Anyone familiar with IDA Pro or binwalk or examining firmwares in general?

I found some interesting articles and documents highlighting flaws in /dev/random in embedded systems, thought I'd share with you. If you are not experienced, you probably won't understand much of it (thats me) but from what I understand, embedded systems from before July 2012 (or maybe even after) may be potentially vulnerable as they don't have a sufficient amount of entropy after being plugged in. The problem with newer devices (not sure about older devices) is that upon reboot, they save the entropy pool through a reboot/power loss. This is why forcing/DOSing an AP so it reboots is not effective in clearing entropy pools. I'm not sure if the same feature exists in pre-2012 devices so it may be something worth looking into. Heck, its even something Dominique noted in his presentations.

I guess one of the maintainers of /dev/random in Linux commented on his worries about the subject here: https://news.ycombinator.com/item?id=6548893

And the whole conference is available here: https://factorable.net/weakkeys12.conference.pdf

Whats even more intriguing about this is older hardware is more susceptible to DOS/force rebooting. The research paper explains how there were a lot of duplicate security keys used in various embedded systems, including "enterprise-grade routers from Cisco; server management cards from Dell, Hewlett-Packard, and IBM; virtual-private-network (VPN) devices; building security systems; network attached storage devices; and several kinds of consumer routers and VoIP products" (quoted from conference.pdf). This is what made them question the implementation. If there are a lot of duplicate keys, then there must not have been sufficient entropy feeding the PRNGs.

t6_x has ventured into the realm of Atheros devices and found that in hostapd, the WPS protocol is stopped before sending the M3 message if there is not sufficient entropy.

As you can see, there are many barriers to break, but much possibility for older devices, or maybe even newer devices if they don't include the patch released following the research. I mean, some manufacturers had zero security so anything is possible!