Valerio Di Giampietro

I did a workshop, at the Hacktivity 2019 - IT Security Festival on 25th and 26th October 2019 about "Introduction to IoT Reverse Engineering with an Example on a Home Router".
Here you can find:

Presentation

• The presentation in pdf format, in the last pages of the presentation you will find the links to everything I talked about;

GitHub repositories related to the Home Router Example

• hacking-gemtek: the complete reverse engineering project for the home router example, a Gemtek home router (WVRTM-127ACN), distributed in Italy by Linkem, with the purpose to modify the firmware, gain root access, recover default WiFi password.
• adbtools2: tools related to another reverse engineering project, for hacking ADB Epicentro routers (the example home router), including firmware modification kit and VOIP password recovery;
• Buildroot-armv7: a set of scripts, configuration files and Buildroot external tree to setup a Qemu emulation environment to run and reverse engineer the Netgear DVA 5592 executables. This environment uses Docker, Buildroot and Qemu to emulate a board with an ARMv7 Cortex A9 processor, Linux kernel 3.4.11-rt19, uClibc 0.9.33.2, and old versions of other libraries.

Reverse engineering and physical disassembly

• Introduction to reverse engineering, Mike Anderson, Embedded Linux Conference 2018, slides and video;

Recommended Books

• Chris Simmonds - Mastering Embedded Linux Programming - Second Edition - Packt Publishing 2017;
• Norman Matloff , Peter Jay Salzman - The Art of Debugging with GDB, DDD and Eclipse - NO STARCH PRESS 2008;

Hardware tools

• Bus Pirate;
• Jtagulator;
• J-Link Debug Probes;
• Bus Blaster;

JTAG and UART interfaces

• Popular pinouts;

Software

• Buildroot;
• Putty terminal emulator;
• OpenOCD (Open On-Chip Debugger) provides debugging, in-system programming and boundary-scan testing for embedded target devices;
• Wireshark, network protocol analyzer;
• Binwalk, firmware analysis tool;
• Jefferson, JFFS2 filesystem extraction tool.

Reverse Engineering Open Source software

• Radare2, a portable reversing framework
• Ghidra, a software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

I did a presentation, in Italian (see below for similar presentation in English), at the RomHack 2019 - Cyber Security Conference on 28th September 2019 about "Reverse Engineering of IoT devices: Hack a Home Router".
Here you can find:

Presentation

• The presentation in pdf format, in the last pages of the presentation you will find the links to everything I talked about;

GitHub repositories related to the Home Router Example

• adbtools2: tools for hacking ADB Epicentro routers (the example home router), including firmware modification kit and VOIP password recovery;
• Buildroot-armv7: a set of scripts, configuration files and Buildroot external tree to setup a Qemu emulation environment to run and reverse engineer the Netgear DVA 5592 executables. This environment uses Docker, Buildroot and Qemu to emulate a board with an ARMv7 Cortex A9 processor, Linux kernel 3.4.11-rt19, uClibc 0.9.33.2, and old versions of other libraries.
• hacking-gemtek another reverse engineering project for a Gemtek home router (WVRTM-127ACN), distributed in Italy by Linkem, with the purpose to modify the firmware, gain root access, recover default WiFi password.

Reverse engineering and physical disassembly

• Introduction to reverse engineering, Mike Anderson, Embedded Linux Conference 2018, slides and video;

Recommended Books

• Chris Simmonds - Mastering Embedded Linux Programming - Second Edition - Packt Publishing 2017;
• Norman Matloff , Peter Jay Salzman - The Art of Debugging with GDB, DDD and Eclipse - NO STARCH PRESS 2008;

Hardware tools

• Bus Pirate;
• Jtagulator;
• J-Link Debug Probes;
• Bus Blaster;

JTAG and UART interfaces

• Popular pinouts;

Software

• Buildroot;
• Putty terminal emulator;
• OpenOCD (Open On-Chip Debugger) provides debugging, in-system programming and boundary-scan testing for embedded target devices;
• Wireshark, network protocol analyzer;
• Binwalk, firmware analysis tool;
• Jefferson, JFFS2 filesystem extraction tool.

Reverse Engineering Open Source software

• Radare2, a portable reversing framework
• Ghidra, a software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

I did a presentation at the Hack in Paris 2019 - Cyber Security Conference on 19th June 2019 about "Introduction to IoT Reverse Engineering with an example on a home router".
Here you can find:

Presentation

... Read more

I did a presentation at the LinuxLab Conference on 3rd December 2018 about "Introduction to IoT Reverse Engineering with an example on a home router". You can find:

• the presentation in pdf format, in the last pages of the presentation you will find the links to the tools mentioned in the presentation
• abdtools2: tools for hacking ADB Epicentro routers (the example home router), including firmware modification kit and VOIP password recovery
• buildroot-armv7: a set of scripts, configuration files and Buildroot external tree to setup a Qemu emulation environment to run and reverse engineer the Netgear DVA 5592 executables. This environment uses Docker, Buildroot and Qemu to emulate a board with an ARMv7 Cortex A9 processor, Linux kernel 3.4.11-rt19, uClibc 0.9.33.2, and old versions of other libraries.

GNS3 is a fantastic piece of software, it glues together different open source software and allows to emulate a network that includes Cisco routers (using real Cisco firmware), Cisco switches (using IOU, Cisco IOS on Unix), Cisco ASA and any other devices that can run on Qemu or Virtual Box emulator.

It also allows to connect the virtual network to the physical network, it is possible to access Internet in the emulated world and vice-versa. GNS3 is available on Windows, Mac OSX and on Linux, but it shines on Linux because, to use IOU, if you are not on Linux you need a Linux virtual machine running on VirtualBox.

But, because GNS3 glues together many moving parts, it can be troublesome to install everything and to have everything working seamlessly, for this reason i created a Docker image with everything installed, functioning and ready to be used on Linux (or in a Linux virtual machine running in Windows or Mac OSX).

Docker is another fantastic piece of software that, together with CoreOS and other cloud orchestration projects, like Google's Kubernetes, is one of the building blocks for the incoming Cloud Revolution.
... Read more

I am not a fan of Microsoft products, I don't like their complexity and the "dangerous by design" philosophy; recently I switched company and I am involved in implementing a data center for a public institution based primary on Microsoft Technology. One of this product is Microsoft Exchange; after many years of Unix System Management experience I didn't believe how flawed Exchange was until I red by myself the official Microsoft Exchange documentation (Microsoft Exchange Server 2003 Resource Kit).
Some items that really surprised me are the followings:
... Read more

The increase of Spam is a trend that started few years ago and it is continuously expanding, but to fight it there is plenty of good Open Source software. To use it effectively, anyway, it is needed a good knowledge of how spam floods our inboxes.

How spammers collect email addresses

The most used address gathering technique is using virus and spyware software that, without user awareness, gather email addresses from Outlook (or other email software) address-books and send this information to the spammers. Another popular address gathering technique is that of using web spiders to collect email addresses from web pages and newsgroups.
... Read more

Thank you very much to the listeners of my italian language podcast "Notizie Digitali" (Digital News), you have been so many that my show has reached the second position in the "Top 10" of the italian iTunes Music Store.
For me this is a great and unespected result. I never expected to see that in so short time I was able to be head to head with the briallant journalists of "La Repubblica" and with the italian podcast pioneers like "Radio NK" and "Toilettecast" or with the very popular italian singer Max Pezzali.
This success will push me to improve my show, but will also create some problems; the first one is that the available bandwidth with the hosting company is not enough.

My first podcast is online. It is in Italian langage (my mother tongue language), his title is "Notizie Digitali" ("Digital News") and it is available on www.audiocast.it.
The content of the podcast is technological news that, in my opinion, are really important. Few weeks ago I registered the domain audiocast.it with the purpose of using it for publishing my podcasts and to put there informations and links on how to make and listen to podcasts.
Everything, however, is in italian language.

English is not my mother tongue language so I tried to learn it, possibly having fun in the process. At the beginning there was no fun, I studied it in high school but I didn't have occasions to practice it, so it was quite boring. Later, when I moved to the University of Ancona to study Electronic Engineering, I found that computer/software related documentation and some textbooks were available only in English. Later, when I starded working in a big corporation, I was forced to use english to communicate with non Italian speaking collegues, customers and suppliers.

... Read more