Cutting Through the Complexity of Reverse Engineering Embedded Devices
Performing security analysis of embedded devices is a challenging task. They present many difficulties not usually found when analyzing commodity systems: undocumented peripherals, esoteric instruction sets, and limited tool support. Thus, a significant amount of reverse engineering is almost always...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2021-07-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://tches.iacr.org/index.php/TCHES/article/view/8978 |
| _version_ | 1818790341335056384 |
|---|---|
| author | Sam L. Thomas Jan Van den Herrewegen Georgios Vasilakis Zitai Chen Mihai Ordean Flavio D. Garcia |
| author_facet | Sam L. Thomas Jan Van den Herrewegen Georgios Vasilakis Zitai Chen Mihai Ordean Flavio D. Garcia |
| author_sort | Sam L. Thomas |
| collection | DOAJ |
| description | Performing security analysis of embedded devices is a challenging task. They present many difficulties not usually found when analyzing commodity systems: undocumented peripherals, esoteric instruction sets, and limited tool support. Thus, a significant amount of reverse engineering is almost always required to analyze such devices. In this paper, we present Incision, an architecture and operating-system agnostic reverse engineering framework. Incision tackles the problem of reducing the upfront effort to analyze complex end-user devices. It combines static and dynamic analyses in a feedback loop, enabling information from each to be used in tandem to improve our overall understanding of the firmware analyzed. We use Incision to analyze a variety of devices and firmware. Our evaluation spans firmware based on three RTOSes, an automotive ECU, and a 4G/LTE baseband. We demonstrate that Incision does not introduce significant complexity to the standard reverse engineering process and requires little manual effort to use. Moreover, its analyses produce correct results with high confidence and are robust across different OSes and ISAs. |
| first_indexed | 2024-12-18T14:53:55Z |
| format | Article |
| id | doaj.art-b318877ed997431fb02679555d4768c7 |
| institution | Directory Open Access Journal |
| issn | 2569-2925 |
| language | English |
| last_indexed | 2024-12-18T14:53:55Z |
| publishDate | 2021-07-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj.art-b318877ed997431fb02679555d4768c72022-12-21T21:04:06ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252021-07-012021310.46586/tches.v2021.i3.360-389Cutting Through the Complexity of Reverse Engineering Embedded DevicesSam L. Thomas0Jan Van den Herrewegen1Georgios Vasilakis2Zitai Chen3Mihai Ordean4Flavio D. Garcia5University of Birmingham, Birmingham, United KingdomUniversity of Birmingham, Birmingham, United KingdomUniversity of Birmingham, Birmingham, United KingdomUniversity of Birmingham, Birmingham, United KingdomUniversity of Birmingham, Birmingham, United KingdomUniversity of Birmingham, Birmingham, United KingdomPerforming security analysis of embedded devices is a challenging task. They present many difficulties not usually found when analyzing commodity systems: undocumented peripherals, esoteric instruction sets, and limited tool support. Thus, a significant amount of reverse engineering is almost always required to analyze such devices. In this paper, we present Incision, an architecture and operating-system agnostic reverse engineering framework. Incision tackles the problem of reducing the upfront effort to analyze complex end-user devices. It combines static and dynamic analyses in a feedback loop, enabling information from each to be used in tandem to improve our overall understanding of the firmware analyzed. We use Incision to analyze a variety of devices and firmware. Our evaluation spans firmware based on three RTOSes, an automotive ECU, and a 4G/LTE baseband. We demonstrate that Incision does not introduce significant complexity to the standard reverse engineering process and requires little manual effort to use. Moreover, its analyses produce correct results with high confidence and are robust across different OSes and ISAs.https://tches.iacr.org/index.php/TCHES/article/view/8978Reverse engineeringEmbedded device firmwareHardware-based execution tracing |
| spellingShingle | Sam L. Thomas Jan Van den Herrewegen Georgios Vasilakis Zitai Chen Mihai Ordean Flavio D. Garcia Cutting Through the Complexity of Reverse Engineering Embedded Devices Transactions on Cryptographic Hardware and Embedded Systems Reverse engineering Embedded device firmware Hardware-based execution tracing |
| title | Cutting Through the Complexity of Reverse Engineering Embedded Devices |
| title_full | Cutting Through the Complexity of Reverse Engineering Embedded Devices |
| title_fullStr | Cutting Through the Complexity of Reverse Engineering Embedded Devices |
| title_full_unstemmed | Cutting Through the Complexity of Reverse Engineering Embedded Devices |
| title_short | Cutting Through the Complexity of Reverse Engineering Embedded Devices |
| title_sort | cutting through the complexity of reverse engineering embedded devices |
| topic | Reverse engineering Embedded device firmware Hardware-based execution tracing |
| url | https://tches.iacr.org/index.php/TCHES/article/view/8978 |
| work_keys_str_mv | AT samlthomas cuttingthroughthecomplexityofreverseengineeringembeddeddevices AT janvandenherrewegen cuttingthroughthecomplexityofreverseengineeringembeddeddevices AT georgiosvasilakis cuttingthroughthecomplexityofreverseengineeringembeddeddevices AT zitaichen cuttingthroughthecomplexityofreverseengineeringembeddeddevices AT mihaiordean cuttingthroughthecomplexityofreverseengineeringembeddeddevices AT flaviodgarcia cuttingthroughthecomplexityofreverseengineeringembeddeddevices |