Welcome back, my aspiring cyberwarriors!
As you know, the various mobile carriers around the world sell a device they often refer to as a “network extender”. These are actually femtocells or very small cellphone towers. The local cellphone connects to the network extender/femtocell and the signal is then sent across the internet to the cellular network. They are legitimate and legal and are used to extend the mobile network to areas with weak or no cellular network.
Since 2004, there has been a project known as OpenWRT or Open Wireless Router. This open source project develops small, embedded operating systems for routers and other IoT devices. To be able to hack IoT devices, you should be familiar with these tiny, embedded Linux operating systems. That is our goal with this series.
OpenWRT
The OpenWRT Project can be found at www.openwrt.org.
Step #1: Download and Install
The OpenWRT project has Linux images for hundreds of different platforms. Remember, these tiny devices are usually not running an x86 or x64 Intel or AMD CPU but rather much tinier, more energy efficient CPU’s such as Broadcom, Qualcomm, Ralink and other CPU’s. To see a list of all the firmware OpenWRT is available for, click here.
In order to understand these embedded operating systems, we will download and use one developed for the x86 platform and use it on our standard hardwrae platform. Once we become familiar with these embedded Linux, we will progress to other hardware platform Linuxes.
To get started, let’s download an image for the x86 platform at the link below.
Once you are done downloading, the next step is to uncompress the image with gunzip.
kali > gunzip openwrt-x86-generic-combined-ext4.img.gz
Step #2: Convert to a vmdk image
To get this image to run in our virtual machine, we can use qemu to convert it to a vmdk ( a VMWare compatible image). QEMU (Quick Emulator) is a free and open-source emulator. It emulates the machine’s processor and it provides a set of different hardware and device models for the machine, enabling it to run a variety of guest operating systems.
We can download qemu using wget such as below.
kali > wget https://download.qemu.org/qemu-8.1.0-rc2.tar.xz
Next we need to untar or uncompress the image
kali > tar xvJf qemu-8.1.0-rc2.tar.xz
Then, navigate to the new directory;
kali > cd qemu-8.1.0-rc2
Finally, configure and make your new software.
kali ./configure
kali > make
Now we are ready to convert out openwrt image to a VMWare compatible image.
kali > qemu-img convert -f raw -O vmdk openwrt-x86-generic-combined-ext4.img openwrt-x86-generic-combined-ext4.vmdk
Now that we have uncompressed the image and converted it to a vmdk image, we can open it in VMWare.
First, drag and drop it your new image from your Kali operating system to your guest operating system.
Now, simply open it with VMWare like any other virtual machine.
When you do, you will be greeted by the OpenWRT splash screen like below.
Summary
To better understand, implement, and defend against IoT attacks, you should understand these embedded Linux operating systems. OpenWRT is a good example of embedded systems used to run wireless routers and other IoT devices. Open WRT can be used to replace the operating system in routers and network extenders (femtocells) to create a truly malicious device that can be used to wreak havoc. In our upcoming Building a FemtoCell to Intercept Cellphone Calls, we will be developing our own malicious embedded operating system using OpenWRT.
