Link to this headingCanon Camera’s
- Firmware is easily downloadable but is [AES](/Crypto/Symmetric Encryption/AES) encrypted
- Using the ROM Dumper getting the rom from a camera was possible
- Using that with iDA was able to search for vulnerabilities that start at the at buffer
- CVE-2019-5998 – Buffer Overflow in NotifyBtStatus – 0x91F9
- CVE-2019-5999 – Buffer Overflow in BLERequest – 0x914C
- CVE-2019-6000 – Buffer Overflow in SendHostInfo – 0x91E4
- CVE-2019-6001 – Buffer Overflow in SetAdapterBatteryReport – 0x91FD
- Using that with iDA was able to search for vulnerabilities that start at the at buffer