Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Using binwalk to analyze PLC firmware

See original GitHub issue

I was wondering if you have any information or have ventured into this area. I understand due to the critical nature of systems that implement PLCs that typically vendors try to keep people from reverse engineering their firmware. When I run binwalk on say this firmware. This is what I got from binwalk:

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
33131         0x816B          LZMA compressed data, properties: 0xD0, dictionary size: 1048576 bytes, uncompressed size: 13510798884208640 bytes
34035         0x84F3          LZMA compressed data, properties: 0xA2, dictionary size: 33554432 bytes, uncompressed size: 2732199881 bytes
341411        0x535A3         LZMA compressed data, properties: 0xD8, dictionary size: 8388608 bytes, uncompressed size: 110500231412449280 bytes

However, when these files are extracted using -Mre, all that I get out are files that are either empty or very small.

Issue Analytics

  • State:open
  • Created 6 years ago
  • Comments:7

github_iconTop GitHub Comments

2reactions
devttys0commented, Jul 6, 2017

Without knowing the architecture, IDA isn’t going to be much help. I haven’t used it, but you might try cpu_rec; it claims to be able to identify a wide variety of architectures by analyzing the raw binary data.

1reaction
ghostcommented, Jul 6, 2017

I tried running cpu_rect at it, and it’s giving me that it’s seeing SuperH architecture. Never heard of it, but it makes sense considering that the company is Automation Direct and SuperH was developed by Hitachi. Now to find a disassembler for it.

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             None (size=0xa800)
43008         0xA800          SuperH (size=0x3000)
55296         0xD800          None (size=0x800)
57344         0xE000          SuperH (size=0x5000)
77824         0x13000         None (size=0x2000)
86016         0x15000         SuperH (size=0x14800)
169984        0x29800         None (size=0x800)
172032        0x2A000         SuperH (size=0x2000)
180224        0x2C000         None (size=0x2000)
188416        0x2E000         SuperH (size=0x1800)
194560        0x2F800         None (size=0x1000)
198656        0x30800         SuperH (size=0x1800)
204800        0x32000         None (size=0x1000)
208896        0x33000         SuperH (size=0x800)
210944        0x33800         None (size=0x3800)
225280        0x37000         SuperH (size=0x2000)
233472        0x39000         None (size=0x800)
235520        0x39800         SuperH (size=0x7000)
264192        0x40800         None (size=0x1800)
270336        0x42000         SuperH (size=0xa000)
311296        0x4C000         None (size=0x4000)
327680        0x50000         SuperH (size=0x5000)
348160        0x55000         None (size=0x800)
Read more comments on GitHub >

github_iconTop Results From Across the Web

Analyzing firmware image using Binwalk | by Nishant Sharma
Binwalk is an open-source tool to analyze, reverse engineer, and extracting firmware images. It is written in Python.
Read more >
Short Tutorial: Firmware Analysis Tool Binwalk [Updated 2022]
Use : Analyze and extract firmware images and help in identifying code, files, and other information embedded in the binary image of firmware....
Read more >
Embedded Devices Security and Firmware Reverse ...
binwalk – Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse en- gineering of firmware images and...
Read more >
Towards Firmware Analysis of Industrial Internet of Things ( ...
tools such as OpenPLC, firmadyne, and QEMU to uncover hidden vulnerabilities, find ways to mitigate ... tomated firmware analysis on embedded systems, In-....
Read more >
Firmware Extraction Using BinWalk - YouTube
Firmware Extraction Using BinWalk | Firmware Analysis by LearninglynkLearningLynks India Pvt Ltd is Corporate training center in India.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Pip install causes: ModuleNotFoundError: No module named 'binwalk.core.version'

Next page

FiOS-G1100-Quantum-Gateway GPG Encrypted Firmware Identification/Decryption