HackFortressOS Adventures with Buildroot
About The Project
Arch Cloud Labs’ last three blog posts were diving into different aspects of IoT/embedded vulnerabilities. Comining off of these bug hunting adventures, I wanted to build a unique set of Capture The Flag (CTF) challenges for this years Hack Fortress. To do this, I referenced OWASP’s Top 10 for IoT and Buildroot to build the custom operating system for a Raspberry Pi 1 that was deemed “HackFortress OS”. This project ultimately this produced a series of challenges that covered the following items from the OWASP IoT Top Ten:
- Hardcoded passwords/keys (1/10 on OWASP IoT 2018)
- Insecure network services (2/10 on OWASP IoT 2018)
- An insecure update mechanism (4/10 on OWASP IoT 2018)
Note for competitors: this is not a walkthrough of challenges, but a walkthrough on building HackFortress OS
Buildroot - Make, but for Entire Systems
Buildroot is a build system that enables end users to build custom Operating Systems for a given embedded platform. Obtaining the latest release and listing the contents of the board
directory show the various platforms Buildroot supports. Below is a truncated output of boards supported. Notably, we see “raspberrypi” as in the first Raspberry Pi made. A platform that’s over ten years old , and just the appropriate board to build an a vulnerable embedded system to let hackers poke at for the weekend.
ls ~/buildroot/board/
minnowboard openblocks qemu raspberrypi2 raspberrypicm4io-64 sipeed
nexbox orangepi qmtech raspberrypi3 raspberrypizero2w solidrun
nezha pandaboard radxa raspberrypi3-64 roseapplepi spike
octavo pc raspberrypi raspberrypi4 seeed stmicroelectronics
olimex pcengines raspberrypi0 raspberrypi4-64 sheevaplug synopsys
olpc pine64 raspberrypi0w raspberrypicm4io sifive technexion
With raspberypi identified as the target system, the next step is to build a default configuration to modify to desired needs.
buildroot $> make raspberrypi_defconfig
#
# configuration written to /home/dllcoolj/buildroot/.config
#
➜ buildroot
Those familiar with building custom kernels and the ncurses view provided by make menuconfig
will be right at home with this next section.
The initial configuration menu contains numerous submenus to that allow Buildroot user’s a lot of flexibility when it comes to building a custom image.
- Toolchain (compiling options)
- Build options (including specific security feature)
- System configuration (user information/locale information)
- Kernel (specify kernel options you want to configure)
- Target packages (binaries,libraries on disk)
For the Hack Fortress team disabling security hardening features.