[angr] Inquiry on applying Angr to finding backdoor of some firmwares.
zardus at gmail.com
Tue Mar 8 00:16:04 PST 2016
Sorry for the laggy response; we've been a bit busy lately, but will try to
get back to you as soon as we have a chance to look at that firmware!
On Wed, Mar 2, 2016 at 11:12 PM, Dongwoo Kim <freefreek at gmail.com> wrote:
> I'm writing to get some information about Angr.
> First of all, I'd like to say that you have made a great tool set for
> binary analysis. I'm especially interested in finding backdoor in firmwares
> like an example 'fauxware'. I have installed Angr and tested it with
> fauxware. It works fine, which makes me excited.
> However, I have faced some problems while applying it to some binaries
> that have already known backdoors. I know that it is because I don't
> understand how Angr works inside. I think I need some time to understand
> Before I dig into it, I'd like to ask you how to use Angr to find
> backdoor of the attached binary which belongs to firmware of Access Point
> made by Chinese company. It was reported in 2014. (
> I extracted the problematic binary from the firmware. You can easily find
> the backdoor "netcore" in call_mptlogin function, which allows for remote
> At first, I tried to apply Angr to this binary by using an example of
> fauxware but I failed. I've attached solve.py that I modified as well.
> I have browsed all the examples but I couldn't get information that I need
> right now. I hope you figure out what problem is. I will be a good
> practitioner and I will participate in developing some part of Angr if
> possible. :)
> I'm looking forward to seeing your reply.
> Thank you for your time.
> Dongwoo Kim
> angr mailing list
> angr at lists.cs.ucsb.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the angr