Blog Category: reverse engineering

Pulling MikroTik into the Limelight

A detailed overview of the "Pulling MikroTik into the Limelight" talk as presented by Harrison Green and Ian Dupont at REcon 2022. This post expounds key concepts regarding the internal workings of MikroTik's customized operating system, RouterOS, and provides tools to accelerate individual research into these routers. This includes a reliable process for rooting RouterOS virtual machines, unique visualizations of router IPC, custom scripts implement hand-rolled crypto, and a novel jailbreak POC that pops a shell on any v6 MikroTik device. … Read More 

Cannoli: The Fast QEMU Tracer

Cannoli is a high-performance tracing engine for qemu-user. It can record a trace of both PCs executed as well as memory operations. It consists of a small patch to QEMU to expose locations to inject some code directly into the JIT, a shared library which is loaded into QEMU to decide what and how to instrument, and a final library which consumes the stream produced by QEMU in another process, where analysis can be done on the trace. … Read More 

MikroTik Authentication Revealed

MikroTik altered its router authentication protocol in 2019, a change which frustrated developers, system admins, and researchers whose customized tooling is now broken. Our team at Margin Research successfully reverse engineered the new process, are we are excited to share protocol details. This blog post outlines the cryptographic steps and offers proof of concept programs to demonstrate the new protocol. … Read More 

Hardware Hacking For Software Hackers

This blogpost will help anyone who is trying to do vulnerability research and/or exploit development on a physical device, and who does not have a debugging setup, shell, or firmware! Or, better put: let's get you some root shells without the hassle of finding a 0-day! … Read More 

Remote Android Debugging

Remote android debugging across the planet using Frida. … Read More 

An opinionated guide on how to reverse engineer software, part 1

Reverse engineering is just one step on the road to some final goal. Which could be to reimplement someone‚Äôs algorithm, interoperate with a new system or application, look for software vulnerabilities you can exploit, make game cheats, or revive old dead software to run on new systems. This is the first post in a series meant to help improve your static reverse engineering skills. … Read More