Reverse Engineering Hanwha Security Camera Firmware File Decryption with IDA Pro

By /

Listen to this Post

Featured Image
Decrypting firmware is a critical skill in IoT security research, enabling deeper vulnerability analysis and exploitation. In this article, we’ll explore practical steps for reverse engineering firmware decryption, inspired by Matt Brown’s research on Hanwha security cameras.

You Should Know:

1. Extracting Firmware from the Device

  • Use `dd` or `binwalk` to extract firmware from flash memory: 
    binwalk -e firmware.bin
  • For physical extraction, connect via UART/JTAG and dump flash: 
    flashrom -p linux_spi:dev=/dev/spidev0.0 -r firmware_dump.bin

2. Identifying Encryption Mechanisms

  • Analyze strings in the binary for encryption hints: 
    strings firmware.bin | grep -i "aes|des|rsa|crypto"
  • Use IDA Pro to disassemble the firmware and locate decryption routines.

3. Decrypting Firmware with Python

If AES is detected, use this Python snippet to decrypt: 

from Crypto.Cipher import AES 
import binascii

key = binascii.unhexlify("INSERT_KEY_HERE") 
iv = binascii.unhexlify("INSERT_IV_HERE") 
cipher = AES.new(key, AES.MODE_CBC, iv) 
decrypted = cipher.decrypt(open("encrypted_firmware.bin", "rb").read()) 
open("decrypted_firmware.bin", "wb").write(decrypted)

4. Analyzing Decrypted Firmware

  • Use `file` to check file type: 
    file decrypted_firmware.bin
  • Mount SquashFS filesystems: 
    sudo mount -t squashfs decrypted_firmware.bin /mnt/firmware -o loop

5. Hunting for Vulnerabilities

  • Search for hardcoded credentials: 
    grep -r "admin|password|root" /mnt/firmware
  • Check for outdated binaries: 
    find /mnt/firmware -type f -exec file {} \; | grep "ELF"

What Undercode Say:

Reverse engineering firmware is essential for uncovering IoT device vulnerabilities. By decrypting and analyzing firmware, researchers can identify backdoors, weak encryption, and insecure configurations. Always verify encryption keys through dynamic analysis if static methods fail.

Expected Output:

  • Decrypted firmware file (decrypted_firmware.bin)
  • Extracted filesystem (SquashFS, JFFS2)
  • List of vulnerabilities (hardcoded keys, outdated binaries)

Prediction:

As IoT devices proliferate, firmware decryption and reverse engineering will become standardized in penetration testing workflows, leading to more automated tools for firmware analysis.

Relevant URLs:

IT/Security Reporter URL:

Reported By: Andrew Bellini – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: