Cutting Through the Complexity of Reverse Engineering Embedded Devices

Authors

  • Sam L. Thomas University of Birmingham, Birmingham, United Kingdom
  • Jan Van den Herrewegen University of Birmingham, Birmingham, United Kingdom
  • Georgios Vasilakis University of Birmingham, Birmingham, United Kingdom
  • Zitai Chen University of Birmingham, Birmingham, United Kingdom
  • Mihai Ordean University of Birmingham, Birmingham, United Kingdom
  • Flavio D. Garcia University of Birmingham, Birmingham, United Kingdom

DOI:

https://doi.org/10.46586/tches.v2021.i3.360-389

Keywords:

Reverse engineering, Embedded device firmware, Hardware-based execution tracing

Abstract

Performing security analysis of embedded devices is a challenging task. They present many difficulties not usually found when analyzing commodity systems: undocumented peripherals, esoteric instruction sets, and limited tool support. Thus, a significant amount of reverse engineering is almost always required to analyze such devices. In this paper, we present Incision, an architecture and operating-system agnostic reverse engineering framework. Incision tackles the problem of reducing the upfront effort to analyze complex end-user devices. It combines static and dynamic analyses in a feedback loop, enabling information from each to be used in tandem to improve our overall understanding of the firmware analyzed. We use Incision to analyze a variety of devices and firmware. Our evaluation spans firmware based on three RTOSes, an automotive ECU, and a 4G/LTE baseband. We demonstrate that Incision does not introduce significant complexity to the standard reverse engineering process and requires little manual effort to use. Moreover, its analyses produce correct results with high confidence and are robust across different OSes and ISAs.

Downloads

Published

2021-07-09

Issue

Section

Articles

How to Cite

Thomas, S. L., Van den Herrewegen, J., Vasilakis, G., Chen, Z., Ordean, M., & Garcia, F. D. (2021). Cutting Through the Complexity of Reverse Engineering Embedded Devices. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(3), 360-389. https://doi.org/10.46586/tches.v2021.i3.360-389