Now that we know how to reverse engineer firmware and extract the filesystem from it, in this section, we will look at the filesystem contents and perform additional vulnerability analyses on it. This will help us gain a deeper understanding of how to find security issues in firmware images, using which, we will be able to compromise an IoT device.
There are two approaches to analyzing filesystem contents:
- Manual analysis.
- Automated tools and scripts.
In this approach of hunting for vulnerabilities within the firmware filesystem content, we perform analysis of the various files and folders present in the filesystem. This could range anywhere from looking at the configuration files, web directories, password files, hunting for backdoors, and so on. This is an ideal way of discovering vulnerabilities in the given firmware, and will be our focus for this section.