piątek, 12 czerwca 2020

Reversing Drones - quick intro

Last time I decided to finaly check some 'other machines' too - the flying one - drones ;). Below you will find few (first) notes about it. Here we go...

Today we'll start here:




...because the very first one of the drones I tried was indeed Wingsland 6S. ;)

My first guess (when I was still waiting for the machine) was to: check the 'mobile app' available online. I will need to install it anyway... so let's not waste our time, right? ;)

We should be here:


After downloading the app to my Kali VM I used apktool to decompile it:


I was wondering if the code is obfuscated somehow and/or if I'll be able to read it...

I'll let you guess:

(:

So I continued reading (extracted) files and directories...


... and this is what I found:

Lua language: 


So I will leave you here for a while. Now we should be here:


Looks like some hm... 'new code' ;] something I wish to see over my had 'flying' around... ;]

For sure. Let's move forward:


It was a time for our nice friend - binwalk:


So after a while we should be here, reading found binaries with Ida:

 

I decided to follow that hint and I scanned the host using nmap:

 

Hmm... telnetd found open 'on the drone'? It's hard to not to check it ;D


At this stage I started to look around to see what else I can find inside the drone: 


Scan was finished at this time - results below:


So I decided to go back to the strings. ('More strings should be more hits' so...) Now we are here:


Ok, when I saw it's related to RTSP I decided to google a bit again and this is how I found this page:



TL;DR - basically ;] this page told me again that I need to read and learn a lot, lot more about the drones I'd like to play around - it's a long way to the top, isn't it? ;)

 

So I started with 3D/Cocos - checking the details:

 

So after a while I tried to download more and more binaries from the drone to check it later with Ida:


In the meantime I found that there is a httpd server so I started it to check what's there:


As you can see I grabbed few more binary files and started to check httpd with gobuster:


When gobuster was going to 10% of the scan - httpd was closed by the target host. I was wondering why:


Ok, so I switched to another binary found on the drone - youtube_live:

Hint from Ida:

(...  and I will just leave it here like this ...)

...because it looks like someone is still there... ;] waiting for us:


So ;] it looks like a cool story for another evening! ;)



Special thanks goes to my Patreon: Daniel.
You are AWESOME! ;)


See you next time!

Cheers











Posted by at
Labels: , , , , , , ,

Brak komentarzy:

Prześlij komentarz

Subskrybuj: Komentarze do posta (Atom)