CN112134861A - Attack and defense drilling equipment - Google Patents

Attack and defense drilling equipment Download PDF

Info

Publication number
CN112134861A
CN112134861A CN202010952392.7A CN202010952392A CN112134861A CN 112134861 A CN112134861 A CN 112134861A CN 202010952392 A CN202010952392 A CN 202010952392A CN 112134861 A CN112134861 A CN 112134861A
Authority
CN
China
Prior art keywords
module
capability
attack
interface
assessment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010952392.7A
Other languages
Chinese (zh)
Other versions
CN112134861B (en
Inventor
丁莹
赵康
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Anheng Information Security Technology Co Ltd
Original Assignee
Hangzhou Anheng Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Anheng Information Security Technology Co Ltd filed Critical Hangzhou Anheng Information Security Technology Co Ltd
Priority to CN202010952392.7A priority Critical patent/CN112134861B/en
Publication of CN112134861A publication Critical patent/CN112134861A/en
Application granted granted Critical
Publication of CN112134861B publication Critical patent/CN112134861B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Debugging And Monitoring (AREA)
  • Stored Programmes (AREA)

Abstract

The application relates to an offence and defense drilling equipment, include: the device comprises a printed circuit board, a processor module, a storage module and a function module, wherein the processor module, the storage module and the function module are arranged on the printed circuit board and are electrically connected with each other; firmware is burned in the storage module and/or the processor module, a precompiled operating system file carrying CTF assessment items and answers is stored in the firmware, and the storage module comprises at least one of the following components: an EMMC memory, a TF memory and a Flash memory; the processor module is used for running precompiled operating system files so as to provide an attack and defense drilling environment; the functional module is electrically connected to the processor module, and the functional module includes at least one of: the device comprises a wireless communication module, a positioning module, a sensor module, a multimedia module and a motor module. Through the application, the problem that the controllability of the attacking and defending drilling environment is low in the related technology is solved, and the controllability of the attacking and defending drilling environment is improved.

Description

Attack and defense drilling equipment
Technical Field
The application relates to the technical field of Internet of things, in particular to attacking and defending exercise equipment.
Background
CTF (Capture The Flag, computer security race): the method refers to a competition for technical competition among security personnel in the field of network security. In on-line lottery games, teams need to use safety-related theoretical knowledge and techniques to solve the problem and obtain a string called Flag to submit, so as to obtain scores.
Vulnerability: refers to a defect in the hardware, software, specific implementation of a protocol, or system security policy, such that an attacker can access or destroy the system without authorization.
Right-offering: in a certain system, the act of a low-rights user acquiring a high-rights of the system is called a right-lift.
And (4) a privilege escalation vulnerability: in a certain system, a vulnerability that results in a behavior that a low-authority user can acquire a high authority of the system is called a local privilege elevation vulnerability.
And (3) horizontal permission loopholes: in a certain system, it is assumed that a user a and a user B belong to the same role and have the same authority, and they can obtain their own private data (data a and data B), but if the system only verifies the role of being able to access the data, and does not subdivide or verify the data, resulting in the data (data B) being accessible to the user a, the vulnerability of the behavior of the user a accessing the data B is a horizontal authority vulnerability.
At present, the attack and defense drill in the field of the Internet of things is carried out by providing on-line equipment of the existing brand or building a simulator. The disadvantage is that some devices, such as remote control intelligent devices, robots and household appliances, of existing brands are used, and some devices do not have universality of attack and defense practice, so that the attack area is limited, legal risks exist, and once a problem is found, the problem may not be allowed to be disclosed, so that the level of a contestant cannot be effectively judged, and the operation capability and the safety and technical capability of the contestant cannot be comprehensively evaluated. The mode of building the simulator lacks an actual operation environment, a bottleneck of memory mapping address analysis exists, local functions of equipment are unavailable, compatibility and stability are poor, and the problem range and the problem depth of the attack and defense drilling game are limited.
The prior patent (application No. 201911146845.0) provides a portable safety shooting range device for industrial control network and a method thereof, which comprises industrial control equipment integrated in a portable box body; the industrial control equipment comprises a monitoring layer, a control layer and an equipment layer. The volume of the portable box body is less than 0.05 cubic meter. The equipment layer comprises a controlled object; the control layer comprises a PLC; the monitoring layer comprises an HMI and an industrial switch; HMI, industry switch, PLC and controlled object are connected in proper order.
The above patent is mainly used for solving the problem of test equipment in the attack and defense drilling environment, and the whole environment needs a firing ground device, an industrial control switch and an extensible workstation, has a complex structure, is limited by the change of a controlled object and the environment, and has defects in stability and compatibility. In addition, the controlled object is an online product, on one hand, there is legal risk in attacking the online product; on the other hand, for different online products, whether a security vulnerability exists cannot be determined, and the assessment scheme is unreliable.
At present, no effective solution is provided for the problem of low controllability of the attack and defense drilling environment in the related technology.
Disclosure of Invention
The embodiment of the application provides an attack and defense drilling device, which is used for at least solving the problem of low controllability of an attack and defense drilling environment in the related technology.
In a first aspect, an embodiment of the present application provides an attack and defense drilling device, including: the device comprises a printed circuit board, a processor module, a storage module and a function module, wherein the processor module, the storage module and the function module are arranged on the printed circuit board and are electrically connected with each other; firmware is burned in the storage module and/or the processor module, a pre-compiled operating system file carrying CTF assessment items and answers is stored in the firmware, and the storage module comprises at least one of the following: an EMMC memory, a TF memory and a Flash memory; the processor module is used for running the precompiled operating system file so as to provide an attack and defense drilling environment; the functional module is electrically connected to the processor module, and the functional module includes at least one of: the device comprises a wireless communication module, a positioning module, a sensor module, a multimedia module and a motor module.
In some of these embodiments, the combat and practice apparatus further comprises: the power supply comprises an interface module, a power supply management module and a power supply module; wherein the interface module is disposed between the processor module and the function module, and is configured to electrically connect the processor module and the function module, wherein the interface module includes at least one of: the system comprises a wireless communication interface, a positioning interface, a sensor interface, a multimedia interface and a motor interface; the power management module is electrically connected with the processor module, the storage module and the function module respectively and used for managing the power supply voltage of the processor module, the storage module and the function module so as to provide stable running current; the power supply module is electrically connected with the power management module and used for providing power.
In some of these embodiments, the printed circuit board comprises: a first printed circuit board and a second printed circuit board; the processor module, the storage module, the interface module and the power management module are arranged on the first printed circuit board, and the functional module and the power supply module are arranged on the second printed circuit board.
In some of these embodiments, the firmware comprises encrypted firmware; the CTF assessment items comprise at least one of the following items: a hardware analysis capability assessment item, a firmware analysis capability assessment item, a dynamic debugging capability assessment item, a protocol analysis capability assessment item, a signal analysis capability assessment item and a permeability assessment item; the answer includes a Flag string.
In some embodiments, the hardware analysis capability assessment items include at least one of: the device comprises a JTAG interface searching capability checking unit, a TTL interface searching capability checking unit, an OTG interface searching capability checking unit, an Ethernet interface searching capability checking unit, an inter-chip communication analysis level authority capability checking unit, a radio signal analysis capability checking unit, a firmware extraction capability checking unit and a welding basis capability checking unit.
In some embodiments, the firmware analysis capability assessment items include at least one of: the Binwalk tool uses a capability assessment unit and a memory mapping analysis capability assessment unit.
In some of these embodiments, the dynamic debug ability assessment items include at least one of: the system comprises a JTAG port dump firmware capability assessment unit, an operating system right-providing capability assessment unit after accessing a TTL port, a sensitive information acquisition capability assessment unit and an encrypted data decryption capability assessment unit.
In some of these embodiments, the protocol analysis competency assessment items include at least one of: the system comprises a Bluetooth protocol reverse analysis capability assessment unit, a Zigbee protocol reverse analysis capability assessment unit, a WiFi protocol reverse analysis capability assessment unit, an RFID protocol reverse analysis capability assessment unit and an encryption cracking and replay analysis capability assessment unit.
In some embodiments, the signal analysis capability assessment term comprises at least one of: the device comprises a capacity assessment unit for analyzing signals by adopting a logic analyzer and a signal analysis capacity assessment unit.
In some of these embodiments, the permeability assessment term comprises at least one of: the system comprises a conventional vulnerability and 0day mining ability assessment unit, a network permeability assessment unit, a Wireshark software use ability assessment unit, an Ida software reverse use ability assessment unit and a conventional authentication bypass ability assessment unit.
Compared with the prior art, the attack and defense drilling equipment provided by the embodiment of the application has the advantages that the processor module, the storage module and the function module are arranged on the printed circuit board through the printed circuit board, and the processor module, the storage module and the function module are electrically connected with each other; firmware is burned in the storage module and/or the processor module, a precompiled operating system file carrying CTF assessment items and answers is stored in the firmware, and the storage module comprises at least one of the following components: an EMMC memory, a TF memory and a Flash memory; the processor module is used for running precompiled operating system files so as to provide an attack and defense drilling environment; the functional module is electrically connected to the processor module, and the functional module includes at least one of: the wireless communication module, the positioning module, the sensor module, the multimedia module and the motor module solve the problem of low controllability of the attack and defense drilling environment in the related technology and improve the controllability of the attack and defense drilling environment.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic structural diagram of an attack and defense practicing device according to an embodiment of the present application;
FIG. 2 is a schematic structural diagram of an attack and defense exercise device according to a preferred embodiment of the present application;
fig. 3 is a block diagram of an expansion board of a portable IoT attack and defense drilling device according to an embodiment of the present application;
fig. 4 is a flow chart of the use of a portable IoT attack and defense drilling device according to an embodiment of the present application.
Description of the drawings:
100. a printed circuit board; 101. a processor module; 102. a storage module; 103. a functional module; 104. an interface module; 105. a power management module; 106. a power supply module; 107. a first printed circuit board; 108. a second printed circuit board.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any creative effort belong to the protection scope of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
The embodiment provides an attack and defense drilling device. Fig. 1 is a schematic structural diagram of an attack and defense practicing device according to an embodiment of the present application, and as shown in fig. 1, the device includes:
the printed circuit board 100 is provided with a processor module 101, a memory module 102 and a function module 103, wherein the processor module 101, the memory module 102 and the function module 103 are electrically connected with each other. Firmware is burned in the storage module 102 and/or the processor module 101, a precompiled operating system file carrying the CTF assessment items and answers is stored in the firmware, and the storage module 102 includes at least one of the following: an EMMC (Embedded Multi Media Card, Embedded multimedia controller) memory, a TF (Trans Flash) memory and a Flash memory; the processor module 101 is configured to run precompiled operating system files to provide an attack and defense drilling environment; the functional module 103 is electrically connected to the processor module 101, the functional module 103 comprising at least one of: the device comprises a wireless communication module, a positioning module, a sensor module, a multimedia module and a motor module.
The attack and defense drilling equipment provided by the embodiment abandons an online product as a controlled object, stores an attack and defense drilling environment by burning a precompiled operating system file carrying a CTF examination item and an answer into the storage module 102, and provides an attack and defense drilling environment by operating the precompiled operating system file through the processor module 101. And the storage module 102 can repeatedly burn and compile the operating system file, so that the attack and defense drilling equipment can conveniently configure the CTF assessment items and answers.
Compared with the related technology, by presetting the vulnerability in the precompiled operating system file, the real existence of the vulnerability can be determined, the reliability of the drilling environment is ensured, and the scope and the difficulty degree of the attack and defense drilling content can be controlled by modifying the vulnerability in the precompiled operating system file. Through the attack and defense drilling equipment of this embodiment, the problem that the controllability of the attack and defense drilling environment is low in the correlation technique is solved, and the controllability of the attack and defense drilling environment is improved.
In addition, on one hand, the attacking and defending practicing device of the embodiment is light and handy in size, convenient to carry and easy to maintain; on the other hand, the attack and defense drilling equipment belongs to tested equipment, and the assessment items are all preset in the attack and defense drilling equipment, so that the attack and defense drilling equipment is not limited by the loopholes of online products, and legal risks cannot be generated in the using process.
Referring to fig. 1, in some of these embodiments, the offensive and defensive exercise device further includes: an interface module 104, a power management module 105, and a power supply module 106; wherein, the interface module 104 is disposed between the processor module 101 and the function module 103, and is used for electrically connecting the processor module 101 and the function module 103, wherein the interface module 104 includes at least one of the following: the system comprises a wireless communication interface, a positioning interface, a sensor interface, a multimedia interface and a motor interface; the power management module 105 is electrically connected with the processor module 101, the storage module and the function module 103 respectively, and is used for managing the power supply voltage of the processor module 101, the storage module and the function module 103 so as to provide stable running current; the power supply module 106 is electrically connected to the power management module 105 for providing power.
In this embodiment, the attribute of the function module 103 itself may be regarded as a certain bug, and by providing the function module 103, the analysis ability of the contestant on the communication protocol between the processor module 101 and the function module 103 can be examined.
The wireless communication module includes, but is not limited to, a 4G (the 4th generation mobile communication technology, fourth generation mobile communication technology) module, an ethernet module, a Wi-Fi (wireless broadband) module, a bluetooth module, a Zigbee (Zigbee technology) module, and an RFID (radio frequency identification) module; the Positioning module includes, but is not limited to, a GPS (Global Positioning System) module; the sensor module comprises but is not limited to an infrared transceiving module temperature control module and a gravity sensing module; the multimedia module includes but is not limited to an audio module and a video module; the motor module comprises but is not limited to a linear motor module and a steering engine module;
in some of these embodiments, the wireless communication interface includes, but is not limited to, a 4G (the 4th generation mobile communication technology, fourth generation mobile communication technology) interface, an ethernet interface, a WiFi (wireless broadband) interface, a bluetooth interface, a Zigbee (Zigbee technology) interface, an RFID (radio frequency identification) interface; the Positioning interface includes, but is not limited to, a GPS (Global Positioning System) interface; the sensor interface comprises but is not limited to an infrared transceiving interface temperature control interface and a gravity sensing interface; multimedia interfaces include, but are not limited to, audio interfaces, video interfaces; the electromechanical interfaces include, but are not limited to, linear motor interfaces, steering engine interfaces.
The form of the interface module 104 includes, but is not limited to: serial port, USB interface with OTG function, data interface.
Fig. 2 is a schematic structural diagram of the attack and defense exercise device according to the preferred embodiment of the present application, as shown in fig. 2, in some embodiments, the printed circuit board 100 includes: a first printed circuit board 107 and a second printed circuit board 108; the processor module 101, the memory module 102, the interface module 104, and the power management module 105 are disposed on a first printed circuit board 107, and the function module 103 and the power supply module 106 are disposed on a second printed circuit board 108.
Generally, the circuit structures among the processor module 101, the memory module 102, the interface module 104 and the power management module 105 are complex, the hardware cost is high, and the processor module 101, the memory module 102, the interface module 104 and the power management module 105 are arranged on the first printed circuit board 107, and the functional module 103 and the power supply module 106 are arranged on the second printed circuit board 108, so that the first printed circuit board 107 can be applied to different second printed circuit boards 108, and the hardware cost is reduced. Moreover, the first printed circuit board 107 can be electrically connected to a plurality of different second printed circuit boards 108 according to the drilling requirement, so that the attack and defense drilling equipment of the embodiment can add or delete part of the functional modules 103 on the second printed circuit boards 108 according to the assessment requirement.
The first printed circuit board 107 may be used as a core board, and the second printed circuit board 108 may be used as an expansion board.
In some of these embodiments, the firmware comprises encrypted firmware; the CTF assessment items comprise at least one of the following items: a hardware analysis capability assessment item, a firmware analysis capability assessment item, a dynamic debugging capability assessment item, a protocol analysis capability assessment item, a signal analysis capability assessment item and a permeability assessment item; the answer includes a Flag string.
In some embodiments, the hardware analysis capability assessment items include at least one of:
the device comprises a JTAG interface searching capability checking unit, a TTL interface searching capability checking unit, an OTG interface searching capability checking unit, an Ethernet interface searching capability checking unit, an inter-chip communication analysis level authority capability checking unit, a radio signal analysis capability checking unit, a firmware extraction capability checking unit and a welding basis capability checking unit.
In some embodiments, the firmware analysis capability assessment items include at least one of:
the Binwalk tool uses a capability assessment unit and a memory mapping analysis capability assessment unit.
In some of these embodiments, the dynamic debug ability assessment items include at least one of:
the system comprises a JTAG port dump firmware capability assessment unit, an operating system right-providing capability assessment unit after accessing a TTL port, a sensitive information acquisition capability assessment unit and an encrypted data decryption capability assessment unit.
In some embodiments, the protocol analysis capability assessment items include at least one of:
the system comprises a Bluetooth protocol reverse analysis capability assessment unit, a Zigbee protocol reverse analysis capability assessment unit, a WiFi protocol reverse analysis capability assessment unit, an RFID protocol reverse analysis capability assessment unit and an encryption cracking and replay analysis capability assessment unit.
In some embodiments, the signal analysis capability assessment term comprises at least one of:
the device comprises a capacity assessment unit for analyzing signals by adopting a logic analyzer and a signal analysis capacity assessment unit.
In some of these embodiments, the permeability assessment term comprises at least one of:
the system comprises a conventional vulnerability and 0day mining ability assessment unit, a network permeability assessment unit, a Wireshark software use ability assessment unit, an Ida software reverse use ability assessment unit and a conventional authentication bypass ability assessment unit. Here, a 0day bug refers to a software bug unknown to the programmer or vendor in charge of the application, and because the bug is unknown, there is no available patch.
The application provides an attack and defense drilling equipment is light and handy, conveniently carries, and the pre-set precompiled operating system application field is very extensive, and consequently, the attack and defense drilling equipment of this embodiment has the representativeness of thing networking safety, is a portable IoT (Internet of Things) attack and defense drilling equipment.
The portable IoT attack and defense drilling equipment is a question carrier, and is an environment for contestants to do questions, so that the portable IoT attack and defense drilling equipment is not limited by different operating systems of online products and vulnerabilities of the online products, and legal risks cannot be generated in the competition process. And the stability of the competition environment can be ensured by pre-compiling the environment, and once a fault occurs in the competition process, the environmental fault can be quickly repaired by simply replacing hardware or refreshing the firmware for several seconds. In addition, because the environment of the whole portable IoT attack and defense drilling equipment is realized on line, the confidentiality of the game questions can be effectively ensured, and the fairness of the game is ensured.
The portable IoT attacking and defending drilling equipment can provide real-time change for the real-time operation environment under the condition of ensuring the security of the game questions, and each real-time operation environment is a stable and controllable operation environment; in addition, the problems of poor compatibility and lack of real operation and interaction of the simulator are effectively solved, and entity operation equipment is provided; therefore, the difficulty and experience of real practice can be increased according to the needs of the attack and defense drill game; compatible with various operating systems; the portable IoT attack and defense drilling equipment does not relate to any market finished product brand, and can avoid legal risks; the protection can be reinforced at will, and the difficulty of the racing problem can be controlled.
In a preferred embodiment, the core board of the portable IoT attack and defense drilling device comprises a processor MCU, a power management, an EMMC memory and its peripheral circuit design; the peripheral interface includes: the device comprises a plurality of serial ports, a plurality of power supply ports, an Ethernet interface, a video stream interface, an audio interface, a USB interface with an OTG function and a plurality of data interfaces.
Fig. 3 is a block diagram of an expansion board of a portable IoT attack and defense drilling device according to an embodiment of the present application, and as shown in fig. 3, the block diagram includes: the device comprises a 4G module, an Ethernet module, a WiFi module, a memory, an audio module, a video module, a Bluetooth module, a Zigbee module, an RFID module, an infrared receiving and transmitting module, a GPS module, a temperature control module, a gravity sensing module, a motor module and a power supply module. Therefore, hardware analysis capability assessment items, firmware analysis capability assessment items, dynamic debugging capability assessment items, protocol analysis capability assessment items and signal analysis capability assessment items are added.
In some embodiments, a method of generating a hardware analysis capability assessment term comprises: and setting the difficulty of the assessment items in the circuit design process, such as grinding chip model information, disturbing PCB circuit distribution, stacking chips on the MCU, and closing a debugging interface when burning chip firmware.
The CTF assessment items are generated as follows:
the method comprises the following steps: and downloading the buildrop source code through a notebook or a server.
Step two: configuring a system image:
(1) and configuring linux-menuconfig and menuconfig, including a service library, an application library, a so library, a startup item and a manual startup item of running uboot version number and kernel version number of the pre-compiling base.
(2) Writing a DTS file of a model corresponding to the MCU, configuring a Device Tree Source (DTS) Device node loaded by Linux, and defining hardware details of the MCU on the core board, such as OTG pins, read/write pins, ethernet pins, and multimedia pins of the MCU.
Step three: compiling operating system files, generating a basic mirror image running environment, and automatically generating an output folder which comprises file directories such as mirror image files imgas, a target running file system target and the like.
Step four: and presetting the game title by modifying the generated output file, target file, buildroot source code, uboot source code and configuring linux-menuconfig and menuconfig. Examples are as follows:
(1) the method for generating the firmware analysis capability assessment item comprises the following steps: modifying the uboot source code in the buildroot, and performing signature verification on the firmware; and starting item and log printing minimization principle.
(2) The method for generating the dynamic debugging capacity assessment item contest comprises the following steps: such as presetting TTL login password in the config file, inserting key printing information in the starting process, and placing sensitive files such as/etc/passswd,/etc/show, lighttpd.conf,. conf,. crt,. pem,. cer,. p7b,. p12,. key,. sh,. db at the key code.
(3) The method for generating the protocol analysis capability assessment items comprises the following steps: the method comprises the steps of compiling a bluetooth communication function, a Zigbee communication function, a WiFi communication function and an RFID communication function, adding a sensitive information transmission function and an encryption verification function in the communication process, and presetting information such as weak passwords, weak encryption, hard codes, dictionaries and the like as key information for solving problems by encryption.
(4) The method for generating the signal analysis capability assessment item comprises the following steps: through rewriting the code, call bluetooth module, Zigbee module, wiFi module, RFID module transmission custom signal, custom signal carries coding information, supplies to contestant catch and analysis.
(5) The method for generating the permeability assessment item comprises the following steps: a webserver code is placed in a buildroot/output/target file system in advance, a website running environment is configured in menuconfig, such as Apache, and the website code comprises a conventional bug and a 0day bug; or setting the communication process of the equipment and the web server to have the defects of authentication bypass and the like to be mined by the players; or preset a reinforcement application, etc.
Step six: recompiling the modified buildrop file to generate a new system image file;
step seven: the mirror image is burnt into the EMMC through a pre-written automatic burning script flash-mmc-all or the mirror image is burnt into an MCU (micro controller Unit). The method for burning the image file into the MCU is also a way for increasing the difficulty of dump firmware, and is embodied in a hardware analysis capability assessment item.
The portable IoT attack and defense drilling equipment comprises a hardware analysis capability assessment item, a firmware analysis capability assessment item, a dynamic debugging capability assessment item, a protocol analysis capability assessment item, a signal analysis capability assessment item and a penetration capability assessment item, wherein the assessment capability of each assessment item is described as follows:
(1) the abilities assessed by the hardware analysis ability assessment items include but are not limited to: JTAG interface searching capability, TTL interface searching capability, OTG interface searching capability, Ethernet interface searching capability, inter-chip communication analysis level authority capability, radio signal analysis capability, firmware extraction capability, welding foundation capability and the like.
(2) The capability assessed by the firmware analysis capability assessment items includes but is not limited to: the Binwalk tool uses capabilities, and analysis capabilities of memory mapping.
(3) Dynamic debugging ability assessment items: JTAG port dump firmware capability, operating system right-lifting capability after accessing TTL port, sensitive information acquisition capability, encrypted data decryption capability and the like.
(4) The ability assessed by the protocol analysis ability assessment items includes but is not limited to: bluetooth protocol reverse analysis capability Zigbee protocol reverse analysis capability, WiFi protocol reverse analysis capability, RFID protocol reverse analysis capability and encryption cracking and replay analysis capability.
(5) The capacity assessed by the signal analysis capacity assessment item includes but is not limited to: the ability of analyzing signals and the ability of analyzing signals by adopting a logic analyzer.
(6) The capacity assessed by the permeability assessment term includes but is not limited to: conventional vulnerability and 0day mining capability, network penetration capability, Wireshark software usage capability, Ida software reverse usage capability, and conventional authentication bypass capability.
The preset environment mainly integrates an embedded Linux operating system, a buildroot, an ubuntu and the like, and provides a competition environment in a mode of presetting hardware bugs, firmware bugs, application bugs and network bugs. The preset operating systems are mainly applied to the fields of information appliances, Personal Digital Assistants (PDAs), set top boxes, Digital telephones, smart phones, answering machines, data networks, switches, routers, Bridge bridges, multiport repeaters, remote access servers, Automatic Teller Machines (ATMs), frame relay interface equipment, remote communication, medical electronics, transportation computer peripherals, industrial control, aerospace and the like. Therefore, the application fields of the operating systems are very wide, and the operating systems have the representativeness of the safety of the Internet of things.
There are many kinds of assessment methods, for example, as follows:
(1) the core board can disorder the interface sequence when drawing the board, and investigate the debugging capability of player hardware;
(2) the expansion board rarely leads out a dynamic debugging interface such as a serial port OTG port, and the functions and the operation ability of each module of player analysis equipment are inspected;
(3) hiding a key chip and a corresponding interface in a chip up-down stacking mode, and inspecting the operation capability and the key privilege-offering interface searching capability;
(4) the reverse analysis capability of the encrypted firmware after the player dump firmware is inspected; the dynamic debugging bottleneck is prevented in the starting process of the system, and the dynamic debugging bypassing capability is inspected;
(5) pre-burying a privilege-raising vulnerability in firmware, hiding a key Flag character string at a position which can be read only by the highest privilege in an encryption manner, and inspecting vulnerability mining capability;
(6) presetting a horizontal authority vulnerability in the communication process of the chip and the chip, and inspecting the safety technical capability;
(7) presetting firmware bugs, application and server communication bugs, presetting application bugs, and inspecting safety technology capability.
The portable IoT attack and defense drilling equipment is updated to be capable of quickly restoring the running environment only by burning the pre-compiled operating system (flash _ mmc _ all. And the cost of the hardware is not high, and only hardware equipment needs to be replaced if the hardware is physically damaged in the competition process. Therefore, various abnormal conditions in the process of attack and defense drilling can be quickly dealt with.
Fig. 4 is a flowchart of a usage of a portable IoT attack and defense drilling device according to an embodiment of the present application, as shown in fig. 4, the flowchart includes the following steps:
step S401, positioning the dynamic debugging interface.
Step S402, welding flying leads.
In step S403, firmware is extracted.
Step S404, the inter-chip communication is analyzed.
In step S405, the right is analyzed.
Step S406, firmware bugs are analyzed.
Step S407, analyzing the application vulnerability.
Step S408, analyzing the network communication loophole.
Firstly, a key interface is positioned by a contestant in attack and defense drilling, necessary flying lines are welded, dump firmware in modes of interface, internet downloading, card reading or chip blowing and the like is utilized, whether horizontal authority problems exist in inter-chip communication or not is analyzed to assist in privilege lifting, a privilege lifting method is found out through comprehensive analysis, firmware leaks are analyzed and further privileged lifting is carried out, and application leaks and network communication leaks are further analyzed and mined after equipment is successfully operated. The attack and defense drill competition can be completed by successfully utilizing the loopholes to take the highest authority or the designated information step by step. In addition, a mode that after the players submit Flag character strings through problem solving, new image files are taken to be burnt into the portable IoT attack and defense drilling equipment is set, so that the problem making sequence of the players can be controlled conveniently.
At present, most of attack and defense exercises in the direction of the Internet of things are carried out by providing on-line equipment of the existing brand or building a simulator. The method has the disadvantages that the use of the existing brand is limited, legal risks exist, problems cannot be disclosed, part of the problems are not universal, the level of the participators cannot be judged effectively, and the operation capability and the safety and technical capability of the players cannot be comprehensively evaluated. The method for building the simulator lacks practical operation, has a bottleneck of memory mapping address analysis, can directly cause that local functions of equipment are unavailable, has poor compatibility and stability, and limits the scope and depth of questions.
Compare in correlation technique, the beneficial effect that the offence and defense drilling equipment of this application brought is as follows:
(1) the application provides portable IoT attack and defense drilling equipment, which can ensure the offline state before competition, and therefore can ensure the confidentiality of the competition questions under the condition of no physical contact.
(1) The equipment can ensure the offline state before the competition, thereby ensuring the confidentiality of the competition questions under the condition of no physical contact.
(2) The device can provide a stable and controllable running environment through burning the precompiled operating system.
(3) The application provides equipment operated by an entity, and the problems that the mode of a simulator lacks real operation, the bottleneck of memory mapping address analysis exists, local functions of the equipment cannot be used directly, and the compatibility and the stability are poor are effectively solved.
(4) The attack and defense drilling organizer can increase the actual practice difficulty and the actual practice experience competition according to the attack and defense drilling competition, and effectively solves the problem of limitation of attack surfaces of equipment of specified brands.
(5) The application is compatible with various operating systems.
(6) The equipment does not relate to any market finished product brand, and legal risks can be avoided.
(7) This application is attacked and defended drill organizer and can consolidate the protection wantonly, controls the problem degree of difficulty of racing.
(8) The equipment updating method in the application can quickly restore the equipment competition environment only by burning the precompiled operating system by one key; and the cost of the hardware is not high, and only hardware equipment needs to be replaced if the hardware is physically damaged in the competition process. Therefore, various abnormal conditions in the process of attack and defense drilling can be quickly dealt with.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. An attack and defense exercise device, comprising: the device comprises a printed circuit board, a processor module, a storage module and a function module, wherein the processor module, the storage module and the function module are arranged on the printed circuit board and are electrically connected with each other; wherein,
firmware is burned in the storage module and/or the processor module, a precompiled operating system file carrying CTF assessment items and answers is stored in the firmware, and the storage module comprises at least one of the following components: an EMMC memory, a TF memory and a Flash memory;
the processor module is used for running the precompiled operating system file so as to provide an attack and defense drilling environment;
the functional module is electrically connected to the processor module, and the functional module includes at least one of: the device comprises a wireless communication module, a positioning module, a sensor module, a multimedia module and a motor module.
2. The attack and defense exercise device according to claim 1, further comprising: the power supply comprises an interface module, a power supply management module and a power supply module; wherein,
the interface module is arranged between the processor module and the function module and used for electrically connecting the processor module and the function module, wherein the interface module comprises at least one of the following components: the system comprises a wireless communication interface, a positioning interface, a sensor interface, a multimedia interface and a motor interface;
the power management module is electrically connected with the processor module, the storage module and the function module respectively and used for managing the power supply voltage of the processor module, the storage module and the function module so as to provide stable running current;
the power supply module is electrically connected with the power management module and used for providing power.
3. The attack and defense exercise device according to claim 2, wherein the printed circuit board includes: a first printed circuit board and a second printed circuit board; wherein,
the processor module, the storage module, the interface module and the power management module are arranged on the first printed circuit board, and the functional module and the power supply module are arranged on the second printed circuit board.
4. The combat rehearsal device of claim 1, wherein the firmware comprises encrypted firmware; the CTF assessment items comprise at least one of the following items: a hardware analysis capability assessment item, a firmware analysis capability assessment item, a dynamic debugging capability assessment item, a protocol analysis capability assessment item, a signal analysis capability assessment item and a permeability assessment item; the answer includes a Flag string.
5. The attack and defense exercise device according to claim 4, wherein the hardware analysis capability assessment items comprise at least one of:
the device comprises a JTAG interface searching capability checking unit, a TTL interface searching capability checking unit, an OTG interface searching capability checking unit, an Ethernet interface searching capability checking unit, an inter-chip communication analysis level authority capability checking unit, a radio signal analysis capability checking unit, a firmware extraction capability checking unit and a welding basis capability checking unit.
6. The attack and defense exercise device according to claim 4, wherein the firmware analysis capability assessment items comprise at least one of:
the Binwalk tool uses a capability assessment unit and a memory mapping analysis capability assessment unit.
7. The attack and defense exercise device according to claim 4, wherein the dynamic debugging capability assessment items comprise at least one of:
the system comprises a JTAG port dump firmware capability assessment unit, an operating system right-providing capability assessment unit after accessing a TTL port, a sensitive information acquisition capability assessment unit and an encrypted data decryption capability assessment unit.
8. The attack and defense exercise device according to claim 4, wherein the protocol analysis capability assessment items comprise at least one of:
the system comprises a Bluetooth protocol reverse analysis capability assessment unit, a Zigbee protocol reverse analysis capability assessment unit, a WiFi protocol reverse analysis capability assessment unit, an RFID protocol reverse analysis capability assessment unit and an encryption cracking and replay analysis capability assessment unit.
9. The attack and defense exercise device according to claim 4, wherein the signal analysis capability assessment term comprises at least one of:
the device comprises a capacity assessment unit for analyzing signals by adopting a logic analyzer and a signal analysis capacity assessment unit.
10. The combat rehearsal apparatus of claim 4, wherein the penetration ability assessment items comprise at least one of:
the system comprises a conventional vulnerability and 0day mining ability assessment unit, a network permeability assessment unit, a Wireshark software use ability assessment unit, an Ida software reverse use ability assessment unit and a conventional authentication bypass ability assessment unit.
CN202010952392.7A 2020-09-11 2020-09-11 Attack and defense drilling equipment Active CN112134861B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010952392.7A CN112134861B (en) 2020-09-11 2020-09-11 Attack and defense drilling equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010952392.7A CN112134861B (en) 2020-09-11 2020-09-11 Attack and defense drilling equipment

Publications (2)

Publication Number Publication Date
CN112134861A true CN112134861A (en) 2020-12-25
CN112134861B CN112134861B (en) 2023-04-07

Family

ID=73846162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010952392.7A Active CN112134861B (en) 2020-09-11 2020-09-11 Attack and defense drilling equipment

Country Status (1)

Country Link
CN (1) CN112134861B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116506220A (en) * 2023-06-25 2023-07-28 南京赛宁信息技术有限公司 Automatic vulnerability restoration control method and system based on network attack and defense exercise

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040225465A1 (en) * 2003-02-14 2004-11-11 Advantest Corporation Method and apparatus for testing integrated circuits
CN109543933A (en) * 2018-10-08 2019-03-29 中国科学院信息工程研究所 A kind of net peace personnel technical ability evaluation system
CN110941232A (en) * 2019-11-21 2020-03-31 博智安全科技股份有限公司 Portable safety shooting range device and method for industrial control network
WO2020177852A1 (en) * 2019-03-04 2020-09-10 Telefonaktiebolaget Lm Ericsson (Publ) Methods and systems for rule based charging for internet of things (iot) support

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040225465A1 (en) * 2003-02-14 2004-11-11 Advantest Corporation Method and apparatus for testing integrated circuits
CN109543933A (en) * 2018-10-08 2019-03-29 中国科学院信息工程研究所 A kind of net peace personnel technical ability evaluation system
WO2020177852A1 (en) * 2019-03-04 2020-09-10 Telefonaktiebolaget Lm Ericsson (Publ) Methods and systems for rule based charging for internet of things (iot) support
CN110941232A (en) * 2019-11-21 2020-03-31 博智安全科技股份有限公司 Portable safety shooting range device and method for industrial control network

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
宣乐飞: "网络空间安全实训平台的设计与实现", 《科技视界》 *
张宝全等: "电力行业信息安全攻防演练研究及应用", 《软件》 *
章秀等: "Explore-Exploit:一种模拟真实网络渗透场景的安全竞赛", 《信息安全学报》 *
龙九清: "工控安全攻防演练平台的设计与实现", 《现代信息科技》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116506220A (en) * 2023-06-25 2023-07-28 南京赛宁信息技术有限公司 Automatic vulnerability restoration control method and system based on network attack and defense exercise
CN116506220B (en) * 2023-06-25 2023-09-08 南京赛宁信息技术有限公司 Automatic vulnerability restoration control method and system based on network attack and defense exercise

Also Published As

Publication number Publication date
CN112134861B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
Tian et al. A real-time correlation of host-level events in cyber range service for smart campus
Pham et al. Cyris: A cyber range instantiation system for facilitating security training
US11991203B2 (en) Method and system for generating stateful attacks
Kiss et al. Kharon dataset: Android malware under a microscope
Dureuil et al. From code review to fault injection attacks: Filling the gap using fault model inference
CN112685737A (en) APP detection method, device, equipment and storage medium
CN109543933B (en) Network security personnel skill evaluation system
CN106055983A (en) Anti-debugging method of android application based on IDA communication
CN107438849A (en) For the system and method for the integrality for verifying electronic equipment
CN110677381A (en) Penetration testing method and device, storage medium and electronic device
CN107678833A (en) Simulator detection method and device based on operation system information
CN108205491B (en) NKV 6.0.0 system-based trusted technology compatibility testing method
CN115184764A (en) Chip testing method and device, electronic equipment and storage medium
CN112134861B (en) Attack and defense drilling equipment
CN103678125B (en) Method and system for debugging codes
Cojocar et al. Off-the-shelf embedded devices as platforms for security research
CN104036193B (en) Local cross-domain vulnerability detection method and device for application program
Xu et al. BofAEG: Automated stack buffer overflow vulnerability detection and exploit generation based on symbolic execution and dynamic analysis
US20240193278A1 (en) Vulnerability analysis of a computer driver
Zhang et al. Accessible from the open web: a qualitative analysis of the available open-source information involving cyber security and critical infrastructure
CN104375935A (en) Method and device for testing SQL injection attack
Redwood Cyber physical system vulnerability research
CN107145342A (en) The treating method and apparatus of the channel information of application
Park et al. A-pot: a comprehensive android analysis platform based on container technology
Spreitzenbarth Dissecting the Droid: Forensic analysis of android and its malicious applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant