Overview
Syllabus
Introduction
Disclaimers
About me
Battle plan
Extracting Firmware
Shell
Device Profile
Device Content
Cleanup
Load in Gydra
R2 Pipe
Function Offsets
Broadcom
Firmware dump
Header format
Program store
Plan
Signature Libraries
Function ID databases
Functions signatures
Function tracing
Function naming
Vtable
Rename Vtables
Address of vectors
Data segment identification
Firmware Offset
Stack Location
Stack Base Address
Memory Map
Memory Map offsets
Bugs
Memory Corruption
Store Copy
Parental Control Page
Storycuts
Heap Overflow
Device Crash
Drop Chain
Recap
Netgear
Exploit
Shellcode
Linker
Persistence
Implant
Bootkit
Persistence Demonstration
Recommendations
IP Manager
Future work
Open source
References
Taught by
BruCON Security Conference