9 Hits in 4.3 sec

Automatic Firmware Emulation through Invalidity-guided Knowledge Inference (Extended Version) [article]

Wei Zhou, Le Guan, Peng Liu, Yuqing Zhang
2021 arXiv   pre-print
Unlike existing work that attempts to build a general model for each peripheral, our approach learns how to correctly emulate firmware execution at individual peripheral access points.  ...  In this work, we propose a new approach called uEmu to emulate firmware with unknown peripherals.  ...  We thank Bo Feng for providing us with the firmware samples used in P 2 IM [21] and kind guidance on configuring P 2 IM. We also thank Vitaly Chipounov for his help on adding ARM support to S2E.  ... 
arXiv:2107.07759v2 fatcat:vb4q7l3wxncyxpecn6jw5ll3xy

MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware [article]

Zitai Chen and Sam L. Thomas and Flavio D. Garcia
2022 arXiv   pre-print
In MetaEmu, we use a specification-based approach to cover peripherals, execution models, and analyses, which allows our framework to be easily extended.  ...  Further, we show how MetaEmu enables a diverse set of analyses by implementing a fuzzer, a symbolic executor for solving peripheral access checks, a CAN ID reverse engineering tool, and an inter-device  ...  ACKNOWLEDGMENTS This research is partially funded by the Engineering and Physical Sciences Research Council (EPSRC) under grant EP/R012598/1, EP/R008000/1 and EP/V000454/1.  ... 
arXiv:2208.03528v1 fatcat:gsprp6c5ljeabdinklpujymi4i

P^2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (extended version) [article]

Bo Feng, Alejandro Mera, Long Lu
2019 arXiv   pre-print
P^2IM is oblivious to peripheral designs and generic to firmware implementations, and therefore, applicable to a wide range of embedded devices.  ...  We evaluated our framework using 70 sample firmware and 10 firmware from real devices, including a drone, a robot, and a PLC.  ...  Avatar [54] proposed a novel framework for hybrid emulation and used it for conducting concolic execution [33] .  ... 
arXiv:1909.06472v3 fatcat:zm372wbd75cpzdflxhukplkoam

DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis [article]

Alejandro Mera, Bo Feng, Long Lu, Engin Kirda
2021 arXiv   pre-print
We present DICE, a drop-in solution for firmware analyzers to emulate DMA input channels and generate or manipulate DMA inputs.  ...  Among the approaches to securing embedded devices, dynamic firmware analysis gained great attention lately, thanks to its offline nature and low false-positive rates.  ...  ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their insightful comments.  ... 
arXiv:2007.01502v3 fatcat:o3jh5jjp7bg3lo3pvpx2ilwac4

FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution

Drew Davidson, Benjamin Moench, Thomas Ristenpart, Somesh Jha
2013 USENIX Security Symposium  
We therefore design and implement a new tool, called FIE, that builds off the KLEE symbolic execution engine in order to provide an extensible platform for detecting bugs in firmware programs for the popular  ...  ) running on such devices.  ...  Acknowledgements We would like to thank Kevin Fu, Matt Renzelmann and the anonymous reviewers for their extensive feedback on earlier drafts of this paper.  ... 
dblp:conf/uss/DavidsonMRJ13 fatcat:np6x7fkc7zcvblenxupsmitgkq

Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code [article]

Carlo Meijer, Veelasha Moonsamy, Jos Wetzels
2020 arXiv   pre-print
Unfortunately, their DFG isomorphism approach is limited to known primitives only, and relies on heuristics for selecting code fragments for analysis.  ...  Lastly, we provide a free and open-source implementation of our approach, called Where's Crypto?, in the form of a plug-in for the popular IDA disassembler.  ...  and not depend on peripheral emulation.  ... 
arXiv:2009.04274v2 fatcat:q7e65knjyzanblv3nug5ziwur4

The Evolution of Android Malware and Android Analysis Techniques

Kimberly Tam, Ali Feizollah, Nor Badrul Anuar, Rosli Salleh, Lorenzo Cavallaro
2017 ACM Computing Surveys  
It is therefore essential to devise effective techniques to analyze and detect these threats.  ...  With the integration of mobile devices into daily life, smartphones are privy to increasing amounts of sensitive information.  ...  Furthermore, full system emulation completely emulates a real device, which includes all system functionality and required peripherals.  ... 
doi:10.1145/3017427 fatcat:f2vdpgntincgvd4xv52l2ovray

Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares

Jonas Zaddach, Luca Bruno, Aurélien Francillon, Davide Balzarotti
2014 Proceedings 2014 Network and Distributed System Security Symposium   unpublished
For example, dynamic analysis is one of the main foundations of security analysis, e.g., through dynamic taint tracing or symbolic execution.  ...  In this paper we present Avatar, a framework that enables complex dynamic analysis of embedded devices by orchestrating the execution of an emulator together with the real hardware.  ...  ACKNOWLEDGMENTS Authors would like to thank Pascal Sachs and Luka Malisa that worked on an early prototype of the system, and Lucian Cojocar for his helpful comments on the current version of Avatar.  ... 
doi:10.14722/ndss.2014.23229 fatcat:54oel6lwdbeqxaqias5hbdnagm

Hardware-Accelerated Platforms and Infrastructures for Network Functions: A Survey of Enabling Technologies and Research Studies

Prateek Shantharama, Akhilesh S. Thyagaturu, Martin Reisslein
2020 IEEE Access  
The proposed Concolic Testing Engine (CTE) enumerates the parameters for the software functions which can be executed over an instruction set simulator on a virtual prototype emulated as a compute processor  ...  The PCIe is a universal standard for core-to-I/O device communications.  ... 
doi:10.1109/access.2020.3008250 fatcat:kv4znpypqbatfk2m3lpzvzb2nu