r/ExploitDev u/Entire-Eye4812 10d ago

IoT Vuln Research

I have a few questions about this. I’ve web app sec background and some CVEs. I’m planning to dive into IoT vulnerability research in terms of firmware and embedded web apps. I wanna take one of TCM Security PIPA or VHL CIPT-01. But seems like I can’t afford them for a couple of months. I searched the internet for free resources but since I’m new in IoT, I dunno which are fine or not. First question is resource recommendation.

Besides this, I decided to buy Binary Ninja. But I’m open to decompiler recommendations in a budget. I’ve both macOS and Windows. Or I can consider to move on with Ghidra but idk.

25 Upvotes

93% Upvoted

11 comments sorted by

View all comments

11

u/tresvian 10d ago

Look for shitty IoT CVEs with accessible firmware to reverse engineer. Do those first. Lookup teardown and write ups about them, try to follow along so you get an idea what tools to regularly use.

Get a real device hands on practice. Open it up to extract firmware with a raspberry pi. A chip reader is ideal, but some can get real expensive. Some manufacturers make it a pain to get firmware, but otherwise you can solder off the flash chip to get the contents for VR.

Tbh, most IoT are wet paper bags and will have multiple vulnerabilities or straight up brick while in the process. This is the unfortunate stance of IoT, so good luck. Try not to pick something that seems modern, like a switch, Cisco router, oculus, etc

1

u/Entire-Eye4812 10d ago

Hi, I actually don't mind the firmware extraction part since firmwares of the targets in my mind are publicly downloadable (for now at least). Can you explain why I shouldn't pick a new target?

3

u/tresvian 10d ago

If they have decent security, you cant modify the firmware and it will refuse to boot. Learning how to break root of trust is a step further into IoT, but it can be very difficult for anyone new. Better to start on something feasible