CN109213503B

CN109213503B - Method and device for acquiring permission of IoT (Internet of things) equipment, storage medium and electronic device

Info

Publication number: CN109213503B
Application number: CN201810916891.3A
Authority: CN
Inventors: 杨经宇; 耿琛; 王斌; 白子潘; 刘桂泽; 马劲松
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2018-08-13
Filing date: 2018-08-13
Publication date: 2020-09-29
Anticipated expiration: 2038-08-13
Also published as: CN109213503A

Abstract

The invention discloses a method and a device for acquiring authority of IoT equipment, a storage medium and an electronic device. Wherein, the method comprises the following steps: downloading a target BootLoader program into an internal memory of an IoT device, wherein the target BootLoader program comprises a patch code; starting the target BootLoader program in the memory of the IoT equipment; and modifying the starting code of the Linux kernel in the internal memory of the IoT equipment by operating the patch code so as to add a target account with root authority in the IoT equipment. The invention solves the technical problems of overlarge resource consumption and low acquisition success rate of the permission acquisition mode in the related technology.

Description

Method and device for acquiring permission of IoT (Internet of things) equipment, storage medium and electronic device

Technical Field

The present invention relates to the field of computers, and in particular, to a method and an apparatus for acquiring rights of an IoT device, a storage medium, and an electronic apparatus.

Background

Today, the root authority of an Internet of Things (IoT) device is generally obtained as follows: obtaining the password by using a password cracking mode, namely, using a password cracking tool to crack the password by using a common password so as to obtain the authority by using the cracked password; obtaining the authority by using the vulnerability, namely, performing authority-raising operation by using an application program with root authority in a Linux system on IoT equipment and a security vulnerability exposed by a Linux kernel to obtain the root authority; the method for upgrading the rights of the user is obtained by utilizing firmware upgrading, namely, part of IoT equipment supports updating of the user-defined firmware, the password of the root user of the user-defined firmware is user-defined, the user can obtain and set the rights by himself, and the user can update the user-defined firmware to the IoT equipment to replace the original firmware, so that the root rights are obtained.

However, the way of cracking the password consumes a lot of computing resources, the cracking time is very long, and finally, the password is complex and cannot be cracked. The method for using the vulnerability to privilege has limitations in use, and the CPU and Linux versions of the IoT equipment and the versions of the application programs need to be consistent with corresponding vulnerability using conditions to privilege successful privilege escalation. The method for carrying out right-lifting by utilizing firmware upgrading is not strong in universality, and a plurality of IoT devices only support updating of original factory firmware, so that a user cannot obtain a root password in the original factory firmware, and cannot acquire root authority. Therefore, the authority acquisition mode has the problems of overlarge resource consumption and low acquisition success rate.

In view of the above problems, no effective solution has been proposed.

Disclosure of Invention

The embodiment of the invention provides a method and a device for acquiring the permission of IoT equipment, a storage medium and an electronic device, which are used for at least solving the technical problems of excessive resource consumption and low acquisition success rate of permission acquisition modes in the related technology.

According to an aspect of the embodiments of the present invention, there is provided a method for acquiring rights of an IoT device, including: downloading a target BootLoader program into an internal memory of an IoT device, wherein the target BootLoader program comprises a patch code; starting the target BootLoader program in the memory of the IoT equipment; and modifying the starting code of the Linux kernel in the internal memory of the IoT equipment by operating the patch code so as to add a target account with root authority in the IoT equipment.

According to another aspect of the embodiments of the present invention, there is also provided an authority acquisition method for an IoT device, including: acquiring an original BootLoader program of an IoT device; adding a patch code in the original BootLoader program to generate a target BootLoader program, wherein the patch code is used for modifying a start code of a Linux kernel in a memory of the IoT device so as to add a target account with root authority in the IoT device; and transmitting the target BootLoader program to a memory of the IoT equipment so as to run the patch code when the target BootLoader program is started.

According to another aspect of the embodiments of the present invention, there is also provided an apparatus for acquiring permission of an IoT device, including: the device comprises a downloading unit, a processing unit and a processing unit, wherein the downloading unit is used for downloading a target BootLoader program into an internal memory of the IoT equipment, and the target BootLoader program comprises a patch code; a starting unit, configured to start the target BootLoader program in the memory of the IoT device; a first modifying unit, configured to modify a boot code of a Linux kernel in the memory of the IoT device by running the patch code, so as to add a target account with root rights in the IoT device.

According to another aspect of the embodiments of the present invention, there is also provided an apparatus for acquiring permission of an IoT device, including: the acquisition unit is used for acquiring an original BootLoader program of the IoT equipment; a generating unit, configured to add a patch code in the original BootLoader program to generate a target BootLoader program, where the patch code is used to modify a boot code of a Linux kernel in a memory of the IoT device, so as to add a target account with root rights in the IoT device; a transmission unit, configured to transmit the target BootLoader program to a memory of the IoT device, so as to run the patch code when the target BootLoader program is started.

According to a further aspect of the embodiments of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is configured to perform the above method when executed.

According to another aspect of the embodiments of the present invention, there is also provided an electronic apparatus, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the method by the computer program.

In the embodiment of the invention, the boot code of the Linux kernel in the internal memory of the IoT equipment is modified by running the patch code in the target BootLoader program, and the target BootLoader program is downloaded into the internal memory of the IoT equipment in a mode of adding a target account with root authority in the IoT equipment, wherein the target BootLoader program comprises the patch code; starting a target BootLoader program in a memory of the IoT equipment; the boot code of the Linux kernel in the internal memory of the IoT equipment is modified by running the patch code, so that the target account with the root authority is added to the IoT equipment, and the purpose of obtaining the root authority is achieved. The right obtaining process is irrelevant to the original user password intensity, so that the right obtaining time is greatly shortened; since no application is involved, the authorization process can be widely run on common IoT device CPUs; and the authorization process can support the default firmware on the IoT equipment, so that the technical effects of reducing resource consumption and improving the root authorization acquisition success rate are achieved, and the technical problems of overlarge resource consumption and low authorization acquisition success rate of an authorization acquisition mode in the related technology are solved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:

fig. 1 is an application environment diagram of an optional permission obtaining method for an IoT device according to an embodiment of the present invention;

fig. 2 is a flowchart illustrating an optional method for acquiring permission of an IoT device according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating an alternative method for acquiring rights of an IoT device according to an embodiment of the present invention;

fig. 4 is a flowchart illustrating a method for acquiring rights of an alternative IoT device according to an embodiment of the present invention;

FIG. 5 is a schematic view of an alternative connection device according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of an optional permission obtaining apparatus of an IoT device according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of a rights acquisition apparatus of another optional IoT device according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of an alternative electronic device according to an embodiment of the invention.

Detailed Description

In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. The IoT equipment is equipment in the Internet of things, and the Internet of things is a network for interconnecting and intercommunicating all common objects capable of performing independent functions.

According to one aspect of the embodiment of the invention, a method for acquiring the permission of an IoT device is provided. Optionally, the method for acquiring the permission of the IoT device may be applied, but not limited to, in the application environment as shown in fig. 1. As shown in fig. 1, PC device 104 communicates with server 106 over a network; the IoT device 102 downloads a target BootLoader program from the PC device 104 to a memory of the IoT device through a communication line (e.g., a UART communication line, a JTAG debug line, etc.), where the target BootLoader program includes patch code; starting a target BootLoader program in a memory of the IoT equipment; and modifying the boot code of the Linux kernel in the internal memory of the IoT device by running the patch code so as to add the target account with root authority in the IoT device. root is a super administrator account in operating systems (e.g., Linux and unix). The account with the root authority has the highest operation authority of the whole system, and can operate all objects in the system, and obtaining the root authority means obtaining the highest authority of the system.

Optionally, in this embodiment, the IoT device may include, but is not limited to, ARM, MIPS, and powerpc. The network may include, but is not limited to, a wired network, a wireless network, wherein the wired network includes: local area networks, metropolitan area networks, wide area networks. The wireless network includes: bluetooth, WIFI, and other networks that enable wireless communication. The server may include, but is not limited to, at least one of: PCs and other devices for providing download services. The above is only an example, and the present embodiment is not limited to this.

Optionally, in this embodiment, as an optional implementation manner, as shown in fig. 2, the method for acquiring a permission of an IoT device may include:

s202, downloading a target BootLoader program into an internal memory of the IoT equipment, wherein the target BootLoader program comprises a patch code;

s204, starting a target BootLoader program in a memory of the IoT equipment;

and S206, modifying the start code of the Linux kernel in the internal memory of the IoT device by running the patch code so as to add the target account with root authority in the IoT device.

Optionally, the above method can be applied to a variety of IoT devices, including but not limited to: ARM, MIPS and powerpc, while supporting a variety of operating systems, including but not limited to: linux, Windows, and other proprietary systems. After the root authority is obtained, a user can perform detection operation with the highest authority, and can obtain information such as processes, networks, key files and the like from the inside of the IoT equipment, so that more effective information than a common scheme is obtained.

In the related art, the root authority of the IoT device is generally obtained in a password cracking manner, a privilege escalation manner using a bug, or a privilege escalation manner using firmware upgrade. By adopting the method, the resource consumption for acquiring the authority is overlarge, and the success rate of acquiring the authority is low. In the method, a target BootLoader program is downloaded to an internal memory of an IoT device, wherein the target BootLoader program comprises a patch code; starting a target BootLoader program in a memory of the IoT equipment; the boot code of the Linux kernel in the internal memory of the IoT equipment is modified by running the patch code, so that the target account with the root authority is added in the IoT equipment, the purpose of obtaining the root authority is achieved, the technical effects of reducing resource consumption and improving the authority obtaining success rate are achieved, and the technical problems that the authority obtaining mode in the related technology is overlarge in resource consumption and low in obtaining success rate are solved.

Optionally, the IoT device may be connected to the PC device before the target BootLoader program is downloaded into the memory of the IoT device.

For the IoT device, a UART communication port may be provided on a circuit board of the device for communication between the IoT device and the PC. The IoT device and the PC device may be connected through a UART communication line using a UART communication port.

Optionally, in this embodiment, before downloading the target BootLoader program into the memory of the IoT device, the BootLoader control interface is displayed after the IoT device is started; in the BootLoader control interface, an original BootLoader program corresponding to a target BootLoader program is stored on a target device (such as a PC device) through a first target command.

After the IoT device is connected to the PC device, when the IoT device is booted, serial communication software (e.g., push, super terminal, etc.) may be used to press an arbitrary key on the IoT device to enter a BootLoader control interface (a boot loader or a bootstrap).

Optionally, in this embodiment, after the BootLoader control interface is displayed, in the BootLoader control interface, target information of the IoT device is obtained through a second target command, where the target information includes at least one of the following: CPU information, memory information and version number of Linux system running on the IoT equipment of the IoT equipment; and transmitting the target information to the target device. The IoT device may obtain environment variable information using a second target command (e.g., printenv) provided by BootLoader, and obtain target information of the corresponding IoT device from the obtained environment variables, where the obtained target information may include, but is not limited to: CPU information, memory information (memory size), version number of the Linux system running on the IoT device, and the like.

The IoT device may save the BootLoader itself to the PC device through the first target command as an original version of the BootLoader (original BootLoader). The first target command may be: md (memory display) command. The PC equipment can also obtain the original BootLoader by directly reading the flash memory chip in a hardware mode.

Optionally, in this embodiment, after an original BootLoader program corresponding to a target BootLoader program is saved on a target device through a first target command, the target BootLoader program transmitted by the target device is received, the target BootLoader program is generated by adding a patch code to the original BootLoader program, and the patch code is used to run after decompressing a Linux kernel of an IoT device and before transferring control to the Linux kernel, so as to modify a boot code of the Linux kernel in an internal memory of the IoT device.

To enable execution of object code (e.g., custom code) in BootLoader, the PC device may patch the original BootLoader. After obtaining the original BootLoader, the PC device may make a target BootLoader (new version BootLoader) by: firstly, generating a corresponding patch (patch code, binary system) according to the obtained original BootLoader; then, the patch is applied to the original BootLoader to generate a target BootLoader. The patch can be operated after decompressing the Linux kernel and before the BootLoader transfers the control right to the Linux kernel, so that the start process of the Linux kernel is hijacked with the highest right.

The corresponding binary patch file may be generated by: firstly, according to the obtained target information, performing decompiling operation on an original BootLoader by using a decompiling tool (such as IDA) and configuration (such as ARM, MIPS, 32 bits or 64 bits and the like) to obtain an original code; secondly, according to the target opportunity, the target address of the inserted target code is found. The target time is the time for running the target code, the target time is after decompressing the Linux kernel, and before the BootLoader transfers the control right to the Linux kernel, and the specific function can be bootm _ decomp _ image (); and finally, compiling the target code into a binary code according to a platform operated by the corresponding IoT equipment, and inserting the compiled binary code into a target address to obtain a binary patch file. The patch file can support a plurality of CPU platforms, can adapt to a wide range of Linux versions and is irrelevant to a specific application program, so that the patch file can be widely applied to common IoT equipment.

For a plurality of CPU platforms, a C + inline assembly mode can be used to support the plurality of CPU platforms. And inserting the target code into the target address by utilizing an inlinehook technology to obtain a binary patch file, wherein the inlinehook refers to an instruction for directly modifying a target function, and a jump or other instructions are used for achieving the purpose of hooking (executing other functions).

Bootloaders of an IoT device may be dynamically updated by: the IoT device downloads the generated target BootLoader to the memory of the IoT device through a third target command (e.g., tftp command) provided by the BootLoader itself to update the BootLoader.

After the BootLoader update is completed, the IoT device may perform a warm reboot using the target BootLoader using a fourth target command (e.g., a go memory address command).

Bootloader of the IoT device provides a command (e.g., tftp) to download a file on the PC machine to a specified location of the IoT device memory, through which a target Bootloader may be downloaded to the specified location of the IoT device memory. And downloading of the target BootLoader can be carried out through various interfaces such as a USB (universal serial bus), a serial port and the like. And after downloading the patched target BootLoader to an IoT memory, executing a new version BootLoader instruction through hot reboot.

Optionally, in this embodiment, modifying, by running the patch code, the boot code of the Linux kernel in the memory of the IoT device, so as to add the target account with root authority in the IoT device includes: modifying a start code of a Linux kernel in a memory of the IoT equipment by running a patch code, so that an account authentication file in the IoT equipment is in a state of being allowed to be modified; and adding a target account with root authority in the account authentication file.

When the instruction in the target BootLoader runs to the patch area, the program logic in the patch can modify the boot code of the Linux kernel in the memory, hijack the Linux boot process, and dynamically insert the control code.

The program logic of the file system may be modified to hijack the associated functions upon Linux startup of the IoT device. The hijacked function may be an init _ post () function. The init _ post () function is a function that Linux Kernel transitions from Kernel state to user state after the function completes an initialization operation. At this point, the IoT device has completed the hardware-related initialization operations and is also in kernel mode, able to operate the file system with high-level permissions in kernel mode. When the Linux operating system is started, the IoT equipment is controlled with the highest authority, and necessary time and authority are provided for subsequently controlling the Linux operating system.

Optionally, in this embodiment, when the patch code is executed to modify the boot code of the Linux kernel in the memory of the IoT device, so as to add the target account with root permission in the IoT device, the target configuration file in the IoT device is modified to start the remote control program in the IoT device, where the remote control program is configured to allow the IoT device to log in using the target account with root permission when being called.

After the Linux starting process is hijacked, the IoT equipment can increase a target account with root authority in a kernel mode through dynamically inserting a control code, and meanwhile, a remote control program can be started. For example, a new user with root rights may be added by modifying the user authentication file (e.g.,/etc/password and/etc/shadow); rc file can be modified to start remote control program.

The remote login program can be started in other modes, and remote login programs of other manufacturers and even custom programs can be installed to realize the function of remote control.

Optionally, in this embodiment, after the boot code of the Linux kernel in the memory of the IoT device is modified by running the patch code to add the target account with the root authority in the IoT device, the IoT device is allowed to log in using the target account with the root authority through the started remote control program in the IoT device.

After a target account with root authority is added and a remote control program is started, a user can log in Linux with the root authority by using a newly added user name and a password, and the whole process of obtaining the root authority is completed.

After obtaining the target account with root authority, the user may use the target account to execute the target service with root authority, where the target service may include but is not limited to: target detection tasks (e.g., security assessment of IoT devices and vulnerability mining detection, etc. traffic). The target detection tasks may include, but are not limited to: and detecting items such as process detection, network detection, sensitive file detection and the like.

After the target detection service is executed, the detection result and the corresponding IoT device information may be sorted, and a detection report of the IoT device is output. Since the user can operate the IoT device with the highest authority and obtain more system operation information from the inside of the device, more effective information can be obtained than by using the ordinary authority when the IoT device is used for services such as security assessment and vulnerability discovery detection.

The detection report may be output in a variety of ways. For example, the IoT device may transmit the detection result to the PC device after completing the target detection service, and the PC device sorts the detection result and the corresponding IoT device information and outputs a detection report of the IoT device. For another example, after the target detection service is completed, the IoT device may sort the detection result and the corresponding IoT device information, generate a detection report of the IoT device, and transmit the generated detection report to the PC device.

By the embodiment, a target BootLoader program is downloaded to the memory of the IoT equipment, wherein the target BootLoader program comprises a patch code; starting a target BootLoader program in a memory of the IoT equipment; the boot code of the Linux kernel in the internal memory of the IoT equipment is modified by running the patch code, so that the target account with root authority is added in the IoT equipment, thereby reducing resource consumption and improving the success rate of authority acquisition.

As an optional embodiment, modifying the boot code of the Linux kernel in the memory of the IoT device by running the patch code to add the target account with root rights in the IoT device includes:

s1, modifying the start code of the Linux kernel in the internal memory of the IoT device by running the patch code, so that the account authentication file in the IoT device is in a state of being allowed to be modified;

and S2, adding a target account with root authority in the account authentication file.

According to the embodiment, the boot code of the Linux kernel in the internal memory of the IoT device is modified by running the patch code, so that the account authentication file in the IoT device is in a state of being allowed to be modified, and therefore the target account with root authority can be added to the account authentication file, and the success rate of account addition is increased.

As an optional embodiment, when the boot code of the Linux kernel in the memory of the IoT device is modified by running the patch code to add the target account with root authority in the IoT device, the method further includes:

and S1, modifying the target configuration file in the IoT device to start a remote control program in the IoT device, wherein the remote control program is used for allowing the IoT device to log in by using the target account with root authority when being called.

Through the embodiment, the target configuration file in the IoT device is modified to start the remote control program in the IoT device, so that the IoT device can be logged in by using the target account with root authority when the remote control program is called, and the IoT device is remotely controlled.

As an optional embodiment, before downloading the target BootLoader program into the memory of the IoT device, the method further includes:

s1, displaying a BootLoader control interface after the IoT equipment is started;

and S2, storing the original BootLoader program corresponding to the target BootLoader program on the target equipment through the first target command in the BootLoader control interface.

According to the embodiment, the original BootLoader program corresponding to the target BootLoader program is stored on the target device through the first target command in the BootLoader control interface, so that the original BootLoader program can be processed through the target device, and the target BootLoader program is obtained.

Optionally, after saving the original BootLoader program corresponding to the target BootLoader program on the target device through the first target command, the method further includes:

and S1, receiving a target BootLoader program transmitted by the target device, wherein the target BootLoader program is generated by adding patch codes in the original BootLoader program, and the patch codes are used for running after decompressing a Linux kernel of the IoT device and before transferring the control right to the Linux kernel so as to modify the boot codes of the Linux kernel in the internal memory of the IoT device.

According to the method and the device for processing the file system, the target BootLoader program generated by adding the patch code in the original BootLoader program and transmitted by the target device is received, the patch code is used for running after decompressing the Linux kernel of the IoT device and before transferring the control right to the Linux kernel, and the file system can be operated in the kernel-state high-level right.

Optionally, after displaying the BootLoader control interface after the IoT device is booted, the method further includes:

s1, in the BootLoader control interface, obtaining target information of the IoT device through the second target command, where the target information includes at least one of the following: CPU information, memory information and version number of Linux system running on the IoT equipment of the IoT equipment;

and S2, transmitting the target information to the target device.

According to the embodiment, the target information of the IoT equipment is obtained, and the obtained target information is transmitted to the target equipment, so that the target equipment can perform decompiling operation on the original BootLoader according to the target information, and the success rate of obtaining the original code is improved.

As an optional embodiment, after modifying the boot code of the Linux kernel in the memory of the IoT device by running the patch code to add the target account with root authority in the IoT device, the method further includes:

and allowing the IoT device to log in by using the target account with root authority through the opened remote control program in the IoT device.

Through the embodiment, the opened remote control program is used for allowing the user to log in the IoT device by using the target account with the root authority, and the added target account with the root authority can be used for logging in the IoT device so as to execute the target service on the IoT device.

According to another aspect of the embodiment of the present invention, a method for acquiring rights of an IoT device is also provided. As shown in fig. 3, the method for acquiring rights of an IoT device may include:

s302, acquiring an original BootLoader program of the IoT equipment;

s304, adding a patch code in the original BootLoader program to generate a target BootLoader program, wherein the patch code is used for modifying a start code of a Linux kernel in a memory of the IoT equipment so as to add a target account with root authority in the IoT equipment;

s306, transmitting the target BootLoader program to a memory of the IoT device, so as to execute the patch code when the target BootLoader program is started.

In the related art, the root authority of the IoT device is generally obtained in a password cracking manner, a privilege escalation manner using a bug, or a privilege escalation manner using firmware upgrade. By adopting the method, the resource consumption for acquiring the authority is overlarge, and the success rate of acquiring the authority is low. In the application, an original BootLoader program of an IoT device is obtained; adding a patch code in the original BootLoader program to generate a target BootLoader program, wherein the patch code is used for modifying a start code of a Linux kernel in a memory of the IoT device so as to add a target account with root authority in the IoT device; the target BootLoader program is transmitted to the memory of the IoT equipment, so that the purpose of obtaining the root authority is achieved by running the patch code when the target BootLoader program is started, the technical effects of reducing resource consumption and improving the authority obtaining success rate are achieved, and the technical problems that the authority obtaining mode in the related technology is overlarge in resource consumption and low in obtaining success rate are solved.

Optionally, the IoT device may be connected to the PC device before the original BootLoader program of the IoT device is acquired.

Optionally, in this embodiment, adding a patch code to the original BootLoader program to generate the target BootLoader program includes: obtaining target information of an IoT device, wherein the target information comprises at least one of the following: CPU information, memory information and version number of Linux system running on the IoT equipment of the IoT equipment; performing decompiling operation on the original BootLoader program according to the target information to obtain an original code; finding a target address in the original code, wherein the code located at the target address is set to run after decompressing a Linux kernel of the IoT device and before transferring control to the Linux kernel; and inserting the patch code into a target address in the original code to obtain a code of a target BootLoader program.

To enable execution of object code (e.g., custom code) in BootLoader, the original BootLoader may be patched. After obtaining the original BootLoader, the PC device may make a target BootLoader (new version BootLoader) by: firstly, generating a corresponding patch (patch code, binary system) according to the obtained original BootLoader; then, the patch is applied to the original BootLoader to generate a target BootLoader. The patch can be operated after decompressing the Linux kernel and before the BootLoader transfers the control right to the Linux kernel, so that the start process of the Linux kernel is hijacked with the highest right.

For a plurality of CPU platforms, a C + inline assembly mode can be used to support the plurality of CPU platforms. And inserting the target code into the target address by utilizing an inlinehook technology to obtain a binary patch file.

Optionally, in this embodiment, after the target BootLoader program is transmitted to the memory of the IoT device, the IoT device is logged in using the target account with root rights through the started remote control program in the IoT device.

After the target detection service is executed, a detection report sent by the IoT device may be received, where the detection report is obtained by sorting the detection result and the corresponding IoT device information.

According to the embodiment, the original BootLoader program of the IoT equipment is obtained; adding a patch code in the original BootLoader program to generate a target BootLoader program, wherein the patch code is used for modifying a start code of a Linux kernel in a memory of the IoT device so as to add a target account with root authority in the IoT device; the target BootLoader program is transmitted to the internal memory of the IoT equipment, so that the target account with root authority can be added in the IoT equipment by running the patch code when the target BootLoader program is started, thereby reducing resource consumption and improving the success rate of authority acquisition.

As an optional implementation, adding a patch code to the original BootLoader program to generate the target BootLoader program includes:

s1, obtaining target information of the IoT device, wherein the target information includes at least one of: CPU information, memory information and version number of Linux system running on the IoT equipment of the IoT equipment;

s2, performing decompiling operation on the original BootLoader program according to the target information to obtain an original code;

s3, finding a target address in the original code, wherein the code on the target address is set to run after decompressing the Linux kernel of the IoT device and before transferring the control to the Linux kernel;

and S4, inserting the patch code into the target address in the original code to obtain the code of the target BootLoader program.

According to the embodiment, the target information of the IoT equipment is obtained, the original BootLoader is subjected to decompiling operation according to the target information to obtain the original code, and the patch code is inserted into the target address of the original code to obtain the code of the target BootLoader program, so that the success rate of obtaining the original code and the generation efficiency of the target BootLoader program can be improved.

As an optional embodiment, after the target BootLoader program is transmitted to the memory of the IoT device, the method further includes:

and S1, logging in the IoT device by using the target account with root authority through the started remote control program in the IoT device.

Through the embodiment, the opened remote control program logs in the IoT device by using the target account with the root authority, and the added target account with the root authority can log in the IoT device so as to execute the target service on the IoT device.

The following describes the rights acquisition method of the IoT device with reference to a specific example. The permission acquisition method of the IoT device in this example may be applied to an IoT device vulnerability detection product. By the method, the detector can remotely log in the IoT equipment with root authority, and more operation information and system security holes can be effectively output. For example, after the root authority is obtained, tasks such as process scanning, network scanning, key file scanning and the like can be executed on the IoT device, and the IoT device is not limited by Linux processes and file authorities.

As shown in fig. 4, the method for acquiring rights of an IoT device includes: information collection, starting process hijacking and safety monitoring, wherein,

1) the information collection comprises the following steps:

and the connection device is used for connecting the IoT device to the PC device in a manner shown in FIG. 5.

Collecting information, wherein the IoT equipment collects target information of the IoT equipment;

making a new version BootLoader, and extracting an original boot file (original BootLoader) by PC equipment; generating a corresponding patch file according to the target information; obtaining a self-defined boot file (target BootLoader) by using the patch file;

and dynamically updating the BootLoader, and downloading the obtained new version BootLoader into an internal memory of the IoT equipment so as to use the new version BootLoader to warm and restart the IoT equipment.

2) The starting process hijacking comprises the following steps:

decompressing a linux kernel;

hijacking the starting process of the linux kernel;

transferring control right to dynamically insert control codes;

initializing a linux kernel;

modifying a file system, adding a user with root authority through a dynamically inserted control code, and simultaneously starting a remote control program;

and (4) performing root authority login, wherein linux can be logged in by using a newly added user name and password with the root authority through an opened remote control program.

3) The safety monitoring comprises the following steps:

turn on security detection including but not limited to: process detection, network detection and sensitive file detection;

and generating a detection report, sorting the detection result and the corresponding IoT equipment information, and outputting a part of the detection report of the IoT equipment.

With the example, the user can perform deeper control on the IoT device due to the root authority. For example, in services such as security assessment and vulnerability mining detection of the IoT device, the IoT device with root authority can bypass authority control of a native system, comprehensively detect processes, networks and file systems, discover more security threat information, and further repair more security vulnerabilities, so that the IoT device is safer and more reliable.

It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.

Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.

According to another aspect of the embodiments of the present invention, there is also provided an authority acquiring apparatus of an IoT device, as shown in fig. 6, the authority acquiring apparatus of an IoT device includes:

(1) a downloading unit 602, configured to download a target BootLoader program into an internal memory of an IoT device, where the target BootLoader program includes a patch code;

(2) a starting unit 604, configured to start a target BootLoader program in a memory of the IoT device;

(3) a modifying unit 606, configured to modify a boot code of a Linux kernel in an internal memory of the IoT device by running the patch code, so as to add a target account with root rights in the IoT device.

Optionally, the permission obtaining apparatus of the IoT device may be applied to, but is not limited to: permission acquisition of an IoT device of a linux operating system. For example unix systems, Windows and other proprietary systems.

Optionally, in this embodiment, before downloading the target BootLoader program into the memory of the IoT device, the BootLoader control interface is displayed after the IoT device is started; in a BootLoader control interface, an original BootLoader program corresponding to a target BootLoader program is stored on target equipment through a first target command.

After the IoT equipment is connected with the PC equipment, when the IoT equipment is started, serial port communication software is used for pressing any key on the IoT equipment to enter a control interface of BootLoader.

Optionally, in this embodiment, after the BootLoader control interface is displayed, in the BootLoader control interface, target information of the IoT device is obtained through a second target command, where the target information includes at least one of the following: CPU information, memory information and version number of Linux system running on the IoT equipment of the IoT equipment; and transmitting the target information to the target device.

The IoT device may obtain environment variable information using a second target command (e.g., printenv) provided by BootLoader, and obtain target information of the corresponding IoT device from the obtained environment variables, where the obtained target information may include, but is not limited to: CPU information, memory information (memory size), version number of the Linux system running on the IoT device, and the like.

The BootLoader can be saved to the PC device by the first target command as an original version of the BootLoader. The first target command may be: md (memory display) command. The PC equipment can also obtain the original BootLoader by directly reading the flash memory chip in a hardware mode.

The corresponding binary patch file may be generated by: firstly, according to the obtained target information, performing decompiling operation on an original BootLoader by using a decompiling tool (such as IDA) and configuration (such as ARM, MIPS, 32 bits or 64 bits and the like) to obtain an original code; secondly, according to the target opportunity, the target address of the inserted target code is found. The target time is the time for running the target code, the target time is after decompressing the Linux kernel, and before the BootLoader transfers the control right to the Linux kernel, and the specific function can be bootm _ decomp _ image (); and finally, compiling the target code into a binary code according to a platform operated by the corresponding IoT equipment, and inserting the compiled binary code into a target address to obtain a binary patch file.

Bootloaders of an IoT device may be dynamically updated by: the IoT device downloads the generated target BootLoader into the memory of the IoT device through a third target command (e.g., tftp command) provided by BootLoader itself.

After the BootLoader update is completed, the IoT device may perform a warm reboot using the target BootLoader using the fourth target command.

When the instruction in the target BootLoader runs to the patch area, the program logic in the patch modifies the boot code of the Linux kernel in the memory, hijacks the Linux boot process, and dynamically inserts the control code.

The program logic of the file system can be modified, and related functions are hijacked when the Linux is started. The hijacked function may be an init _ post () function. The init _ post () function is a function that Linux Kernel transitions from Kernel state to user state after the function completes an initialization operation. At this point, the IoT device has completed the hardware-related initialization operations and is also in kernel mode, able to operate the file system with high-level permissions in kernel mode.

After the Linux starting process is hijacked, a target account with root authority can be added in a kernel mode by dynamically inserting a control code, and a remote control program can be started. For example, a new user with root rights may be added by modifying the user authentication file (e.g.,/etc/password and/etc/shadow); rc file can be modified to start remote control program.

After the target detection service is executed, the detection result and the corresponding IoT device information may be sorted, and a detection report of the IoT device is output.

As an alternative embodiment, the modifying unit 606 includes:

(1) a modification module, configured to modify the boot code of the Linux kernel in the memory of the IoT device by running the patch code, so that an account authentication file in the IoT device is in a state that is allowed to be modified;

(2) and the adding module is used for adding the target account with the root authority in the account authentication file.

According to the embodiment, the boot code of the Linux kernel in the internal memory of the IoT device is modified by running the patch code, so that the account authentication file in the IoT device is in a state of being allowed to be modified, and thus the target account with root authority can be added in the account authentication file, and the success rate of account addition is increased.

As an alternative embodiment, the modifying unit 606 is further configured to:

when the patch code is operated to modify the boot code of the Linux kernel in the memory of the IoT device so as to add the target account with the root authority in the IoT device, the target configuration file in the IoT device is modified so as to start the remote control program in the IoT device, wherein the remote control program is used for allowing the target account with the root authority to log in the IoT device when being called.

As an alternative embodiment, the above apparatus further comprises:

(1) the display unit is used for displaying a BootLoader control interface after the IoT equipment is started before the target BootLoader program is downloaded into the memory of the IoT equipment;

(2) and the storage unit is used for storing the original BootLoader program corresponding to the target BootLoader program on the target equipment through a first target command in the BootLoader control interface.

According to the embodiment, the original BootLoader program corresponding to the target BootLoader program is stored on the target device through the first target command in the BootLoader control interface, and the original BootLoader program can be processed through the target device to obtain the target BootLoader program.

Optionally, the apparatus further comprises:

(1) the device comprises a receiving unit and a processing unit, wherein the receiving unit is used for receiving a target BootLoader program transmitted by a target device after an original BootLoader program corresponding to the target BootLoader program is stored on the target device through a first target command, the target BootLoader program is generated by adding a patch code in the original BootLoader program, and the patch code is used for running after a Linux kernel of an IoT device is decompressed and before control is transferred to the Linux kernel so as to modify a start code of the Linux kernel in an internal memory of the IoT device.

Optionally, the apparatus further comprises:

(1) the obtaining unit is configured to obtain target information of the IoT device through a second target command in the BootLoader control interface after the BootLoader control interface is displayed, where the target information includes at least one of the following: CPU information, memory information and version number of Linux system running on the IoT equipment of the IoT equipment;

(2) and the transmission unit is used for transmitting the target information to the target equipment.

As an alternative embodiment, the above apparatus further comprises:

and the allowing unit is used for allowing the IoT equipment to log in by using the target account with the root authority through the started remote control program in the IoT equipment after the boot code of the Linux kernel in the internal memory of the IoT equipment is modified by running the patch code so as to increase the target account with the root authority in the IoT equipment.

According to another aspect of the embodiment of the present invention, an apparatus for acquiring rights of an IoT device is also provided. As shown in fig. 7, the permission obtaining apparatus of the IoT device may include:

(1) an obtaining unit 702, configured to obtain an original BootLoader program of an IoT device;

(2) a generating unit 704, configured to add a patch code in the original BootLoader program to generate a target BootLoader program, where the patch code is used to modify a boot code of a Linux kernel in an internal memory of an IoT device, so as to add a target account with root rights in the IoT device;

(3) a transmitting unit 706, configured to transmit the target BootLoader program to a memory of the IoT device, so as to execute the patch code when the target BootLoader program is started.

For a plurality of CPU platforms, a C + inline assembly mode can be used to support a plurality of CPU platforms. And inserting the custom code into the target address by utilizing an inlinehook technology to obtain a binary patch file.

After obtaining the target account with root authority added, the user may use the target account to execute the target service with root authority, where the target service may include but is not limited to: target detection tasks (e.g., security assessment of IoT devices and vulnerability mining detection, etc. traffic). The target detection tasks may include, but are not limited to: and detecting items such as process detection, network detection, sensitive file detection and the like.

As an alternative embodiment, the generating unit 704 includes:

(1) an obtaining module, configured to obtain target information of an IoT device, where the target information includes at least one of: CPU information, memory information and version number of Linux system running on the IoT equipment of the IoT equipment;

(2) the decompiling module is used for carrying out decompiling operation on the original BootLoader program according to the target information to obtain an original code;

(3) the searching module is used for searching a target address in the original code, wherein the code positioned on the target address is set to run after decompressing a Linux kernel of the IoT equipment and before transferring the control right to the Linux kernel;

(4) and the inserting module is used for inserting the patch code into the target address in the original code to obtain the code of the target BootLoader program.

As an alternative embodiment, the above apparatus further comprises:

and the login unit is used for logging in the IoT device by using the target account with root authority through the started remote control program in the IoT device after the target BootLoader program is transmitted to the memory of the IoT device.

According to a further aspect of embodiments of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above-mentioned method embodiments when executed.

Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:

s1, downloading a target BootLoader program to an internal memory of the IoT equipment, wherein the target BootLoader program comprises a patch code;

s2, starting a target BootLoader program in the memory of the IoT equipment;

and S3, modifying the start code of the Linux kernel in the internal memory of the IoT device by running the patch code so as to add the target account with root authority in the IoT device.

and S2, transmitting the target information to the target device.

and S1, allowing the IoT device to log in by using the target account with root authority through the opened remote control program in the IoT device.

s1, acquiring an original BootLoader program of the IoT equipment;

s2, adding a patch code in the original BootLoader program to generate a target BootLoader program, wherein the patch code is used for modifying a start code of a Linux kernel in a memory of the IoT equipment so as to add a target account with root authority in the IoT equipment;

s3, transmitting the target BootLoader program to a memory of the IoT device, so as to execute the patch code when the target BootLoader program is started.

s4, inserting the patch code into the target address in the original code to obtain the code of the target BootLoader program.

Alternatively, in this embodiment, a person skilled in the art may understand that all or part of the steps in the methods of the foregoing embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.

According to another aspect of the embodiment of the present invention, there is also provided an electronic apparatus for implementing the method for acquiring rights of an IoT device, as shown in fig. 8, the electronic apparatus includes: processor 802, memory 804, display 806, transmission 808, connection 810, and the like. The memory has stored therein a computer program, and the processor is arranged to execute the steps of any of the above method embodiments by means of the computer program.

Optionally, in this embodiment, the electronic apparatus may be located in at least one network device of a plurality of network devices of a computer network.

Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:

s2, starting a target BootLoader program in the memory of the IoT equipment;

s1, acquiring an original BootLoader program of the IoT equipment;

Alternatively, it can be understood by those skilled in the art that the structure shown in fig. 8 is only an illustration, and the electronic device may also be an IoT device, a PC, a palmtop computer, a Mobile Internet Device (MID), a PAD, or other terminal Devices. Fig. 8 is a diagram illustrating a structure of the electronic device. For example, the electronic device may also include more or fewer components (e.g., network interfaces, etc.) than shown in FIG. 8, or have a different configuration than shown in FIG. 8.

The memory 804 may be used to store software programs and modules, such as program instructions/modules corresponding to the method and apparatus for acquiring permission of an IoT device in the embodiment of the present invention, and the processor 802 executes various functional applications and data processing by running the software programs and modules stored in the memory 804, that is, implements the method for acquiring permission of an IoT device.

The transmission device 808 is used for receiving or transmitting data via a network or a communication line. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 808 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices so as to communicate with the internet or a local area Network. In one example, the transmitting device 808 is a UART communication port and a UART communication line.

The display 806 is used to display a BootLoader control interface (IoT device) or a remote control interface (PC device).

The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.

The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be substantially or partially implemented in the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, and including instructions for causing one or more computer devices (which may be personal computers, servers, or network devices) to execute all or part of the steps of the method according to the embodiments of the present invention.

In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, a division of a unit is merely a division of a logic function, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.

Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The foregoing is only a preferred embodiment of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.

Claims

1. An authority acquisition method for an IoT (Internet of things) device is characterized by comprising the following steps:

downloading a target BootLoader program into an internal memory of an IoT device, wherein the target BootLoader program comprises a patch code;

starting the target BootLoader program in the memory of the IoT equipment;

modifying a start code of a Linux kernel in a memory of the IoT device by running the patch code to add a target account with root authority in the IoT device, specifically comprising: modifying the boot code of the Linux kernel in the memory of the IoT device by running the patch code after decompressing the Linux kernel of the IoT device and before transferring control to the Linux kernel, so that an account authentication file in the IoT device is in a state that is allowed to be modified; and adding the target account with root authority in the account authentication file.

2. The method according to claim 1, wherein when the boot code of the Linux kernel in the memory of the IoT device is modified by running the patch code to add the target account number with root authority in the IoT device, the method further comprises:

modifying a target configuration file in the IoT device to start a remote control program in the IoT device, wherein the remote control program is used for allowing the IoT device to log in by using the target account number with root authority when being called.

3. The method of claim 1, wherein before downloading the target BootLoader program into the memory of the IoT device, the method further comprises:

displaying a BootLoader control interface after the IoT device is started;

in the BootLoader control interface, storing an original BootLoader program corresponding to the target BootLoader program on target equipment through a first target command, wherein the target equipment is used for obtaining the original BootLoader program and then outputting the target BootLoader program.

4. The method according to claim 3, wherein after saving the original BootLoader program corresponding to the target BootLoader program on the target device by the first target command, the method further comprises:

receiving the target BootLoader program transmitted by the target device, wherein the target BootLoader program is generated by adding the patch code in the original BootLoader program, and the patch code is used for running after decompressing a Linux kernel of the IoT device and before transferring control to the Linux kernel so as to modify a start code of the Linux kernel in an internal memory of the IoT device.

5. The method of claim 3, wherein after displaying the BootLoader control interface after the IoT device boots, the method further comprises:

in the BootLoader control interface, obtaining target information of the IoT device through a second target command, where the target information includes at least one of: CPU information and memory information of the IoT equipment, and the version number of a Linux system running on the IoT equipment;

transmitting the target information to the target device.

6. The method according to any of claims 1 to 5, wherein after the boot code of the Linux kernel in the memory of the IoT device is modified by running the patch code to add the target account number with root rights in the IoT device, the method further comprises:

allowing the IoT device to log in by using the target account with root authority through the opened remote control program in the IoT device.

7. An authority acquisition method for an IoT (Internet of things) device is characterized by comprising the following steps:

acquiring an original BootLoader program of an IoT device;

adding a patch code in the original BootLoader program to generate a target BootLoader program, wherein the patch code is used for operating after decompressing a Linux kernel of the IoT device and before transferring the control right to the Linux kernel, and modifying a boot code of the Linux kernel in a memory of the IoT device, so that an account authentication file in the IoT device is in a state of being allowed to be modified, and a target account with root authority is added in the account authentication file;

and transmitting the target BootLoader program to a memory of the IoT equipment so as to run the patch code when the target BootLoader program is started.

8. The method according to claim 7, wherein adding the patch code in the original BootLoader program to generate the target BootLoader program comprises:

obtaining target information of the IoT device, wherein the target information comprises at least one of: CPU information and memory information of the IoT equipment, and the version number of a Linux system running on the IoT equipment;

according to the target information, performing decompiling operation on the original BootLoader program to obtain an original code;

finding a target address in the original code, wherein the code located at the target address is set to run after decompressing a Linux kernel of the IoT device and before transferring control to the Linux kernel;

and inserting the patch code into the target address in the original code to obtain a code of the target BootLoader program.

9. The method according to claim 7 or 8, wherein after transmitting the target BootLoader program into the memory of the IoT device, the method further comprises:

logging in the IoT device by using the target account with root authority through the opened remote control program in the IoT device.

10. An authority acquisition device of an IoT (Internet of things) device, comprising:

the device comprises a downloading unit, a processing unit and a processing unit, wherein the downloading unit is used for downloading a target BootLoader program into an internal memory of the IoT equipment, and the target BootLoader program comprises a patch code;

a starting unit, configured to start the target BootLoader program in the memory of the IoT device;

the modifying unit is used for modifying the starting code of the Linux kernel in the internal memory of the IoT equipment by running the patch code so as to increase a target account with root authority in the IoT equipment;

the modification unit includes: a modification module, configured to modify the boot code of the Linux kernel in the memory of the IoT device by running the patch code after decompressing the Linux kernel of the IoT device and before transferring control to the Linux kernel, so that an account authentication file in the IoT device is in a state that is allowed to be modified; and the adding module is used for adding the target account with the root authority in the account authentication file.

11. An authority acquisition device of an IoT (Internet of things) device, comprising:

the acquisition unit is used for acquiring an original BootLoader program of the IoT equipment;

a generating unit, configured to add a patch code to the original BootLoader program to generate a target BootLoader program, where the patch code is used to modify a boot code of a Linux kernel in a memory of the IoT device after decompressing the Linux kernel of the IoT device and before transferring a control right to the Linux kernel, so that an account authentication file in the IoT device is in a state that the account authentication file is allowed to be modified, and a target account with root permission is added to the account authentication file;

a transmission unit, configured to transmit the target BootLoader program to a memory of the IoT device, so as to run the patch code when the target BootLoader program is started.

12. A storage medium having a computer program stored thereon, wherein the computer program is arranged to perform the method of any of claims 1 to 6 or 7 to 9 when executed.

13. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the method of any of claims 1 to 6 or 7 to 9 by means of the computer program.