.I was wondering if anyone here has experience in reversing and generally making sense of the software running on embedded systems? Personally, I want to figure out what is running on standalone VoIP phones but I would imagine the principles are the same from analysing anything from toasters to mp3 players.
At the moment my questions extend to...
1. How do I figure out what OS is running? For Cisco VoIP phones I think this is some sort of VxWorks derivative but that is based entirely on hear-say
2. What is the best way to go about analysing this software. Is it best to start by grabbing some sort of firmware install, tossing it into IDA and working from there or is there a better way?
3. If firmware + IDA is the way to go, are there any decent tutorials on where to start? Having an asm disassembly is great and all but it's not much use if you've no idea what the hell you're looking at. I'm fairly experienced with REing ELF and PE binaries but I know nothing at all about the internal workings of the software running on such devices.
I'm going to have a look at some of the blackhat/defcon talks on analysing Cisco IOS soon-ish in the hope that they have a methodology that might/might not be applicable. We'll see.....
Bleh,
nnp
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}