Reassembling Sniffed Firmware or a Binary With Scapy
Adam Pridgen (apridgen) <adam pridgen gmailcom> |
Friday, June 6 2008 03:50.21 CDT |
So, I got bored one night (or morning depending on your perspective), and I decided to sniff the firmware upgrade process for my network printer, Fun! :) I used Wireshark (yeah my tcpdump foo is bar) to isolate the TCP stream between the VM upgrading the firmware and the printer and saved the pcap.
I have been meaning to play with Scapy for quite some time, so I fired up ipython and in about 20 minutes I had a quick script to extract the data I needed. The script is pretty basic and may not work in all cases, but I figured I'd document somewhere just in case or someone else might need it in the future.
# IP Address of the VM sending the upgrade
src="192.168.44.128"
f = "captured_firmware_upgrade.pcap"
pcap = rdpcap(f)
data = ""
for packet in pcap:
il = packet.getlayer("IP")
if il.src != src:
continue
tl = packet.getlayer("TCP")
# check for data in the payload, if not skip the packet
if isinstance(tl.payload,scapy.NoPayload):
continue
data += str(tl.payload)
# write our raw data file
f = open("raw_data.dat", 'w')
f.write(data)
f.close()
Hope it helps someone in the future :)
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |