Published on April 8th, 2016 📆 | 3250 Views ⚑
0Embedded Systems Security: BusyBotNet
Busybotnet is a fork of busybox that aims to make many of the security tools that are often only found on full systems available to their resource lacking counterparts we call embedded devices. With the recent surge in popularity of such devices (aka, the explosion of the ‘internet of things’), came many, many security issues. Part of the problem is that it’s difficult to implement cryptography tools on systems with limited resources, and the rest is caused by incompetent OEM’s that never issue updates or bother to patch any of the gaping security holes in their systems. This inevitably leads to the devices being re-purposed by hackers, visa vi botnets… The point of this project is to provide all of the security tools a system admin needs to administer embedded devices in one static binary, hence the term, “Busybotnet”.
This is a dangerous executable in the hands of the wrong person. It contains tools that could be used maliciously. “A script kiddies wetdream”. Don’t leave copies of these binaries lying around without security measures (good file permissions, etc).
`7MM"""Yp, `7MM"""Yp, mm `7MN. `7MF' mm MM Yb MM Yb MM MMN. M MM MM dP `7MM `7MM ,pP"Ybd `7M' `MF'MM dP ,pW"Wq.mmMMmm M YMb M .gP"Ya mmMMmm MM"""bg. MM MM 8I `" VA ,V MM"""bg. 6W' `Wb MM M `MN. M ,M' Yb MM MM `Y MM MM `YMMMa. VA ,V MM `Y 8M M8 MM M `MM.M 8M"""""" MM MM ,9 MM MM L. I8 VVV MM ,9 YA. ,A9 MM M YMM YM. , MM .JMMmmmd9 `Mbod"YML.M9mmmP' ,V .JMMmmmd9 `Ybmd9' `Mbmo.JML. YM `Mbmmd' `Mbmo ,V OOb" ============================================================================================= 01000010 01110101 01110011 01111001 01000010 01101111 01110100 01001110 01100101 01110100
Embedded Systems Security:
BusyBotNet – Compiling & Installation
$ make clean $ make menuconfig -- Configure your build -- Choose applets to include -- $ make To install, run ./busybox --install -s /path/to/wherever
— Cross Compiling
Grab the latest buildroot and build it (same as above, $ make clean;make menuconfig;make)
Configure with make menuconfig -- Specifically, tell busybotnet where your toolchain and sysroot are located. $ make
Currently Defined Functions:
As you can see, many new features have been added to busybox. Particulary interesting are the cryptography applets. This is an incomplete list of the applets enabled during the last build:
evil@devbox:~/busybotnet$ ./busybox BusyBox v1.24.1 (2016-03-15 22:49:48 CDT) multi-call binary. BusyBox is copyrighted by many authors between 1998-2015. Licensed under GPLv2. See source distribution for detailed copyright notices. Usage: busybox [function [arguments]...] or: busybox --list[-full] or: busybox --install [-s] [DIR] or: function [arguments]... BusyBox is a multi-call binary that combines many common Unix utilities into a single executable. Most people will create a link to busybox for each function they wish to use and BusyBox will act like whatever it was invoked as. [adsense size='1'] Currently defined functions: [, [[, acpid, add-shell, addgroup, adduser, adjtimex, aescrypt, arp, arping, ash, awk, base64, basename, beep, beer, bindtty, blkid, blockdev, boink, bonk, bootchartd, brctl, bunzip2, bzcat, bzip2, cal, cat, catv, chat, chattr, chgrp, chmod, chown, chpasswd, chpst, chroot, chrt, chvt, cksum, clear, cmp, coke, comm, conseal, conspy, cp, cpio, crond, crontab, crypthash, cryptpw, cttyhack, cut, date, dc, dcd3c, dd, deallocvt, delgroup, deluser, depmod, devmem, df, dhclient, dhcprelay, dhgenprime, diff, dirname, dmesg, dnsamp, dnsd, dnsdomainname, dos2unix, dpsc, dpss, du, dumpkmap, dumpleases, ecdsa, echo, echoize, ed, egrep, eject, env, envdir, envuidgid, ether-wake, expand, expr, fakeidentd, false, fatattr, fbset, fbsplash, fdflush, fdformat, fdisk, fgconsole, fgrep, find, findfs, flash_eraseall, flash_lock, flash_unlock, flashcp, flock, fold, free, freeramdisk, fsck, fsck.minix, fstrim, fsync, ftpd, ftpget, ftpput, fuser, genericsum, genkey, getopt, getty, gewse, gewse5, grep, groups, gunzip, gzip, halt, hd, hdparm, head, hexdump, hostid, hostname, httpd, hush, hwclock, i2cdetect, i2cdump, i2cget, i2cset, id, ifconfig, ifdown, ifenslave, ifplugd, ifup, inetd, init, inotifyd, insmod, install, ionice, iostat, ip, ipaddr, ipcalc, ipcrm, ipcs, iplink, iproute, iprule, iptunnel, jolt, kbd_mode, kill, killall, killall5, kissofdeath, kkill, klogd, knbot, land, last, latierra, less, linux32, linux64, linuxrc, ln, loadfont, loadkmap, logger, login, logname, logread, losetup, lpd, lpq, lpr, ls, lsattr, lsmod, lsof, lspci, lsusb, lzcat, lzma, lzop, lzopcat, makedevs, makemime, man, md5sum, mdev, mesg, microcom, mkdir, mkdosfs, mke2fs, mkfifo, mkfs.ext2, mkfs.minix, mkfs.vfat, mknod, mkpasswd, mkswap, mktemp, modinfo, modprobe, more, mount, mountpoint, mpstat, mqtte, mt, mv, nameif, nanddump, nandwrite, nbd-client, nc, nestea, netscan, netstat, newtear, nice, nmeter, nohup, nslookup, ntpd, ntpdos, od, openvt, orgasm, ottf, passwd, patator, patch, pgrep, pidof, ping, ping6, pipe_progress, pivot_root, pkdecrypt, pkencrypt, pkill, pksign, pmap, pong, popmaildir, poweroff, powertop, printenv, printf, proxcat, ps, pscan, pstree, pubclient, pud, pwd, pwdx, raidautorun, raped, rdate, rdev, readahead, readlink, readprofile, realpath, reboot, reformime, remove-shell, renice, reset, resize, rev, rm, rmdir, rmmod, route, rpm, rpm2cpio, rsadecrypt, rsaencrypt, rsagenkey, rsasign, rsaverify, rtcwake, run-parts, runlevel, runsv, runsvdir, rx, script, scriptreplay, sed, sendmail, seq, setarch, setconsole, setfont, setkeycodes, setlogcons, setserial, setsid, setuidgid, sh, sha1sum, sha256sum, sha3sum, sha512sum, showkey, shuf, slattach, sleep, smemcap, snmpdos, sockstress, softlimit, sort, spiffit, sping, split, start-stop-daemon, stat, stream, strings, stty, su, subclient, sulogin, sum, sv, svlogd, swapoff, swapon, switch_root, sync, synk4, synscan, sysctl, syslogd, tac, tail, tar, tcpsvd, teardrop, tee, telnet, telnetd, test, tftp, tftpd, time, timeout, top, torloris, touch, tr, traceroute, traceroute6, true, truncate, tty, ttysize, tunctl, ubiattach, ubidetach, ubimkvol, ubirmvol, ubirsvol, ubiupdatevol, udhcpc, udhcpd, udpdata, udpspoof, udpsvd, uevent, umount, uname, uncompress, unexpand, uniq, unit, unix2dos, unlink, unlzma, unlzop, unxz, unzip, uptime, users, usleep, uudecode, uuencode, vconfig, vi, vlock, volname, wall, watch, watchdog, wc, wget, which, who, whoami, whois, wingatecrash, xargs, xersex, xersextcp, xz, xzcat, yes, zcat, zcip
Gloss