Broken, Abandoned, and Forgotten Code, Part 6

[Zach C <uid000 () gmail com>]

Part 6 is live! We continue reversing the undocumented Netgear
firmware header by debugging the embedded HTTP server. We identify two
more fields, including an unknown checksum. A disassembly-to-python
reimplementation of the checksum algorithm is provided in this week's
update to the example code.
Here's a link:
http://shadow-file.blogspot.com/2015/05/abandoned-part-06.html

I forgot to include the link to part 5 in last week's message (whoops!):
http://shadow-file.blogspot.com/2015/05/abandoned-part-05.html

The goal remains to reverse engineer the firmware format so we can
generate a malicious firmware image to use when exploiting the
SetFirmware SOAP action described in parts 1-4.

If you missed my post to Full Disclosure where I introduced the
series, here's that:
http://seclists.org/fulldisclosure/2015/May/44

As always I welcome feedback via email or Twitter. I'm @zcutlip.

I hope you enjoy it!

Cheers,
Zach
-- 
:wq!

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/