How to use gdb to revert engineering the IP Camera firmware

Extract http://www.zip content and copy decoder_control.cgi to SD Card.

Telnet to Camera IP:

$ telnet 192.168.0.126
/ # cp /media/sd/decoder_control.cgi /tmp
/ # cp /media/sd/gdbserver /tmp
/ # cd /tmp
/tmp # chmod 777 gdbserver
/tmp # chmod 777 decoder_control.cgi
/tmp # export QUERY_STRING=command=1\&user=admin\&pwd=
/tmp # ./gdbserver 192.168.0.1:3333 ./decoder_control.cgi 

Now on your workstation (192.168.0.1) execute:

$ arm-linux-gdb ./decoder_control.cgi 
GNU gdb (GDB) 7.5
Lendo símbolos de /tmp/www/cgi-bin/decoder_control.cgi...(no debugging symbols found)...concluído.

(gdb) target remote 192.168.0.126:3333
Remote debugging using 192.168.0.126:3333
warning: Can not parse XML target description; XML support was disabled at compile time
warning: `/lib/ld-linux.so.2': Shared library architecture unknown is not compatible with target architecture arm.
warning: `/lib/ld-linux.so.2': Shared library architecture unknown is not compatible with target architecture arm.
Lendo símbolos de /lib/ld-linux.so.2...(no debugging symbols found)...concluído.
Loaded symbols for /lib/ld-linux.so.2
0x40000a60 in ?? () from /lib/ld-linux.so.2

(gdb) b atoi
Ponto de parada 1 at 0x8808

(gdb) target remote run
Um programa já está sendo depurado. Deseja matá-lo? (y or n) n
Program not killed.

(gdb) c
Continuando.

Breakpoint 1, 0x00008808 in atoi ()
(gdb)

3 thoughts on “How to use gdb to revert engineering the IP Camera firmware

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s