BUUCTF------firmware

本文介绍了如何使用binwalk工具对bin文件进行解压,并通过chmod赋予文件权限。接着,利用firmware-mod-kit的unsquashfs_all.sh脚本对 squashfs 文件进行解压,找到后门软件。通过ida分析,发现软件带有UPX壳,经过脱壳处理后,进一步分析得到关键端口信息,通过MD5加密得到flag。整个过程是作者初次接触此类问题的学习与实践总结。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

1.拿到文件,发现是一个bin文件,使用虚拟机的binwalk对这个文件解压

binwalk来源

链接:https://pan.baidu.com/s/1uuwS0gkLUTsuYpjEeWH8rg 
提取码:zdft

或者

路由器逆向分析------binwalk工具的安装_Fly20141201. 的专栏-CSDN博客

解压的格式是

binwalk -e 文件名 

2.这个时候我们这个bin文件的文件夹里面就会出现另一个文件

我们这个时候就可以看到这个文件夹的右下角有一个类似于锁的东西

这是因为我们对这个文件的权限不够,我们没办法从里面拿出文件和把文件放进去,即只可读

那么该怎么办呢?

既然权限不够我们就给它权限

先输入su

### BUUCTF Firmware Resources and Information #### Overview of BUUCTF Firmware Challenges BUUCTF is a platform that offers various cybersecurity challenges, including those related to firmware analysis. The primary focus lies on understanding how embedded systems operate at the binary level and extracting useful data from them[^1]. #### Tools Utilization for Firmware Analysis For handling specific files like `120200.squashfs`, which represents a Linux compressed file system image, tools such as **Binwalk** and **firmware-mod-kit (fmk)** are essential. These utilities facilitate decompression and modification tasks necessary when dealing with firmware images. - Binwalk can scan through binaries looking for known patterns indicating different types of archives or filesystems. - Firmware-mod-kit provides scripts specifically designed to unpack certain kinds of firmwares commonly found within IoT devices[^2]. To utilize these tools effectively: ```bash # Install dependencies required by fmk under Ubuntu environment $ sudo apt-get install git build-essential zlib1g-dev liblzma-dev python-magic # Clone repository containing source code of firmware-mod-kit toolset $ git clone https://github.com/mirror/firmware-mod-kit.git # Navigate into cloned directory where sources reside $ cd firmware-mod-kit/src # Prepare project configuration followed by compilation process $ ./configure && make ``` This setup allows users not only to extract contents but also potentially modify existing structures inside given squashed FS images before repacking them back together again if needed[^3]. #### Additional Resource Links Beyond direct manipulation techniques mentioned above, exploring official documentation alongside community forums dedicated towards reverse engineering practices could provide further insights regarding advanced usage scenarios associated with similar projects hosted online.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

晓风.

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值