Jump to content
Tuts 4 You

Binary Patching a Firmware Image In Order to Hook Into its EP


Recommended Posts


Full SOURCES and set of tools can be DOWNLOADED FROM HERE .

A PDF created from the website article is attached for the convenience of the readers.

PRACTICAL uses : The principles discussed can be used for reversing the firmware of Routers, Dongles etc etc.

Please note that while the author has focussed on firmware which is Open Source, the same principles can also be used for Closed-Source Firmware.



In this post, we will be binary patching a firmware image in order to hook into the entry point.

This is common practice when we are Reverse Engineering binary firmwares in an attempt to discover the interactions between machine code and hardware functionality.

For the purposes of this post, we will be redirecting the control flow to custom injected code after which the original control flow will be restored.

This post will take you through the tools and techniques we leverage in to order to instrument a binary image.

It is very useful to use a tool that helps with the patching.

We decided to use Capstone and Keystone to do perform the disassembly and assembly that is necessary.




Firmware Hooking - Using Capstone and Keystone.pdf

  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...