Monday, May 22, 2017

11 - Extracting and analyzing firmware of KANKUN SMART PLUG


- Layout for this exercise:

1 - Getting the mobile application

- As the product booklet indicates, this is the downloading page for the mobile application software smartwifi.apk:

2 - Decompiling the mobile application with jadx

- Once smartwifi.apk downloaded, let's decompile the apk file with jadx:

- Copying the .apk into the folder /jadx/bin:

- Decompiling, the original Java source code of the application is available:

- Although several error messages are prompted to the user, eventually a new folder smartwifi is created:

- Copying the newly created folder to ~/kankun:

- Going into the folder smartwifi there are the Java class files of the mobile application:

3 - Getting the firmware

- Examining the contents of AndroidManifest.xml we find that the package of the applications is hangzhou.zx:

- Going into hangzhou:

- Going into zx:

- Opening

- There is a very interesting line that gives us a hint about where to download the firmware from:

- Downloading the firmware with wget:

- Now, the firmware of the application kkeps.bin is available for further study and analysis:

- Checking the file type:

4 - Extracting the root file system with binwalk

- Extracting the file system of the binary (LZMA compressed and Squashfs filesystem):

- A new folder _kkeps.bin.extracted is available:

- Going into _kkeps.bin.extracted there is the root file system squashfs-root:

- Going into squashfs-root the entire root file system is found: