Mobile carriers around the world often sell devices known as "network extenders," which are actually femtocells—small cellular towers that boost mobile signals in areas with poor or no coverage. These devices connect local mobile devices to the cellular network through the internet, providing a legitimate solution for expanding mobile connectivity.
You might recall that in the TV series Mr. Robot, Elliot and f/society re-engineered a femtocell to install malware on FBI agents' phones, allowing them to spy on calls and data. This wasn’t just fiction—it’s a real hack.
To re-engineer femtocells or other IoT devices, you'll likely need to replace their embedded Linux operating systems with your own custom version. Nearly all IoT devices run some form of lightweight Linux, designed to operate with minimal CPU and memory resources. Mastering Linux is therefore essential for anyone working in this space.
Since 2004, the OpenWRT project has been developing small, open-source operating systems for routers and other IoT devices. Familiarity with these embedded systems is crucial for those who want to hack or secure IoT devices.
What is OpenWRT?
The OpenWRT Project is an open-source initiative that develops lightweight Linux systems, mainly for routers and IoT devices. You can find more information on the project at www.openwrt.org.
To better understand how these systems work and to build our own custom versions, we’ll start by downloading OpenWRT and experimenting with it in a virtual machine environment.
Step 1: Download and Install OpenWRT
OpenWRT offers Linux images for a variety of platforms, many of which use specialized processors like Broadcom, Qualcomm, or Ralink, instead of the x86 or x64 CPUs typically found in personal computers. You can explore the complete list of supported platforms on the OpenWRT website.
To begin, we’ll focus on the x86 platform, which will allow us to run OpenWRT on standard hardware. Once we become familiar with how these systems operate, we can explore other platforms.
Start by downloading the x86 image from the link below:
After downloading, uncompress the image using the gunzip command:
gunzip openwrt-x86-generic-combined-ext4.img.gz
Step 2: Convert the Image to VMDK Format
Next, we need to convert this image into vmdk format, which is compatible with VMware. We’ll use QEMU (Quick Emulator) to do this. QEMU is a free and open-source emulator that mimics different hardware architectures, enabling various guest operating systems to run on a host machine.
Download QEMU with wget:
Then, extract the contents of the downloaded file:
tar xvJf qemu-8.1.0-rc2.tar.xz
Navigate to the extracted directory:
cd qemu-8.1.0-rc2
Configure and compile the QEMU software:
./configure make
Now, use QEMU to convert the OpenWRT image to vmdk format:
qemu-img convert -f raw -O vmdk openwrt-x86-generic-combined-ext4.img openwrt-x86-generic-combined-ext4.vmdk
Step 3: Running OpenWRT in VMware
Once the image is converted to the vmdk format, you can open it in VMware. Drag and drop the converted file from your host operating system into your virtual machine environment, and then launch it just like any other virtual machine.
Upon starting, you should see the OpenWRT splash screen, indicating that the installation was successful.
Conclusion
Understanding embedded Linux systems is critical for defending against IoT-related cyberattacks or building your own systems. OpenWRT is a prime example of an embedded system commonly used in devices like routers and femtocells. With the knowledge gained from working with OpenWRT, you’ll be better equipped to tackle the challenges of IoT security.
Author: David Freire - Sales Representative and Editor at Black Hat
Editor: Jordan Rodgers - Lead Technologist at Black Hat
コメント