Harrison Green
Harrison (@hgarrereyn) is a vulnerability researcher at Margin research and avid CTF player for DiceGang. He is interested in esoteric computation, reading control-flow graphs, and automated vulnerability discovery and he is an incoming PhD student at Carnegie Mellon University.
Session
In the wide expanse of router manufacturers and models, there is one reverse engineering target that stands out from the rest: MikroTik. Unlike many routers which run a patchwork of services that vary widely across models and firmware versions, MikroTik maintains a uniform, standardized operating system, RouterOS, which runs across all router models. Customized internal frameworks and proprietary communication protocols offer a challenging, but interesting, reverse engineering landscape. However, the reliance on complex, proprietary infrastructure and the lack of easy access to the core system imposes a high barrier to entry for new reverse engineers. As a result, MikroTik security research has largely remained in obscurity. Until now…
In this talk, we will take an exciting adventure into the depths of MikroTik firmware, revealing new insights with RouterOS’s unique IPC protocol, proprietary message format, and custom cryptographic protocols. We will also release a new RouterOS remote jailbreak, the first in three years, which should help accelerate new and ongoing research efforts. Our goal by the end of the talk is to bring an interested reverse engineer from zero knowledge to a working understanding of RouterOS internals and put MikroTik security research back into the limelight.