Skip to Main content Skip to Navigation

Dynamic binary firmware analysis : challenges & solutions

Abstract : Embedded systems are a key component of modern life and their security is of utmost importance. Hence, the code running on those systems, called "firmware", has to be carefully evaluated and tested to minimize the risks accompanying the ever-growing deployment of embedded systems. One common way to evaluate the security of firmware, especially in the absence of source code, is dynamic analysis. Unfortunately, compared to analysis and testing on desktop system, dynamic analysis for firmware is lacking behind. In this thesis, we identify the main challenges preventing dynamic analysis and testing techniques from reaching their full potential on firmware. Furthermore we point out that rehosting is a promising approach to tackle these problems and develop avatar2, a multi-target orchestration framework which is capable of running firmware in both fully, and partially emulated settings. Using this framework, we adapt several dynamic analysis techniques to successfully operate on binary firmware. In detail we use its scriptability to easily replicate a previous study, we demonstrate that it allows to record and replay the execution of an embedded system, and implement heuristics for better fault detection as run-time monitors. Additionally, the framework serves as building block for an experimental evaluation of fuzz testing on embedded systems, and is used as part in a scalable concolic execution engine for firmware. Last but not least, we present Groundhogger, a novel approach for unpacking embedded devices' firmware which, unlike other unpacking tools, uses dynamic analysis to create unpackers and evaluate it against three real world devices.
Document type :
Complete list of metadata
Contributor : ABES STAR :  Contact
Submitted on : Wednesday, February 17, 2021 - 11:00:13 AM
Last modification on : Sunday, June 26, 2022 - 10:00:04 AM
Long-term archiving on: : Tuesday, May 18, 2021 - 6:30:51 PM


Version validated by the jury (STAR)


  • HAL Id : tel-03143960, version 1


Marius Muench. Dynamic binary firmware analysis : challenges & solutions. Embedded Systems. Sorbonne Université, 2019. English. ⟨NNT : 2019SORUS265⟩. ⟨tel-03143960⟩



Record views


Files downloads