Welcome back, my aspiring cyberwarriors!
As you know, the various mobile carriers around the world sell a device they often refer to as a "network extender". These are actually femtocells or very small cellphone towers. The local cellphone connects to the network extender/femtocell and the signal is then sent across the internet to the cellular network. They are legitimate and legal and are used to extend the mobile network to areas with weak or no cellular network.
You may have remembered that Elliot and f/society from the show Mr. Robot, re-engineered one of the femtocells to embed malware into the cellphones of the FBI. In this way, they could eavesdrop on all the FBI calls and data. This is not fantasy, but a very real hack. We will be exploring it in our upcoming "Building a FemtoCell" class.
In order to re-engineer these devices and other IoT devices, you will likely need to replace the embedded Linux with your own. As you already suspect, nearly all IoT devices run very small embedded Linux (all the more reason you need to master Linux skills). Some of these operating systems are as small as a few megabytes (your Kali or Ubuntu is 1000x larger). These tiny Linuxes are designed to be small enough to run IoT devices with limited CPU's and memory.
Since 2004, there has been a project known as OpenWRT or Open Wireless Router. This open source project develops small, embedded operating systems for routers and other IoT devices. To be able to hack IoT devices, you should be familiar with these tiny, embedded Linux operating systems. That is our goal with this series.
OpenWRT
The OpenWRT Project can be found at www.openwrt.org.
To understand how these Linuxes work and to build our own embedded Linux, let's download this tiny Linux and use it in VMWare. In that way, we can experiment and custom build our embedded Linux.
Step #1: Download and Install
The OpenWrt project has Linux images for hundreds of different platforms. Remember, these tiny devices are usually not running an x86 or x64 Intel or AMD CPU but rather much tinier, more energy efficient CPU's such as Broadcom, Qualcomm, Ralink and other CPU's. To see a list of all the firmware OpenWRT is available for, click here.
In order to understand these embedded operating systems, we will download and use one developed for the x86 platform and use it on our standard hardwrae platform. Once we become familiar with these embedded Linux, we will progress to other hardware platform Linuxes.
To get started, let's download an image for the x86 platform at the link below.
Once you are done downloading, the next step is to uncompress the image with gunzip.
kali > gunzip openwrt-x86-generic-combined-ext4.img.gz
Step #2: Convert to a vmdk image
To get this image to run in our virtual machine, we can use qemu to convert it to a vmdk ( a VMWare compatible image). QEMU (Quick Emulator) is a free and open-source emulator. It emulates the machine's processor and it provides a set of different hardware and device models for the machine, enabling it to run a variety of guest operating systems.
We can download qemu using wget such as below.
kali > wget https://download.qemu.org/qemu-8.1.0-rc2.tar.xz
Next we need to untar or uncompress the image
kali > tar xvJf qemu-8.1.0-rc2.tar.xz
Then, navigate to the new directory;
kali > cd qemu-8.1.0-rc2
Finally, configure and make your new software.
kali ./configure
kali > make
Now we are ready to convert out openwrt image to a VMWare compatible image.
kali > qemu-img convert -f raw -O vmdk openwrt-x86-generic-combined-ext4.img openwrt-x86-generic-combined-ext4.vmdk
Now that we have uncompressed the image and converted it to a vmdk image, we can open it in VMWare.
First, drag and drop it your new image from your Kali operating system to your guest operating system.
Now, simply open it with VMWare like any other virtual machine.
When you do, you will be greeted by the OpenWRT splash screen like below.
Summary
To better understand, implement, and defend against IoT attacks, you should understand these embedded Linux operating systems. OpenWRT is a good example of embedded systems used to run wireless routers and other IoT devices. Open WRT can be used to replace the operating system in routers and network extenders (femtocells) to create a truly malicious device that can be used to wreak havoc. In our upcoming Building a FemtoCell to Intercept Cellphone Calls, we will be developing our own malicious embedded operating system using OpenWRT.