A ToolSet for VxWorks Based Embedded Device Analyses.
Readme in other languages: English, 简体中文
The firmware analyze tool is plugins written in Python, mainly used for analyze firmware loading address, fix function name with symbol table and etc.
supported reverse tool:
Tested firmware:
How to use VxHunter firmware tools in Ghidra
After execute vxhunter_firmware_init.py
, we can use vxhunter_analysis.py
script to analyze VxWorks firmware.
This script will search hard coded accounts, compiled in services and some other info.
How to use VxHunter firmware tools in Radare2
The serial debugger tool is written in Python and based on VxWorks command line, usually we can get that command line from VxWorks device using serial port.
The serial debugger tool using memory read/write command to inject debugger shellcode into targat system, the shellcode is dynamic generation by keystone-engine.
It's similar to inline hook, if target hit the breakpoint, it will jump to debugger shellcode and waiting for other debug command.
The serial debugger tool support functions:
This is an example script to debug CVE-2018-19528 vulnerability on TP-Link TL-WR886N-V7 deivce with Firmware V1.1.0.
Serial Debugger Example Script
Demo Video