Ioannis Angelakopoulos (Boston University), Gianluca Stringhini (Boston University), Manuel Egele (Boston University)

Re-hosting Internet of Things (IoT) firmware can oftentimes be a tedious process, especially when analysts have to intervene with the analysis to ensure further progress. When it comes to Linux-based firmware, one crucial problem that current re-hosting systems face, is that the configuration of the custom kernels used by these systems, significantly deviates from the configuration of the IoT kernel modules used in firmware images. As a consequence, kernel artifacts, such as the memory layout of data structures might differ between the custom kernels and the IoT kernel modules. To analyze the IoT kernel modules within these kernels, the analyst often has to invest significant amount of engineering effort and time to align the offending data structures within the custom kernels. In this paper, we present FirmDiff, an automated binary diffing framework that enables analysts to effectively detect and align the misaligned data structures between the custom kernels produced by the FirmSolo re-hosting framework and the Linux kernel modules in IoT firmware. The goal of FirmDiff is to improve the configuration of FirmSolo’s kernels to closely approximate the configuration of the IoT kernels in the firmware images, such that the IoT kernel modules can be analyzed without errors. We evaluate FirmDiff on a dataset of 10 firmware images with 148 IoT kernel modules that crash during re-hosting with FirmSolo. Using FirmDiff’s findings, we identify 37 misaligned data structures in FirmSolo’s kernels for these images. After aligning the layout of 35 of these data structures, FirmSolo’s refined kernels successfully load 28 previously crashing kernel modules.

View More Papers

Crafter: Facial Feature Crafting against Inversion-based Identity Theft on...

Shiming Wang (Shanghai Jiao Tong University), Zhe Ji (Shanghai Jiao Tong University), Liyao Xiang (Shanghai Jiao Tong University), Hao Zhang (Shanghai Jiao Tong University), Xinbing Wang (Shanghai Jiao Tong University), Chenghu Zhou (Chinese Academy of Sciences), Bo Li (Hong Kong University of Science and Technology)

Read More

When Cryptography Needs a Hand: Practical Post-Quantum Authentication for...

Geoff Twardokus (Rochester Institute of Technology), Nina Bindel (SandboxAQ), Hanif Rahbari (Rochester Institute of Technology), Sarah McCarthy (University of Waterloo)

Read More

Short Paper: Declarative Demand-Driven Reverse Engineering

Yihao Sun, Jeffrey Ching, Kristopher Micinski (Department of Electical Engineering and Computer Science, Syracuse University)

Read More