Who cares about GPL violations? Are you a lawyer or work at least for one?
As mentioned, I reported the GPL
violation. I did this because I want the GPL-licensed source code. The operating system was Linux
along with many familiar utilities, but some of them had been modified. I wanted to read the source code of the modifications so I could gain insight into specific situations.
Also what good is looking for a bug at the bottom most level, if one can't fix it?
As mentioned, discovering a bug was not one of the uses that I personally had. I discovered a vulnerability
which resulted in huge benefits. I was able to save large amounts of time and automate the capture of security event data. If, instead, I had submitted feature requests, they would have to go through whatever review and development processes the vendor has, and might even be rejected.
I don't go through the trouble of disassembling an exe, to find a bug, as long as someone else has still the source code and is fixing reported bugs.
Although I didn't use binwalk
to find bugs, the vendor of a particular product I remember was a bit slow and sometimes unsure about fixing the bugs. If they hadn't been in violation of the GPL
(discovered with binwalk), perhaps I could've read the source code and fixed the bugs myself!
How do you implement anything without write access?
After using binwalk to extract the root filesystem, I was able to examine the startup scripts and I found a vulnerability because those startup scripts examined certain NVRAM
variables, which I could control on the device. I didn't need to modify any firmware, digital signatures, checksums, etc. I just needed to set magic NVRAM variables that would exercise the vulnerability. Pretty simple. I was able to develop
the "back door" without
the device. That means that you could've asked me to develop it for you and you wouldn't've needed to ship me the unit.
As answers i get:
- Check for GPL violations. Since non of us is a lawyer this would be pretty pointless.
- Find a bug at the machine code level, even though this info is completely useless to someone working on the source code level.
You've just listed two
answers. I quoted three
uses, in the last post. Why is one missing?
Also, I disagree with your opinion about the GPL and lawyers, which is why I gave a link to the GPL Violations web-site. Feel free to actually go to the web-site and read the material in order to try to gain an understanding of why someone might disagree with your opinion about needing to be or work for a lawyer.
And last but not least this:
If you never have access to the device (as mentioned in that paragraph), why would you want to edit the firmware image?
I didn't understand why you would read the first paragraph of the given web-page and then ask about editing the firmware image, when the first paragraph clearly states a usefulness without any access to the device
. How do those two items go together?
What for would this be needed, if we don't have access to the device? Or do we have all of a sudden access to it?
WvBootDD needs to know where NTLdr (or rather, the OsLoader.Exe inside) is going to have certain items in memory.
I think there are two problems, here.
Firstly, you dropped one of the three uses described in the first paragraph of the given web-page. The subject you dropped was probably the most useful I've personally experienced, so I think it's certainly worth noting.
Secondly, you cut pieces of my response and pasted them together out of context, so you appear to have the mistaken impression that they are related. If you read again, I think you'll find that I gave a fourth
use which is my own
to the previous three, which were from the first paragraph of the given web-page. Since it is unrelated, then any discussion about "device access" is irrelevant.
Let me try a fifth
example. This one is unrelated to the previous four: You have an image of a filesystem, but all of the filesystem meta-data has been badly damaged. You can scan the filesystem image and discover the locations of and extract the data for any blobs of data which are recognized by binwalk... Think about text documents, pictures, videos, programs, archives, etc. This scenario can arise and has happened to me due to accidentally having two computers access the same disk filesystem at the same time. Is that a useful example, in your opinion?