Realtek eCos SDK SIP ALG buffer overflow
A bug in a Realtek software development kit (SDK) means any third party devices with software that uses the SDK could inherit a vulnerability in their Session Initiation Protocol (SIP) implementations.
Broadcom eCos | Ghidra Loader Release
We're releasing a custom Ghidra loader for Broadcom's ProgramStore firmware format.
Zyxel | Auto-identifying eCos Firmwares Load Address
This is a guest post by cq674350529 on searching (and finding) the correct load address of an eCos firmware image from Zyxel.
Broadcom eCos | Gaining Persistence with Firmware Implants
How to gain persistence with firmware implants on Broadcom eCos.
Broadcom eCos | Building Custom Shellcode
In this article I’ll explain how to craft shellcode that you can deliver as a second stage to a victim eCos device. I’m specifically covering the Broadcom variant of eCos here.
Broadcom eCos | Exploiting Stack Overflows (Netgear CG3700)
Methodology and corresponding techniques that you can use to exploit buffer overflows on the Broadcom variant of eCos.
Broadcom eCos | Firmware Analysis with Ghidra
In this post I’ll share tools, tips, and tricks to help you reverse engineer an eCos firmware image dumped from a Broadcom eCos BFC cable modem. I consider that you have an extracted firmware image with you and the latest version of Ghidra installed.
Broadcom eCos | Reversing the Heap Allocator
Let's reverse Broadcom's custom memory allocator for eCos.
Broadcom eCos | Reversing the OS Memory Layout
Let's go over my methodology to reverse the memory layout used by eCos, and more specifically by the Broadcom variant of eCos.
Broadcom eCos | Reversing Interrupt and Exception Handling
Let's go through the different steps I followed when trying to understand interrupt and exception handling on eCos.
Broadcom eCos | Writing a device profile for bcm2-utils
In this blog post we'll dive into jclehner’s bcm2-utils tools and perform the following steps. : dump an unknown bootloader with bcm2dump, reverse engineer specific sections of the booloader, write a device profile for bcm2dump, dump the NAND flash and extract the eCos firmware, and dump the SPI flash and analyze non-vol settings. From there, we will patch non-vol settings to enable console access, flash it and then adapt the console section of our initial bcm2dump profile.
Welcome to ecos.wtf !
ecos.wtf aims at documenting in a single place everything related to eCos platform security research.