Re: Hacking JavaScript residing on router --- Question

From: sponge (mtubi@python.net)
Date: 01/31/02 

From: mtubi@python.net (sponge)
Date: Thu, 31 Jan 2002 01:16:21 GMT

 Well, look at it this way: you're putting a piece of code, a set of
instructions into your router. In your case, you assume that they are
a firmware upgrade. Of course, I could easily write my own assembler
and give it to you and call it "an upgrade". Somebody with more
experience than myself in JS can do the same. Put another way, anybody
can modify anything. What matters is where you got the upgrade from
and their reputability. And, if you have experience or know someone
that does, ask them to check it out to see if it contains any hackers,
backdoors, or whatnot.
 The real problem is this: I'm rather uncomfortable with the concept
of updating my routers directly from a PC or network; the reason is
that if I can gain access to and modify the internal workings of a
router from the PC it's routing or protecting, so can another program.
Needless to say, this could be used to defeat any security measures it
provides (dependent on the architecture and permanent firmware, of
course.) At the very least, there would have to be some good password
and other safeguards. This would not be so much of a concern if, say,
my router's software/firmware updating features were physically
isolated and I did not have to worry about some piece of malware
knocking out my router's security features.
 So, yes, the JS can be hacked. However, I feel that the hacking would
be easier done at the firewall manufacturer's site than, say, writing
a bug that looks for downloads from a particular site and modifies
them. Although that's certainly possible (ANYthing is possible in
computers, except a secure version of Windows) it seems exceedingly
difficult and the chances of it ever bearing any fruit seem virtually
non-existent when one considers all the factors involved.

On Wed, 30 Jan 2002 16:33:41 -0800, "dtf" <dtf@on.aibn.com> wrote:

>Hi,
>
>I downloaded a 225K byte binary file from a router manufacturer. This .BIN
>file is the latest firmware version for a home cable/DSL router I'm using.
>The router allows up to four PC's on a home LAN to share one WAN port to the
>Internet; it also has a printer port on it that the PC's on the LAN can all
>share --- it can also be used as a firewall. The router can be upgraded by
>accessing its internal web page from any of the LAN side PC's browswer and
>hitting the "upgrade" button. At that point, the PC sends this binary file
>into the router.
>
>I took a look at the contents of this file using IDA Pro disassmebler, and
>saw that about half the 225K bytes are ASCII coded JavaScript, the rest is
>assembly language for the 80186 embedded processor (some GIF files are also
>there).
>
>I am analysing this box for weaknesses. The manufacturer says that the
>JavaScript is used "only" for the user interface to configure various
>things --- like the firewall. But could this JavaScript be hacked? By that
>I mean, can the the file's JavaScript section be modified prior to loading
>it into the router to bypass the security features? I think a hacker would
>find it easier to attack that part (JavaScript) easier than figuring out the
>flow of, and then altering, the assembler code present. But I know nothing
>about JavaScript so I'm not sure. Is this possible?
>
>I would appreciate any advice.
>
>Thanks,
>---dtf
>
>
>
>

Quantcast