HardBreak
GitHubDiscordLinkedInX
  • HardBreak - Hardware Hacking Wiki
  • Introduction
    • How to start
    • Methodology
    • Case Study (Led to a CVE Update)
      • General Case Study
  • Hardware Hacking
    • Introduction
    • Basics
      • Tools
        • Hardware Tools
          • Essential Tools
          • Soldering Tools
          • Logic Analyzer
            • Saleae Logic Analyzer
          • Open-Source Tools
            • Bus Pirate v3.6
            • Bus Pirate 5
            • GoodFET
          • Multimeters & Oscilloscopes
          • JTAG and SWD Debuggers
            • Segger JLink
            • TI CC-Debugger
          • UART-to-TTL adapter
          • Chip readers and programmers
            • Xgecu T56
        • Software Tools
          • Binwalk
          • Firmwalker
          • flashrom
          • Ghidra
          • OpenOCD
          • Mitmrouter
      • Common Hardware Components
      • Firmware Extraction Methods
      • Ethics
    • Reconnaissance
      • Closed device
        • OSINT (search the web)
        • USB Ports / SD-card
      • Opened device
        • Board Analysis
    • Interface Interaction
      • UART
        • Identify UART
        • Connect to UART
        • Extract Firmware using UART
      • I2C
      • SPI
        • Extract Firmware using SPI
      • JTAG/SWD
        • JTAG
          • Identify JTAG
        • SWD
        • Extract Firmware using JTAG/SWD
      • VE.Direct
    • Bypassing Security
      • Voltage Glitching
        • Example: LPC1768
      • Electromagnetic Fault Injection
    • Analyze Firmware
  • Network Analysis
    • Introduction
    • Reconnaissance
    • Protocols
      • WIFI
        • WEP
        • Deauthentication Attacks
      • Application Layer
        • Proprietary Protocols
          • Parrot Anafi Drone Reverse Engineering
        • MQTT
        • CoAP
        • Web Sockets
  • Radio Hacking
    • Introduction
    • Reconnaissance
    • Protocols
      • NFC
      • RFID
    • Tools
      • RF Signal Analyzers
        • RTL-SDR
        • HackRF
      • Flipper Zero
        • NFC
        • Sub-GHz
  • Contribute
    • How to contribute
    • Gitbook - Basics
      • Markdown
      • Images & media
      • Interactive blocks
  • About
    • Impressum – Legal Notice
    • Privacy Policy
    • Datenschutzerklärung
    • License
Powered by GitBook
On this page
  • Theory
  • Cheat Sheet
  • Installation
  • Usage
  • Example Command
  • Resources

Was this helpful?

Edit on GitHub
  1. Hardware Hacking
  2. Basics
  3. Tools
  4. Software Tools

Firmwalker

Theory

Firmwalker is an automated tool designed to aid in the analysis of extracted Linux-based firmware file systems. It quickly identifies critical information such as password files, SSH keys, and configuration files, making it a useful tool for pentesters and security researchers focusing on embedded devices and IoT security.

Key Features

  • Automated Scanning

    • Firmwalker parses through the entire extracted file system, looking for key files related to security, such as credentials, configuration files, and certificates.

  • Focused Output

    • It categorizes findings such as passwords, SSH keys, web server information, and more, making it easy to focus on potential vulnerabilities.

  • File System Search

    • Specifically designed for Linux-based firmware.

  • Text File Parsing

    • Extracts useful information from plaintext configuration files and scripts.

Cheat Sheet

# Clone the Firmwalker repository
git clone https://github.com/craigz28/firmwalker

# Navigate to the Firmwalker directory
cd firmwalker

# Run Firmwalker on an extracted firmware file system
./firmwalker /path/to/extracted/filesystem

Installation

To use Firmwalker, you’ll need to clone the repository and run the script on a pre-extracted file system from a firmware image. Here’s how to get started:

  1. Clone the repository:

    git clone https://github.com/craigz28/firmwalker
  2. Navigate to the firmwalker directory:

    cd firmwalker
  3. Ensure you have bash installed, as Firmwalker is a bash script.

Usage

To run Firmwalker, the firmware image must first be extracted (you can use a tool like Binwalk for this). Once extracted, you can point Firmwalker to the root of the file system:

./firmwalker <path_to_extracted_firmware>

Firmwalker will then parse the file system and output a categorized report of its findings.

What Firmwalker Looks For

Firmwalker automatically searches for the following types of files and data in the extracted file system:

  • Password Files: Looks for files such as passwd, shadow, and login.defs.

  • SSH Keys: Searches for private keys (id_rsa), known hosts, and other SSH configuration files.

  • Configuration Files: Identifies configuration files that may contain sensitive data, such as config, .conf, and .ini files.

  • Web Server Info: Looks for web server files such as nginx or httpd configuration files, and web root directories.

  • SSL Certificates: Finds SSL certificates and related private keys.

  • Scripts: Parses through shell scripts or other automation scripts that might reveal hardcoded credentials or system configurations.

  • Miscellaneous: Searches for any .sql files (databases), crontab files (schedules), and more.

Example Command

Once the firmware has been extracted, run the following command to analyze the file system:

./firmwalker /path/to/extracted/filesystem

The output will be a structured list of findings, highlighting the critical files and directories of interest.

Example Output

Firmwalker provides a categorized output similar to:

--- Password Files ---
/etc/passwd
/etc/shadow

--- SSH Keys ---
/root/.ssh/id_rsa

--- Configuration Files ---
/etc/nginx/nginx.conf

Additional Notes

  • Firmwalker works on an extracted file system, meaning you’ll need to extract the firmware first before running the tool.

  • The findings give a quick overview of critical files to investigate further, making it ideal for initial reconnaissance of firmware images.

Resources

PreviousBinwalkNextflashrom

Last updated 4 months ago

Was this helpful?

Firewalker Git repository