EXTRACTING AND ANALYZING FIRMWARE OF KANKUN SMART PLUG
- Layout for this exercise:
1 - Getting the mobile application
- As the product booklet indicates, this is the downloading page for the mobile application software smartwifi.apk:
http://kk.huafeng.com:8081/none/android/smartwifi.apk
2 - Decompiling the mobile application with jadx
- Once smartwifi.apk downloaded, let's decompile the apk file with jadx:
https://sourceforge.net/projects/jadx/
- Copying the .apk into the folder /jadx/bin:
- Decompiling, the original Java source code of the application is available:
- Although several error messages are prompted to the user, eventually a new folder smartwifi is created:
- Copying the newly created folder to ~/kankun:
- Going into the folder smartwifi there are the Java class files of the mobile application:
3 - Getting the firmware
- Examining the contents of AndroidManifest.xml we find that the package of the applications is hangzhou.zx:
- Going into hangzhou:
- Going into zx:
- Opening PreferencesUtil.java:
- There is a very interesting line that gives us a hint about where to download the firmware from:
- Downloading the firmware with wget:
- Now, the firmware of the application kkeps.bin is available for further study and analysis:
- Checking the file type:
4 - Extracting the root file system with binwalk
- Extracting the file system of the binary (LZMA compressed and Squashfs filesystem):
- A new folder _kkeps.bin.extracted is available:
- Going into _kkeps.bin.extracted there is the root file system squashfs-root:
- Going into squashfs-root the entire root file system is found:
