1. InfoconDB
  2. DEF CON
  3. DEF CON 30 (2022)
  4. Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware

Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware

Presented at DEF CON 30 (2022), Aug. 12, 2022, 6 p.m. (45 minutes)

How do you go bug hunting in devices you own when the manufacturer has slapped some pesky encryption scheme on the firmware? Starting from an encrypted blob of bits and getting to executable code is hard and can be even more frustrating when you already know the bug is there, you just want to see it! Join me on my expedition to access the contents of my Zyxel firewall's firmware using password and hash cracking, hardware and software reverse engineering, and duct taping puzzle pieces together. We'll start with a device and a firmware blob, flail helplessly at the crypto, tear apart the hardware, reverse engineer the software and emulate the platform, and finally identify the decryption routine – ultimately breaking the protection used by the entire product line to decrypt whatever firmware version we want.


Presenters:

  • Jay Lagorio - Independent Security Researcher
    Jay Lagorio, a software engineer and independent security researcher, has been building computers and networks and finding ways to break them nearly his entire life. Being a nerd that likes to dig too far into things spilled over into the real world and he accidentally became a licensed private investigator. Releaser of the occasional tool or writeup on Github, he wishes he had enough time to do all the hacker things and crush griefers in GTA Online every day. He received a B.S. in Computer Science from UMBC and an M. Eng. from the Naval Postgraduate School.

Links:

Similar Presentations: