Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In our previous posts, we covered how to achieve access to flash memory and how to extract file system data from the device. In this post, we'll cover how to modify the data we've extracted.
Modify extracted file systems data
Now that you have unsquashfs'd the Squash file system, the next step is to take a look at the extracted file system and its general structure. In our example, the unsquashed file system is located at /root/Desktop/Work/squashfs-root. To see the structure, while in the folder /Desktop/Work, you can run the following command to change director and then list the file and folders:
cd squashfs-rootls -alAs you can see, we have unpacked a copy of the squash file system containing the embedded Linux root file system that was installed on the cable modem for the ARM processor.
The next goal will be to make the following three changes so we can eventually gain access to the cable modem via SSH:
Create or add a dropbear_rsa_key to squashfs.Remove symbolic link to passwd and recreate it.Modify the inittab file to launch dropbear on startup.To make these changes, you will first need to change the directory to the squashfs-root folder. In our IoT Village exercise example, that folder was “~/Desktop/Work/squashfs-root/etc", and the attendees used the following command:
cd ~/Desktop/Work/squashfs-root/etcIt is critical that you are in the correct directory and not in the etc directory of yo ..
Support the originator by clicking the read the rest link below.
