Modifying Embedded Linux Devices
Mon, 2007-08-13 12:55
Topic(s):

Most techs know that you can build your own firmware for embedded Linux devices.  I've used custom images for the NSLU2 to make it into a better fileserver.

The best Linux hardware hack out there in my opinion is Silica.  Yes, it's pay-to-play so I'm only half-serious when I ask for one for Christmas (please, please, please, it's even better than getting a pony).  But really what you're getting is Immunity's intellectual property in a box and a couple hours of in-person training.

At the heart of what I really want to do is to hack the Yoggie and turn it into an attack platform.  Then it's a small-form-factor USB hack device.  That has tons of potential.

While looking around at custom Linux firmware, I came across OpenWRT.  This is good stuff--basically it's a base OS install with packages for common software that you would find in a distribution.  The idea is that you can take your NSLU2, add some hard drives and custom firmware, and have a bittorrent seeder.

But dig down inside the packages repository and you'll find some of my favorite software:  dsniff, nmap, aircrack, kismet, and netcat.  I can't really think of a good reason to have these packaged unless you're planning offensive actions.  Of course, I like this.  It makes it possible to build your own version of Silica in a form-factor that nobody suspects.

The good people at The Hacker Pimps took OpenWRT, some of the prepackaged software, and some scripting know-how and made FairuzaWRT (PDF Link, hacker humor which might be considered crude).  It's mostly what I was thinking of doing.  The nice thing is that the Linksys WRT54G is everywhere--I have 3 of them at work and one at home.

Where am I going with all of this?  Well, the bottom line is the following:

  • If it can be customized, it can be hacked
  • If it can be hacked, it can be turned into an attack platform
  • Servers are getting smaller and smaller
  • Embedded attack platforms change the game
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast