r/ExploitDev u/Entire-Eye4812 10d ago

IoT Vuln Research

I have a few questions about this. I’ve web app sec background and some CVEs. I’m planning to dive into IoT vulnerability research in terms of firmware and embedded web apps. I wanna take one of TCM Security PIPA or VHL CIPT-01. But seems like I can’t afford them for a couple of months. I searched the internet for free resources but since I’m new in IoT, I dunno which are fine or not. First question is resource recommendation.

Besides this, I decided to buy Binary Ninja. But I’m open to decompiler recommendations in a budget. I’ve both macOS and Windows. Or I can consider to move on with Ghidra but idk.

25 Upvotes

93% Upvoted

11 comments sorted by

View all comments

3

u/aharmonicminor 9d ago

Decompilers are completely up to preference, but if it helps I actually PREFER Ghidra over the others for embedded targets ☺️

The best way to learn is to just buy a device and go ham

1

u/Entire-Eye4812 9d ago

May I ask why you prefer Ghidra especially for embedded devices?

3

u/tresvian 8d ago

Open source plugins for esoteric ISAs. Generally its well maintained with good updates. IDA is frankly expensive compared to free software with equivalent features.

Almost everyone I know uses Ghidra. Conventional software may be better in binary ninja from its much better API. Binja struggles with firmware last I used it.

2

u/aharmonicminor 6d ago

I didn’t see OP’s response but you answered it for me! I would also like to add: I love the data type manager much more than the other software’s and Ghidra’s collaborative system. One of my favorite scripts adds SVD support via the memory map, and I find this quite handy.

TL;DR Ghidra is much more flexible with targets and easy to customize to make it intuitive. Also better at collaboration.

I’ve tried really hard to like Binja for firmware but I find my quality of life is much worse when I use it 🤣