PODCASTS

BTS #39 - The Art of Firmware Scraping - Edwin Shuttleworth

In this episode, Edwin Shuttleworth from Finite State discusses firmware security, insights from the GRRCON Security Conference, and the challenges of firmware analysis. The conversation covers various topics, including firmware scraping techniques, the IoT landscape, types of firmware, the importance of Software Bill of Materials (SBOMs), and emulation in firmware analysis. Edwin shares his experiences and offers advice for those looking to get started in firmware reverse engineering.

Key Takeaways

  • Firmware is a loaded term with various definitions.
  • The GRRCON Security Conference provided valuable insights into firmware analysis.
  • Scraping firmware from the internet can be a rewarding experience.
  • Challenges in firmware analysis include unpacking and validating firmware.
  • Different types of firmware exist, including Linux-based, RTOS, and bare metal.
  • SBOMs are crucial for understanding the components of firmware.
  • Emulation tools like Firm-AE can aid in firmware analysis but have limitations.
  • Finding interesting projects can motivate learning in firmware reverse engineering.
  • The IoT landscape is broader than just consumer devices; it includes embedded systems.
  • Understanding the supply chain is essential for identifying vulnerabilities in firmware.

Subscribe

Back to all Podcasts