[+] Check binaries for weak functions (intense)
This module identifies the usage of critical binary functions in firmware via objdump.
Examples of binary functions are system, strcpy, printf and strcat. These functions are configured in the configuration
file config/functions.cfg. The module counts the usages per binary. For strcpy functions it also counts strlen functions
right before the strcpy function. Additionally it checks if the binary is a known Linux binary or unknown and probably
a vendor binary.
[*] Vulnerable functions: fprintf mmap popen printf sprintf strcat strcpy system
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libmove_inf.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: printf / Function count: 9 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libIOTCAPIs.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: fprintf / Function count: 1 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libsCHL.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: printf / Function count: 3 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libt20.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: printf / Function count: 11 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libmp.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: fprintf / Function count: 9 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/liblogserver.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: sprintf / Function count: 2 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libsysutils.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: mmap / Function count: 1 / Correct error handling: 0
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libaudioProcess.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: printf / Function count: 42 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libIOTCAPIs.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: printf / Function count: 1 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/liblogserver.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: strcpy / Function count: 12 / strlen: 1 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwlist (-rw-r--r-- root root) - common linux file: yes - Vulnerable function: sprintf / Function count: 5 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libsysutils.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: printf / Function count: 2 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwpriv (-rw-r--r-- root root) - common linux file: yes - Vulnerable function: sprintf / Function count: 5 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libmp.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: mmap / Function count: 7 / Correct error handling: 1
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libIOTCAPIs.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: sprintf / Function count: 22 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libaudioProcess.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: sprintf / Function count: 44 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwgetid (-rw-r--r-- root root) - common linux file: yes - Vulnerable function: fprintf / Function count: 18 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwlist (-rw-r--r-- root root) - common linux file: yes - Vulnerable function: strcpy / Function count: 16 / strlen: 0 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libsysutils.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: sprintf / Function count: 8 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwpriv (-rw-r--r-- root root) - common linux file: yes - Vulnerable function: strcpy / Function count: 16 / strlen: 0 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libmp.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: printf / Function count: 332 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libIOTCAPIs.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: strcpy / Function count: 11 / strlen: 1 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwgetid (-rw-r--r-- root root) - common linux file: yes - Vulnerable function: sprintf / Function count: 5 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libaudioProcess.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: strcpy / Function count: 4 / strlen: 2 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libsysutils.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: strcat / Function count: 4 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwconfig (-rw-r--r-- root root) - common linux file: yes - Vulnerable function: sprintf / Function count: 5 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libmp.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: sprintf / Function count: 99 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwgetid (-rw-r--r-- root root) - common linux file: yes - Vulnerable function: strcpy / Function count: 16 / strlen: 0 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/etc/miio_client/miio_recv_line (-rw-r--r-- root root) - common linux file: no - Vulnerable function: printf / Function count: 2 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libsysutils.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: strcpy / Function count: 2 / strlen: 1 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/etc/miio_client/miio_send_line (-rw-r--r-- root root) - common linux file: no - Vulnerable function: printf / Function count: 2 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/etc/miio_client/miio_client (-rw-r--r-- root root) - common linux file: no - Vulnerable function: fprintf / Function count: 7 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libmbedcrypto.so.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: printf / Function count: 52 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libssl.so.1.0.0 (-rw-r--r-- 501 dialout) - common linux file: yes - Vulnerable function: fprintf / Function count: 4 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libmp.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: strcat / Function count: 1 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libzbar.so.0.2.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: fprintf / Function count: 66 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/etc/miio_client/miio_client (-rw-r--r-- root root) - common linux file: no - Vulnerable function: sprintf / Function count: 31 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libmp4v2.so.2.0.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: fprintf / Function count: 1 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libjson-c.so.2.0.1 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: fprintf / Function count: 1 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libcurl.so.4.3.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: sprintf / Function count: 1 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libcrypto.so.1.0.0 (-rw-r--r-- 501 dialout) - common linux file: yes - Vulnerable function: fprintf / Function count: 23 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libfaac.so.0.0.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: sprintf / Function count: 1 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libfftw3.so.3.4.4 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: fprintf / Function count: 1 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libmp.so (-rw-r--r-- root root) - common linux file: no - Vulnerable function: strcpy / Function count: 3 / strlen: 4 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libnl-3.so.200.21.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: fprintf / Function count: 155 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/etc/miio_client/miio_client (-rw-r--r-- root root) - common linux file: no - Vulnerable function: strcpy / Function count: 2 / strlen: 0 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libnl-genl-3.so.200.21.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: fprintf / Function count: 6 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libzbar.so.0.2.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: sprintf / Function count: 7 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libjson-c.so.2.0.1 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: strcpy / Function count: 2 / strlen: 0 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libcurl.so.4.3.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: strcpy / Function count: 1 / strlen: 0 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libmbedx509.so.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: printf / Function count: 2 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libmp4v2.so.2.0.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: sprintf / Function count: 3 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libcrypto.so.1.0.0 (-rw-r--r-- 501 dialout) - common linux file: yes - Vulnerable function: printf / Function count: 1 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/lib/libutil-0.9.33.2.so (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: strcpy / Function count: 1 / strlen: 0 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/lib/libdl-0.9.33.2.so (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: fprintf / Function count: 6 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libcrypto.so.1.0.0 (-rw-r--r-- 501 dialout) - common linux file: yes - Vulnerable function: sprintf / Function count: 1 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/lib/librt-0.9.33.2.so (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: printf / Function count: 1 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libmp4v2.so.2.0.0 (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: strcpy / Function count: 2 / strlen: 2 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/lib/libcrypt-0.9.33.2.so (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: strcpy / Function count: 1 / strlen: 0 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/lib/libm-0.9.33.2.so (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: sprintf / Function count: 2 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/lib/libstdc++.so.6.0.17 (-rw-r--r-- 501 dialout) - common linux file: yes - Vulnerable function: sprintf / Function count: 9 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/lib/libpthread-0.9.33.2.so (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: mmap / Function count: 4 / Correct error handling: 2
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libcrypto.so.1.0.0 (-rw-r--r-- 501 dialout) - common linux file: yes - Vulnerable function: strcat / Function count: 8 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/lib/libpthread-0.9.33.2.so (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: printf / Function count: 1 / networking: no
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/thirdlib/libcrypto.so.1.0.0 (-rw-r--r-- 501 dialout) - common linux file: yes - Vulnerable function: strcpy / Function count: 6 / strlen: 4 / networking: yes
[+] ./logs/firmware/unblob_extracted/firmware_extract/2097216-5451840.squashfs_v4_le_extract/lib/libpthread-0.9.33.2.so (-rw-r--r-- 501 dialout) - common linux file: no - Vulnerable function: sprintf / Function count: 1 / networking: no
==> Top 10 legacy C functions - Objdump disasm mode
[+] fprintf - top 10 results:
155 : libnl-3.so.200. : common linux file: no
66 : libzbar.so.0.2. : common linux file: no
23 : libcrypto.so.1. : common linux file: yes
18 : iwgetid : common linux file: yes
9 : libmp.so : common linux file: no
7 : miio_client : common linux file: no
6 : libnl-genl-3.so : common linux file: no
6 : libdl-0.9.33.2. : common linux file: no
4 : libssl.so.1.0.0 : common linux file: yes
1 : libmp4v2.so.2.0 : common linux file: no
[+] mmap - top 10 results:
7 : libmp.so : common linux file: no
4 : libpthread-0.9. : common linux file: no
1 : libsysutils.so : common linux file: no
[+] printf - top 10 results:
332 : libmp.so : common linux file: no
52 : libmbedcrypto.s : common linux file: no
42 : libaudioProcess : common linux file: no
11 : libt20.so : common linux file: no
9 : libmove_inf.so : common linux file: no
3 : libsCHL.so : common linux file: no
2 : miio_send_line : common linux file: no
2 : miio_recv_line : common linux file: no
2 : libsysutils.so : common linux file: no
2 : libmbedx509.so. : common linux file: no
[+] sprintf - top 10 results:
99 : libmp.so : common linux file: no
44 : libaudioProcess : common linux file: no
31 : miio_client : common linux file: no
22 : libIOTCAPIs.so : common linux file: no
9 : libstdc++.so.6. : common linux file: no
8 : libsysutils.so : common linux file: no
7 : libzbar.so.0.2. : common linux file: no
5 : iwpriv : common linux file: yes
5 : iwlist : common linux file: yes
5 : iwgetid : common linux file: yes
[+] strcat - top 10 results:
8 : libcrypto.so.1. : common linux file: yes
4 : libsysutils.so : common linux file: no
1 : libmp.so : common linux file: no
[+] strcpy - top 10 results:
16 : iwpriv : common linux file: yes
16 : iwlist : common linux file: yes
16 : iwgetid : common linux file: yes
12 : liblogserver.so : common linux file: no
11 : libIOTCAPIs.so : common linux file: no
6 : libcrypto.so.1. : common linux file: yes
4 : libaudioProcess : common linux file: no
3 : libmp.so : common linux file: no
2 : miio_client : common linux file: no
2 : libsysutils.so : common linux file: no