Developing MIPS Exploits to Hack Routers

Posted on Posted in Exploit, Paper

Developing reliable exploits for a challenging environment as embedded MIPS may require some special skills/knowledge in addition to generic knowledge about exploiting vulnerabilities. However, value of exploits for routers, especially the ones work on WAN protocols such as TR-069 or UPNP is worth learning these skills.

Using QEMU binary emulation to run MIPS binaries may not be enough to develop those kind of exploits for several reasons. One of them is that, those kind of binaries require network interfaces to run properly and get input using sockets. Secondly, they need to complete some controls/ handshakes in order to be ready for getting inputs from network. Up to some point faking nvram may help but there is a better solution. Using kinda more complete environments like an embedded linux distro running on QEMU system emulation (may be another alternative emulator) or router’s itself.

Quelle: Exploit-db