Journey from nothing to OSCP

startx Well if your have been into hacking since around 2012 you know the above headline is a linux command. I got taste of hacking/cybersecurity when I was very young teen. Teen from a middle class family who can’t afford to have internet connection over WiFi. Since in early days in India before Jio was a thing internet connection prices were high and one can only go to cyber cafe for 2-3 hours to surf internet....

June 30, 2020 · Chirag Jariwala

My review on Centrifuge a firmware analysis platform by ReFirm Labs

Story It was yet another boring day in COVID-19 lockdown and I was checking my Linkedin. Did not knew small surprise connection request is waiting. It was from one of the Co-founders of ReFirm Labs Mr. Terry Dunlap. Without hesitation I accepted request and started talking, he has very humble personality with years of experience in cybersecurity. In between conversation I mentioned binwalk and that I use it for day to day manual firmware analysis....

May 21, 2020 · Chirag Jariwala

An overview on writing ARM shellcode

\0x53\0x54\0x41\0x52\0x54 Last month was really productive month that I had in my life after college graduation, I end up learning so many new things also did hands on session on CAN-bus forensics with one of the oldest hacker community called Garage4Hackers. Alongside that I learned a lot about ARM architecture from Azeria with her blog. Also lot’s stuff related to learning ARM assembly is available online that’s why I am not gonna write entire blog series ARM assembly instead in this article I will just walkthrough ARM shellcoding subject from an introduction point of view....

October 22, 2019 · Chirag Jariwala

ARM and MIPS emulated lab setup for IoT security in Qemu

Backstory After poking around entire internet for a month, I finally managed to learn how Qemu works in general. There already lots of tutorial out there on how to setup ARM and MIPS based machines inside Qemu but I personally feel those are incomplete guides and does not touch the subject deeply. So that’s exact reason for wirting this article giving clear explanation about everything you will need to know inorder to have ARM and MIPS based Qemu virtual machine with full NAT networking support....

September 26, 2019 · Chirag Jariwala

CAN-bus protocol pentesting and forensics

Introduction CAN (Controller Area Network) is a vehicle bus protocol standard which allows microcontrollers and ECU (electronic control units) to communicate which each other without a host computer. It is a message-based protocol, designed originally for multiplex electrical wiring within automobiles to save on copper, but can also be used in many other contexts. But why CAN you may ask, because it’s low-cost error less since via single CAN interface ECU can communicate with each through the centralized system with less wiring involved and data is transferred over digital signal instead of analog so it reduces chances of error occurrence....

August 17, 2019 · Chirag Jariwala

Reading data from EEPROM without desoldering

Introduction In IoT/Hardware security it is common practice of dumping firmware/bootloader data inorder to perform reverse engineering for closed source system applications. Well known easiest way is to download .bin/.zip (packed firmware) files from device manufacturer’s website which they provide to end users for firmware upgrade operations. And later us hackers/security researchers throw these files to reverse engineering softwares such as binwalk to check it’s contents and extract the needed stuff....

July 17, 2019 · Chirag Jariwala

UART using Bus Pirate

title: “Mqtt pwn” date: “2018-05-06” tags: [“GPS data leak”, “MQTT”, “IoT”, “Cybersecurity”] description: “GPS data leak from in owntracks due to CVE-2017-7650 and poor ACL config in MQTT brokers” ShowToc: true TocOpen: false Introduction UART stands for Universal Asynchronous Receiver/Transmitter. It’s not a communication protocol like SPI and I2C, but rather a physical circuit which transmits and receives serial data. UART transmit data asynchronously, which means there is no clock signal to synchronize the output of bits from the transmitting UART to the sampling of bits by the receiving UART....

April 9, 2019 · Chirag Jariwala

Mqtt pwn

Previously I was working on university minor project (IPS system for IoT devices). So, I have picked up CVE-2017-7650 to define snort rule for it. I was thinking how someone can leverage this silly vulnerability and I asked my self in current IoT space what kind of data can compromise user’s privacy. Yes, it is GPS data. I am big fan of Python programming and wanted to use it’s power, so I wrote to small python scripts which gathers list of IP addresses from Shodan API, tries to connect on those IPs as MQTT client....

May 6, 2018 · Chirag Jariwala