Decrypting FortiOS 7.0.x
ID: 38721622-b00f-5eb3-a2c5-c2f9943f1601
STIX ID: report--38721622-b00f-5eb3-a2c5-c2f9943f1601
Feed Name: GreyNoise Labs
Threat Score
This research post details how GreyNoise analyzed FortiGate FortiOS 7.0.x firmware, discovered a statically held ChaCha20 key/state (a hardcoded key), and developed a toolchain (objdump + lief + Python ChaCha20) to decrypt rootfs.gz and unpack the aarch64 root filesystem; the write-up includes code snippets and remediation-relevant findings about Fortinet using a hardcoded encryption key in 7.0.x.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.