Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Abusing Processor Exception for General Binary Instrumentation on Bare-metal Embedded Devices (2311.16532v2)

Published 28 Nov 2023 in cs.CR

Abstract: Analyzing the security of closed-source drivers and libraries in embedded systems holds significant importance, given their fundamental role in the supply chain. Unlike x86, embedded platforms lack comprehensive binary manipulating tools, making it difficult for researchers and developers to effectively detect and patch security issues in such closed-source components. Existing works either depend on full-fledged operating system features or suffer from tedious corner cases, restricting their application to bare-metal firmware prevalent in embedded environments. In this paper, we present PIFER (Practical Instrumenting Framework for Embedded fiRmware) that enables general and fine-grained static binary instrumentation for embedded bare-metal firmware. By abusing the built-in hardware exception-handling mechanism of the embedded processors, PIFER can perform instrumentation on arbitrary target addresses. Additionally, We propose an instruction translation-based scheme to guarantee the correct execution of the original firmware after patching. We evaluate PIFER against real-world, complex firmware, including Zephyr RTOS, CoreMark benchmark, and a close-sourced commercial product. The results indicate that PIFER correctly instrumented 98.9% of the instructions. Further, a comprehensive performance evaluation was conducted, demonstrating the practicality and efficiency of our work.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (26)
  1. Sok: Security evaluation of home-based iot deployments. In 2019 IEEE symposium on security and privacy (sp). IEEE, 1362–1380.
  2. Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics.. In NDSS.
  3. One glitch to rule them all: Fault injection attacks against amd’s secure encrypted virtualization. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 2875–2889.
  4. Bistro: Binary component extraction and embedding for software security applications. In Computer Security–ESORICS 2013: 18th European Symposium on Research in Computer Security, Egham, UK, September 9-13, 2013. Proceedings 18. Springer, 200–218.
  5. ARMore: Pushing Love Back Into Binaries. In Proceedings of the 32nd USENIX Security Symposium.
  6. Retrowrite: Statically instrumenting cots binaries for fuzzing and sanitization. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 1497–1511.
  7. AflIot: Fuzzing on linux-based IoT device with binary-level instrumentation. Computers & Security 122 (2022), 102889.
  8. Binary rewriting without control flow recovery. In Proceedings of the 41st ACM SIGPLAN conference on programming language design and implementation. 151–163.
  9. EEMBC. 2009. MCU Benchmark, CoreMark.
  10. Embedded fuzzing: a review of challenges, tools, and solutions. Cybersecurity 5, 1 (2022), 18.
  11. Linux Foundation. 2016. Zephyr: a new generation, scalable, optimized, secure RTOS for multiple hardware architectures.
  12. Hex-Rays. 2023. IDA Pro: A powerful disassembler and a versatile debugger.
  13. Galen Hunt and Doug Brubacher. 1999. Detours: Binaryinterception ofwin 3 2 functions. In 3rd usenix windows nt symposium.
  14. Apple Inc. 2021. AirTag.
  15. JSOF. 2020. 19 Zero-Day Vulnerabilities Amplified by the Supply Chain.
  16. Reassembly is Hard: A Reflection on Challenges and Strategies. In Proceedings of the 32nd USENIX Security Symposium.
  17. RevARM: A platform-agnostic ARM binary rewriter for security applications. In Proceedings of the 33rd Annual Computer Security Applications Conference. 412–424.
  18. ReFirm Labs. 2010. Binwalk: Firmware Analysis Tool.
  19. Arm Ltd. 2016. Literal pools, Arm Compiler armasm User Guide, Version 6.6.5.
  20. Damiano Melotti Maxime Rossi Bellom and Philippe Teuwen. 2021. Blackhat USA 2021: A Titan M Odyssey.
  21. CFI CaRE: Hardware-supported call and return enforcement for commercial microcontrollers. In Research in Attacks, Intrusions, and Defenses: 20th International Symposium, RAID 2017, Atlanta, GA, USA, September 18–20, 2017, Proceedings. Springer, 259–284.
  22. Thomas Roth. 2021. Airtag glitcher.
  23. μ𝜇\muitalic_μSBS: Static binary sanitization of bare-metal embedded devices for fault observability. In Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX Association, 381–395.
  24. Guide to bluetooth security. NIST Special Publication 800, 2008 (2008), 121.
  25. NXP Semiconductors. 2020. Running coremark benchmark with dual CM33 cores and PowerQuad on LPC5500.
  26. My other car is your car: compromising the Tesla Model X keyless entry system. IACR Transactions on Cryptographic Hardware and Embedded Systems (2021), 149–172.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now