johnston 1999 - 2000. * Updated by Greg Holt 2000 - 2001.* See http://pajhome.org.uk/site/legal.html for det”Copyright string: ”Copyright (C) Paul Johnston 1999 - 2002.”Copyright string: ”Copyright (c) 1989 The Regents of the University of California.”Copyright string: ”Copyright (c) 1990Copyright string: ”Copyright (c) 2000-2017 Simon Kelley”Copyright string: ”Copyright (c) 2001-3 Shane Hyde and others”Copyright string: ”Copyright (c) 2009 John Resig”Copyright string: ”Copyright 1988Copyright string: ”Copyright 1996-1999Copyright string: ”Copyright 1996-2001Copyright string: ”Copyright 1996-2001 Kunihiro Ishiguro.”Copyright string: ”Copyright 2002 Roaring Penguin Software Inc.”Copyright string: ”Copyright 2003Copyright string: ”Copyright 2004-2010 Internet Systems Consortium.”Copyright string: ”Copyright 2007 Tzolkin Corporation”Copyright string: ”Copyright 2009Copyright string: ”copyright information.”Copyright string: ”copyright.asp”); %>”Copyright string: ”copyright.bind”Copyright string: ”copyright{font-size:11px; text-align:right;}”ELFExecutable scriptGIF image data 14716 x 24873HTML document footerHTML document headerJPEG image dataLinux kernel version 2.6.22Neighborly textOpenSSL encryptionPEM RSA private keyPEM certificatePrivate key in DER format (PKCS header length: 4SHA256 hash constantsSquashfs filesystemUbiquiti firmware headerUnix path: /dev/gpio/controlUnix path: /dev/gpio/inUnix path: /etc/config/resolv.confUnix path: /etc/iproute2/ematch mapUnix path: /etc/iproute2/rt dsfieldUnix path: /etc/iproute2/rt realmsUnix path: /etc/l7-protocols/name.patUnix path: /etc/udev/udev.confUnix path: /home/hhm/work/E900 0828/E900 v1.0.06.002/src/bcmcrypto/bn.c

4

Page 6: Firmware Analysis of Linksys E900 v. 1.0.09

Unix path: /home/hhm/work/E900 0828/E900 v1.0.06.002/src/bcmcrypto/random.cUnix path: /home/hhm/work/E900 0828/E900 v1.0.06.002/src/router/nas/nas wksp.cUnix path: /home/hhm/work/E900 0828/E900 v1.0.06.002/src/router/nas/nas wksp radius.cUnix path: /home/hhm/work/E900 0828/E900 v1.0.06.002/src/wps/brcm apps/linux/wps linux main.cUnix path: /sys/kernel/uevent seqnumUnix path: /sys/net/ipv4/ip dynaddrUnix path: /sys/net/ipv4/ip forwardUnix path: /usr/bin/brcm53115 util arl write 0 333300000001 1 1 0 0 286Unix path: /usr/gnemul/riscos/Unix path: /usr/lib//ip/link %s.soUnix path: /usr/lib//tc/Unix path: /usr/lib/iptablesUnix path: /usr/lib/libc.so.1Unix path: /usr/lib/pppd/2.4.4Unix path: /usr/local/etc/bpalogin.confUnix path: /usr/local/lib/iptablesUnix path: /usr/local/sbinUnix path: /usr/local/ssl”Unix path: /usr/local/ssl/libUnix path: /usr/local/ssl/lib/enginesUnix path: /usr/local/ssl/privateUnix path: /usr/local/zebra/etc/Zebra.confUnix path: /usr/local/zebra/etc/ripd.confUnix path: /usr/local/zebra/etc/ripngd.confUnix path: /usr/local/zebra/etc/zebra.confUnix path: /usr/sbin/arpUnix path: /usr/sbin/check http.sh &Unix path: /usr/sbin/dhclient -6 -dec -sf %s -lf %s -pf %s %sUnix path: /usr/sbin/dhclient -nw -cf %s -sf %s -lf %s -pf %s -bm %s %s &Unix path: /usr/sbin/dhclient -r %s -cf %s -sf %s -lf %s -pf %s %sUnix path: /usr/sbin/dhcpdUnix path: /usr/sbin/httpdUnix path: /usr/sbin/ipUnix path: /usr/sbin/ip -6 del %s/%sUnix path: /usr/sbin/ip -6 routeUnix path: /usr/sbin/ip -6 route add %s/%s dev %sUnix path: /usr/sbin/ip -6 route add default via ::%s dev 6rd metric 1Unix path: /usr/sbin/ip -6 route del %s/%d dev %sUnix path: /usr/sbin/ip -6 route del %s/%sUnix path: /usr/sbin/ip -6 route del defaultUnix path: /usr/sbin/ip -6 route flush table 200Unix path: /usr/sbin/ip -6 route show defaultUnix path: /usr/sbin/ip -6 tunnel add %s mode ipip6 remote %s local %s dev %sUnix path: /usr/sbin/ip -f inet6 addr flush %s scope globalUnix path: /usr/sbin/ip tunnel add %s mode sit ttl 64 remote any local %sUnix path: /usr/sbin/ip tunnel del %sUnix path: /usr/sbin/l2tp-control ”start-session %s”Unix path: /usr/sbin/lld2d %s

5

Page 7: Firmware Analysis of Linksys E900 v. 1.0.09

Unix path: /usr/sbin/nvram set action service=commitUnix path: /usr/sbin/nvram set action service=wsc pushbuttonUnix path: /usr/sbin/ping6 -s %s -O %s %s %s &Unix path: /usr/sbin/sendmailUnix path: /usr/sbin/traceroute -I -O %s -T 2 %s &Unix path: /usr/sbin/tzoupdate-1.11 -t tzo-echoUnix path: /usr/sbin/wcnparseUnix path: /usr/share/magicUnix path: /var/db/dhcpd6.leasesUnix path: /var/lib/cvsroot/E3000/src/router/dhcp/dst/dst support.cUnix path: /var/lib/cvsroot/E3000/src/router/dhcp/dst/hmac link.cUnix path: /var/lib/misc/dnsmasq.leasesUnix path: /var/lock/ntpclientUnix path: /var/log/messUnix path: /var/log/mess”Unix path: /var/log/radvd.logUnix path: /var/run/dhclient.pidUnix path: /var/run/dhcp6c-wan.pidUnix path: /var/run/dhcpc-wan.pidUnix path: /var/run/dhcpd.pidUnix path: /var/run/dhcpd6.pidUnix path: /var/run/httpd.pidUnix path: /var/run/l2tpctrlUnix path: /var/run/mDNSResponder.pidUnix path: /var/run/nlinkd.pidUnix path: /var/run/pptp/%sUnix path: /var/run/pptp/%s:%iUnix path: /var/run/radvd.pidUnix path: /var/run/ripd.pidUnix path: /var/run/ripngd.pidUnix path: /var/run/syslogd.pidUnix path: /var/run/utmpUnix path: /var/run/wm-httpd.pidUnix path: /var/run/zebra.pidXML documentbzip2 compressed dataeCos RTOS string reference: ”ecos”eCos RTOS string reference: ”ecos”;”gzip compressed datamcrypt 2.2 encrypted dataTRX firmware headerBIN-Header

6

Page 8: Firmware Analysis of Linksys E900 v. 1.0.09

IPs and URIs (v. 0.4.2)

IPs v4 list is emptyIPs v6 [’::1b’, ”]

[’::f6’, ”]URIs list is emptySummary:

0.0.0.00.0.7.60.1.0.160.1.1.00.2.3.1490:0:0:0:0:0:0:01.0.0.181.1.1.01.1.1.11.14.14.11.2.0.181.2.3.410.0.0.010.0.0.110.112.112.11210.64.64.64118.214.227.190127.0.0.0127.0.0.2127.0.0.3172.16.0.254192.168.1.1192.168.1.2192.168.33.0192.88.99.1193.85.217.35195.7.77.17198.133.219.1932.3.4.12001:10::2001:db8::2001:db8:ff4e:11::82001:db8:ff4e:4::4202.176.208.143204.10.192.10204.10.192.8209.46.39.47220.130.117.214224.0.0.0224.0.0.251

7

Page 9: Firmware Analysis of Linksys E900 v. 1.0.09

240.0.0.03.4.5.63.4.5.73000::135.0.0.03ffe:506::3ffe:506::13ffe::5.100.138.115.110.27.06.0.9.066.114.168.18266.161.11.1166.161.11.666.35.253.18480.55.238.74::1b::dead:beed::dead:beef::f6BBB8::FEC0::FF02::1FF02::1:2FF02::2FF05::1:3fe80::fe80::0fec0::fec0::1ff00::ff02::1ff02::2ff02::9ff08::http://172.16.0.254/http://192.168.1.1/wepKeysB.htmhttp://255.255.255.255http://Linksys.tzo.comhttp://aresgalaxy.sf.nethttp://blizzard.com/http://checkip.dyndns.orghttp://chikka.comhttp://cisco.com/HNAPExt/HotSpot/http://citrix.comhttp://cvs.berlios.de/cgi-bin/viewcvs.cgi/gift-fasttrack/giFT-FastTrack/PROTOCOLhttp://developer.apple.com/quicktime/icefloe/dispatch028.htmlhttp://docs.freebsd.org/44doc/smm/12.timed/paper.pdf

8

Page 10: Firmware Analysis of Linksys E900 v. 1.0.09

http://docs.freebsd.org/info/uucp/uucp.info.The Initial Handshake.htmlhttp://docs.jquery.com/Licensehttp://download.macromedia.com/pub/flash/flash file format specification.pdfhttp://echo.tzo.comhttp://edonkey2000.comhttp://en.wikipedia.org/w/index.phphttp://en.wikipedia.org/wiki/SNMPhttp://en.wikipedia.org/wiki/Shareazahttp://ethereal.com/faq.htmlhttp://etherx.jabber.org/streamshttp://files.zeroconf.org/draft-ietf-zeroconf-zmaap-02.txthttp://forums.radiotoolbox.com/viewtopic.phphttp://freenetproject.orghttp://ftp.svbug.com/ftp/pub/manuals/pdf/smm.22.timed.pdfhttp://gd.tuwien.ac.at/opsys/linux/sf/p/pdonkey/eDonkey-protocol-0.6http://gkrellm.nethttp://goteamspeak.comhttp://gridley.res.carleton.edu/http://guildwars.comhttp://homepage.ntlworld.com/bobosola.http://imesh.comhttp://jabber.orghttp://jquery.com/http://l7-filter.sourceforge.net/http://linksys.com/HNAPExt/HotSpot/http://lists.sourceforge.net/lists/listinfo/l7-filter-developershttp://live365.comhttp://msdn.microsoft.com/library/default.asphttp://msnpiki.msnfanatic.com/http://msnpiki.msnfanatic.com/index.php/MSNC:MSNSLPhttp://mute-net.sourceforge.nethttp://netfilter.orghttp://ns.adobe.com/xap/1.0/http://ns.adobe.com/xap/1.0/mm/http://ns.adobe.com/xap/1.0/sType/ResourceRefhttp://oofle.com/filesharing.phphttp://opennap.sourceforge.net/napster.txthttp://osflash.org/flvhttp://pajhome.org.uk/crypt/md5http://pajhome.org.uk/site/legal.htmlhttp://poco.cnhttp://pp365.comhttp://pplive.comhttp://prdownloads.sf.net/l7-filter/http://pressplay.comhttp://protocolinfo.org/wiki/Armagetronhttp://protocolinfo.org/wiki/Audiogalaxyhttp://protocolinfo.org/wiki/Battlefield 2

9

Page 11: Firmware Analysis of Linksys E900 v. 1.0.09

http://protocolinfo.org/wiki/Battlefield 2142http://protocolinfo.org/wiki/FTPhttp://protocolinfo.org/wiki/HTTPhttp://protocolinfo.org/wiki/Torhttp://protocolinfo.org/wiki/iMeshhttp://purenetworks.com/HNAP1/http://replaytv.comhttp://rfc-gnutella.sf.net/http://sander.vanzoest.com/talks/2002/audio and apache/http://schemas.microsoft.com/office/2004/12/ommlhttp://schemas.microsoft.com/windows/2008/09/devicefoundationhttp://schemas.microsoft.com/windows/pnpx/2005/11http://schemas.xmlsoap.org/soap/encoding/http://schemas.xmlsoap.org/soap/envelope/http://sizzlejs.com/http://skype.comhttp://skype.com/http://slsknet.orghttp://snowman.net/projects/ipt recent/http://sourceforge.net/mailarchive/message.phphttp://sourceforge.net/tracker/index.phphttp://sscentral.comhttp://thecircle.org.auhttp://tor.eff.orghttp://us.trendmicro.com/us/partners/consumer/linksys/index.htmlhttp://ventrilo.comhttp://w3.orghttp://wwwhttp://www.100bao.comhttp://www.10jqka.com.cnhttp://www.applejuicenet.dehttp://www.bittorrent.comhttp://www.broadcom.comhttp://www.chinaunix.net/jh/4/914377.htmlhttp://www.cybertan.com.twhttp://www.dcpp.net/wiki/http://www.digitalpreservation.gov/formats/fdd/fdd000130.shtmlhttp://www.domain.dom/ca-crl.pemhttp://www.dynamicdrive.comhttp://www.dynamicdrive.com/http://www.dynamicdrive.com/dynamicindex8/dhtmlwindow/http://www.dyndns.orghttp://www.freesoft.org/CIE/Topics/126.htmhttp://www.freshdevices.comhttp://www.gamers.org/dEngine/quake/QDP/qnp.htmlhttp://www.gnutella2.com/tiki-index.phphttp://www.gw.com.cnhttp://www.hypothetic.org/docs/msn/client/file transfer.php

10

Page 12: Firmware Analysis of Linksys E900 v. 1.0.09

http://www.hypothetic.org/docs/msn/index.phphttp://www.iana.org/assignments/arp-parametershttp://www.iana.org/assignments/protocol-numbershttp://www.iana.org/assignments/socks-methodshttp://www.iana.org/cctld/cctld-whois.htmhttp://www.icann.org/tldshttp://www.icecast.orghttp://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-22.txthttp://www.ietf.org/rfc/rfc1006.txthttp://www.kugoo.comhttp://www.linksys.comhttp://www.linksys.com/http://www.linksys.com/support/E900http://www.linksysbycisco.comhttp://www.loria.fr/http://www.movspclr.co.uk/info/agprotocol.htmlhttp://www.msu.edu/http://www.neo-modus.comhttp://www.openssl.org/support/faq.htmlhttp://www.protocolinfo.org/wiki/100Baohttp://www.protocolinfo.org/wiki/AIMhttp://www.protocolinfo.org/wiki/AppleJuicehttp://www.protocolinfo.org/wiki/Areshttp://www.protocolinfo.org/wiki/Audiogalaxyhttp://www.protocolinfo.org/wiki/BGPhttp://www.protocolinfo.org/wiki/Battlefield 1942http://www.protocolinfo.org/wiki/Battlefield 2http://www.protocolinfo.org/wiki/Biffhttp://www.protocolinfo.org/wiki/Bittorrenthttp://www.protocolinfo.org/wiki/CIMDhttp://www.protocolinfo.org/wiki/CVShttp://www.protocolinfo.org/wiki/Chikkahttp://www.protocolinfo.org/wiki/Cisco VPNhttp://www.protocolinfo.org/wiki/Citrixhttp://www.protocolinfo.org/wiki/CodeRedhttp://www.protocolinfo.org/wiki/Counter-Strikehttp://www.protocolinfo.org/wiki/DHCPhttp://www.protocolinfo.org/wiki/DNShttp://www.protocolinfo.org/wiki/Day of Defeathttp://www.protocolinfo.org/wiki/Day of Defeat:Sourcehttp://www.protocolinfo.org/wiki/Dazhihuihttp://www.protocolinfo.org/wiki/Direct Connecthttp://www.protocolinfo.org/wiki/Doomhttp://www.protocolinfo.org/wiki/EDonkeyhttp://www.protocolinfo.org/wiki/Fasttrackhttp://www.protocolinfo.org/wiki/Fingerhttp://www.protocolinfo.org/wiki/Freenethttp://www.protocolinfo.org/wiki/Gkrellm

11

Page 13: Firmware Analysis of Linksys E900 v. 1.0.09

http://www.protocolinfo.org/wiki/GnucleusLANhttp://www.protocolinfo.org/wiki/Gnutellahttp://www.protocolinfo.org/wiki/GoBoogyhttp://www.protocolinfo.org/wiki/Gopherhttp://www.protocolinfo.org/wiki/Guild Warshttp://www.protocolinfo.org/wiki/H.323http://www.protocolinfo.org/wiki/HDDtemphttp://www.protocolinfo.org/wiki/HTTPhttp://www.protocolinfo.org/wiki/Half-Lifehttp://www.protocolinfo.org/wiki/Hotlinehttp://www.protocolinfo.org/wiki/IMAPhttp://www.protocolinfo.org/wiki/IPPhttp://www.protocolinfo.org/wiki/IRChttp://www.protocolinfo.org/wiki/Icecasthttp://www.protocolinfo.org/wiki/Identhttp://www.protocolinfo.org/wiki/Jabberhttp://www.protocolinfo.org/wiki/KuGoohttp://www.protocolinfo.org/wiki/LPDhttp://www.protocolinfo.org/wiki/Live365http://www.protocolinfo.org/wiki/Live For Speedhttp://www.protocolinfo.org/wiki/MSN Messengerhttp://www.protocolinfo.org/wiki/MUTEhttp://www.protocolinfo.org/wiki/Medal of Honor Allied Assaulthttp://www.protocolinfo.org/wiki/NBNShttp://www.protocolinfo.org/wiki/NCPhttp://www.protocolinfo.org/wiki/NNTPhttp://www.protocolinfo.org/wiki/NTPhttp://www.protocolinfo.org/wiki/Napsterhttp://www.protocolinfo.org/wiki/NetBIOShttp://www.protocolinfo.org/wiki/Nimdahttp://www.protocolinfo.org/wiki/OpenFThttp://www.protocolinfo.org/wiki/POPhttp://www.protocolinfo.org/wiki/PPLivehttp://www.protocolinfo.org/wiki/PcAnywherehttp://www.protocolinfo.org/wiki/Pocohttp://www.protocolinfo.org/wiki/Pressplayhttp://www.protocolinfo.org/wiki/QQhttp://www.protocolinfo.org/wiki/Quakehttp://www.protocolinfo.org/wiki/RDPhttp://www.protocolinfo.org/wiki/RTPhttp://www.protocolinfo.org/wiki/RTSPhttp://www.protocolinfo.org/wiki/Radminhttp://www.protocolinfo.org/wiki/ReplayTVhttp://www.protocolinfo.org/wiki/Rloginhttp://www.protocolinfo.org/wiki/Runes of Magichttp://www.protocolinfo.org/wiki/SIPhttp://www.protocolinfo.org/wiki/SMBhttp://www.protocolinfo.org/wiki/SMTP

12

Page 14: Firmware Analysis of Linksys E900 v. 1.0.09

http://www.protocolinfo.org/wiki/SNMPhttp://www.protocolinfo.org/wiki/SOCKShttp://www.protocolinfo.org/wiki/SSDPhttp://www.protocolinfo.org/wiki/SSHhttp://www.protocolinfo.org/wiki/SSLhttp://www.protocolinfo.org/wiki/STUNhttp://www.protocolinfo.org/wiki/Skypehttp://www.protocolinfo.org/wiki/Soribadahttp://www.protocolinfo.org/wiki/Soulseekhttp://www.protocolinfo.org/wiki/Subspacehttp://www.protocolinfo.org/wiki/Subversionhttp://www.protocolinfo.org/wiki/TFTPhttp://www.protocolinfo.org/wiki/TSPhttp://www.protocolinfo.org/wiki/TeamSpeakhttp://www.protocolinfo.org/wiki/Team Fortresshttp://www.protocolinfo.org/wiki/Telnethttp://www.protocolinfo.org/wiki/Teslahttp://www.protocolinfo.org/wiki/The Circlehttp://www.protocolinfo.org/wiki/Tonghuashunhttp://www.protocolinfo.org/wiki/UUCPhttp://www.protocolinfo.org/wiki/VNChttp://www.protocolinfo.org/wiki/Ventrilohttp://www.protocolinfo.org/wiki/Whoishttp://www.protocolinfo.org/wiki/World of Warcrafthttp://www.protocolinfo.org/wiki/X11http://www.protocolinfo.org/wiki/XBox Livehttp://www.protocolinfo.org/wiki/Xunleihttp://www.protocolinfo.org/wiki/Yahoo Messengerhttp://www.protocolinfo.org/wiki/ZMAAPhttp://www.qq.comhttp://www.realvnc.com/documentation.htmlhttp://www.roaringpenguin.com/http://www.rtsp.orghttp://www.rtsp.org/http://www.runesofmagic.comhttp://www.soribada.comhttp://www.speedbit.comhttp://www.tux.org/lkml/http://www.tzo.comhttp://www.ubiqx.org/cifs/SMB.htmlhttp://www.unixwiz.net/tools/pcascan.txthttp://www.upnp.org/download/draft cai ssdp v1 03.txthttp://www.valvesoftware.comhttp://www.venkydude.com/articles/yahoo.htmhttp://www.w3.org/1999/02/22-rdf-syntax-nshttp://www.w3.org/2000/xmlns/http://www.w3.org/2001/XMLSchemahttp://www.w3.org/2001/XMLSchema-instance

13

Page 15: Firmware Analysis of Linksys E900 v. 1.0.09

http://www.w3.org/TR/REC-html40http://www.w3.org/XML/1998/namespacehttp://xunlei.comhttp://yahoo.comhttps://controlpanel.tzo.comhttps://www.isc.org/software/dhcp/https://www.tzo.com/cgi-bin/Orders.cgi

14

Page 16: Firmware Analysis of Linksys E900 v. 1.0.09

Software Components (v. 0.4.1)

Time of Analysis 2020-05-20 14:11:16Plugin Version 0.4.1Summary BusyBox 1.7.2

Dnsmasq 2.78GNU Zebra 0.92aLinux Kernel 2.6.22OpenSSLOpenSSL 1.0.1jPoint-to-Point Protocol daemon 2.4.4SSLeay 0.8.1radvd 1.8.1udhcp 0.9.87

15

Page 17: Firmware Analysis of Linksys E900 v. 1.0.09

Crypto Hints (v. 0.1)

Time of Analysis 2020-05-20 14:11:21Plugin Version 0.1Summary BASE64 table

BLOWFISH ConstantsBig Numbers0Big Numbers1Big Numbers2Big Numbers3CRC32 poly ConstantCRC32 tableCRC32c poly ConstantDES LongRijnDael AESSHA512 ConstantsWHIRLPOOL Constants

16

Page 18: Firmware Analysis of Linksys E900 v. 1.0.09

Users And Passwords (v. 0.4.4)

Time of Analysis 2020-05-20 14:11:22Plugin Version 0.4.4Summary root

17

Page 19: Firmware Analysis of Linksys E900 v. 1.0.09

Crypto Material (v. 0.5.2)

Time of Analysis 2020-05-20 14:11:22Plugin Version 0.5.2Summary Pkcs8PrivateKey

SSLCertificateSshRsaPrivateKeyBlock

18

Page 20: Firmware Analysis of Linksys E900 v. 1.0.09

String Stats (v. 0.3.4)String Count 15843

19

Page 21: Firmware Analysis of Linksys E900 v. 1.0.09

Source Code Analysis (v. 0.4)

Time of Analysis 2020-05-20 14:11:24Plugin Version 0.4Summary Warnings in javascript script

Warnings in shell script

20

Page 22: Firmware Analysis of Linksys E900 v. 1.0.09

Input Vectors (v. 0.1.1)

Time of Analysis 2020-05-20 14:11:24Plugin Version 0.1.1Summary environment

fileipckernelnetworkrandomshellsignalstdintime

21

Page 23: Firmware Analysis of Linksys E900 v. 1.0.09

Init Systems (v. 0.4.1)

Time of Analysis 2020-05-20 14:11:24Plugin Version 0.4.1

22

Page 24: Firmware Analysis of Linksys E900 v. 1.0.09

Elf Analysis (v. 0.3)

Time of Analysis 2020-05-20 14:11:25Plugin Version 0.3Summary dynamic entries

exported functionsheaderimported functionslibrariessectionssegmentssymbols version

23

Page 25: Firmware Analysis of Linksys E900 v. 1.0.09

Cve Lookup (v. 0.0.4)

Time of Analysis 2020-05-20 14:11:25Plugin Version 0.0.4Summary BusyBox 1.7.2 (CRITICAL)

Dnsmasq 2.78GNU Zebra 0.92aLinux Kernel 2.6.22OpenSSL 1.0.1j (CRITICAL)Point-to-Point Protocol daemon 2.4.4 (CRITICAL)SSLeay 0.8.1

24

Page 26: Firmware Analysis of Linksys E900 v. 1.0.09

File System Metadata (v. 0.1)

Time of Analysis 2020-05-20 14:11:25Plugin Version 0.1

25

Page 27: Firmware Analysis of Linksys E900 v. 1.0.09

Exploit Mitigation (v. 0.1.2)

NX NX enabled (210)Canary Canary disabled (210)PIE PIE - invalid ELF file (27) PIE disabled (67) PIE enabled (116)RELRO RELRO disabled (207) RELRO fully enabled (3)

26

Page 28: Firmware Analysis of Linksys E900 v. 1.0.09

Cpu Architecture (v. 0.3.2)

Time of Analysis 2020-05-20 14:11:26Plugin Version 0.3.2Summary MIPS, 32-bit, little endian (M)

27

Page 29: Firmware Analysis of Linksys E900 v. 1.0.09

String Eval Stats (v. 0.2.1)String Count 15843

28

Page 30: Firmware Analysis of Linksys E900 v. 1.0.09

Qemu Exec (v. 0.5.1)

Time of Analysis 2020-05-20 14:11:35Plugin Version 0.5.1Summary executable

29

Page 31: Firmware Analysis of Linksys E900 v. 1.0.09

Hashes (v. 1.1)md5 b064e43f98a0780b50504125b48047c1ripemd160 e2c6cafb3d746553b13fd9eceb8c1221f79b7f33sha1 189f72aa336155b1188044f2f32c07ba203ee74fsha256 852031776c09f8152c90496f2c3fac85b46a938d20612d7fc03eea8aab46f23esha512 b87fd944ecab6dd3718706e484e7a4e9d9ed444f42799bea36ab8d1104637

088526bf75ca51b4bfed8adeaaf75b6999e6a355e3bacf39ac8df878c5fcd5c484c

30

Page 32: Firmware Analysis of Linksys E900 v. 1.0.09

Known Vulnerabilities (v. 0.2)

Time of Analysis 2020-05-20 14:11:40Plugin Version 0.2

31

Page 33: Firmware Analysis of Linksys E900 v. 1.0.09

Tlsh (v. 0.1)

Time of Analysis 2020-05-20 14:11:42Plugin Version 0.1

32

Page 34: Firmware Analysis of Linksys E900 v. 1.0.09

Cwe Checker (v. 0.4.0)

Time of Analysis 2020-05-20 14:11:43Plugin Version 0.4.0Summary CWE243

CWE332CWE457CWE676CWE782

33


ONE OF THE MOST RECOGNIZABLE ROUTERS€¦ · Linksys WRT1200AC Dual-Band Gigabit Wi-Fi Router Linksys AC2600 MU-MIMO Gigabit Router 2015 Linksys WRT1900AC Dual-Band Wi-Fi Router Linksys

ONE OF THE MOST RECOGNIZABLE ROUTERS€¦ · Linksys WRT1200AC Dual-Band Gigabit Wi-Fi Router Linksys AC2600 MU-MIMO Gigabit Router 2015 Linksys WRT1900AC Dual-Band Wi-Fi Router Linksys

Documents
Router Linksys

Router Linksys

Documents
Linksys E900 I Wireless-N300 Routercache- sheet_EN-ME_v2.pdf · Model Linksys E900 Technology Wireless-N Bands 2.4 GHz Transmit/Receive 2 x 2 Antennas 2 Internal USB Port No Ports

Linksys E900 I Wireless-N300 Routercache- sheet_EN-ME_v2.pdf · Model Linksys E900 Technology Wireless-N Bands 2.4 GHz Transmit/Receive 2 x 2 Antennas 2 Internal USB Port No Ports

Documents
Configuration Linksys

Configuration Linksys

Documents
Linksys E900 Wireless-N300 Routercdn- · Linksys E900 | Wireless-N300 Router The Cisco Advantage · Cutti ng edge technology from the networking leader · Best-in-class security ·

Linksys E900 Wireless-N300 Routercdn- · Linksys E900 | Wireless-N300 Router The Cisco Advantage · Cutti ng edge technology from the networking leader · Best-in-class security ·

Documents
Linksys AE1000 User Guide - Linksys - Wireless Routers ...downloads.linksys.com/downloads/userguide/... · Linksys AE1000 Chapter 3: Wireless Network Configuration High Performance

Linksys AE1000 User Guide - Linksys - Wireless Routers ...downloads.linksys.com/downloads/userguide/... · Linksys AE1000 Chapter 3: Wireless Network Configuration High Performance

Documents
PROMO Sennheiser E900 Reeks De E900 is Sennheisers top ... · PROMO Sennheiser E900 Reeks De E900 is Sennheisers top reeks microfoons. Vooral de drum- en ... sen-ew152g3-1g8 Head

PROMO Sennheiser E900 Reeks De E900 is Sennheisers top ... · PROMO Sennheiser E900 Reeks De E900 is Sennheisers top reeks microfoons. Vooral de drum- en ... sen-ew152g3-1g8 Head

Documents
1 Linksys Channel Partner Integration Cisco and Linksys – Solutions for SMB

1 Linksys Channel Partner Integration Cisco and Linksys – Solutions for SMB

Documents
EFAH16W LINKSYS

EFAH16W LINKSYS

Documents
Linksys WRT1900AC Dual-Band Wireless-AC Router Review Amazon | Linksys

Linksys WRT1900AC Dual-Band Wireless-AC Router Review Amazon | Linksys

Marketing
router-access.comrouter-access.com/files/manuals/cisco-linksys-e900-Manual.pdf · i Linksys EA-Series Contents Product Overview EA2700 . . . . . . . . . . . . . . . . . . . . .

router-access.comrouter-access.com/files/manuals/cisco-linksys-e900-Manual.pdf · i Linksys EA-Series Contents Product Overview EA2700 . . . . . . . . . . . . . . . . . . . . .

Documents
EtherFast - Linksys

EtherFast - Linksys

Documents
Sveasoft Manual Alchemy Firmware - Angelfire: Welcome … · Sveasoft Manual Alchemy Firmware For the Linksys WRT54G and WRT54GS wireless routers

Sveasoft Manual Alchemy Firmware - Angelfire: Welcome … · Sveasoft Manual Alchemy Firmware For the Linksys WRT54G and WRT54GS wireless routers

Documents
Linksys E900 Wireless-N300 Routerdownloads.linksys.com/downloads/others/1224687199647/E900_sell... · Linksys E900 | Wireless-N300 Router The Cisco Advantage · Cutti ng edge technology

Linksys E900 Wireless-N300 Routerdownloads.linksys.com/downloads/others/1224687199647/E900_sell... · Linksys E900 | Wireless-N300 Router The Cisco Advantage · Cutti ng edge technology

Documents
Linux on Linksys Routers - SLUUG · on Linksys firmware – one of the first 3rdparty firmware distributors. Ddwrt – based on Sveasoft's modifications of Linksys firmware. Pure

Linux on Linksys Routers - SLUUG · on Linksys firmware – one of the first 3rdparty firmware distributors. Ddwrt – based on Sveasoft's modifications of Linksys firmware. Pure

Documents
BRASIERA 80/100L E900 XP BRATT PAN 80/100L E900 XP

BRASIERA 80/100L E900 XP BRATT PAN 80/100L E900 XP

Documents
USER MANUAL EPIA-E900cdn.viaembedded.com/products/docs/epia-e900/user_manual/... · 2018. 6. 22. · EPIA -E900 User Manual iv Box Contents EPIA -E900 -12QE 1 x EPIA-E900 board 1

USER MANUAL EPIA-E900cdn.viaembedded.com/products/docs/epia-e900/user_manual/... · 2018. 6. 22. · EPIA -E900 User Manual iv Box Contents EPIA -E900 -12QE 1 x EPIA-E900 board 1

Documents
linksys - spa8000

linksys - spa8000

Documents
EKSA E900 Easy Edition User Manual

EKSA E900 Easy Edition User Manual

Documents
Linksys E-Series User Guide · Use Cisco Connect to manage your router 3 ... Advanced Configuration How to open the browser-based utility Linksys E900 4 Setup > Basic Setup Linksys

Linksys E-Series User Guide · Use Cisco Connect to manage your router 3 ... Advanced Configuration How to open the browser-based utility Linksys E900 4 Setup > Basic Setup Linksys

Documents
Linksys AC1200 Max Wifi Extender Review Amazon | Linksys

Linksys AC1200 Max Wifi Extender Review Amazon | Linksys

Marketing
ATA Linksys

ATA Linksys

Documents
Introducing the e900 series - LogiscenterMADE IN USA Simple. Clean. Flexible. Designed to give clinicians the needed flexibility in any environment. Introducing the e900 series Enovate

Introducing the e900 series - LogiscenterMADE IN USA Simple. Clean. Flexible. Designed to give clinicians the needed flexibility in any environment. Introducing the e900 series Enovate

Documents
Linksys NAS200

Linksys NAS200

Documents
Linksys antenas

Linksys antenas

Documents
Release Notes for Linksys SPA Firmware Releasee52587b8d6cec59e...Contents iv Release Notes for Linksys SPA Firmware Release 2.x Document Version 3.1 New Features and Enhancements (SPA9000)

Release Notes for Linksys SPA Firmware Releasee52587b8d6cec59e...Contents iv Release Notes for Linksys SPA Firmware Release 2.x Document Version 3.1 New Features and Enhancements (SPA9000)

Documents
FGHSAX1800 - Linksys

FGHSAX1800 - Linksys

Documents
LINKSYS SFE2000/SFE2000P FAST ETHERNET SWITCHstatic.highspeedbackbone.net/pdf/Linksys-SFE2000P-Manual.pdf · The Ethernet switch features monitoring and configuration via the Linksys

LINKSYS SFE2000/SFE2000P FAST ETHERNET SWITCHstatic.highspeedbackbone.net/pdf/Linksys-SFE2000P-Manual.pdf · The Ethernet switch features monitoring and configuration via the Linksys

Documents
Linksys E900 Wireless-N300 Router€¦ · Linksys E900 | Wireless-N300 Router The Cisco Advantage · Cutti ng edge technology from the networking leader · Best-in-class security

Linksys E900 Wireless-N300 Router€¦ · Linksys E900 | Wireless-N300 Router The Cisco Advantage · Cutti ng edge technology from the networking leader · Best-in-class security

Documents
Catálogo Linksys

Catálogo Linksys

Documents