A Survey on Firmware Security¶
Binary Analysis¶
From this slides, we can view firmware releases as some kind of executable binaries, so many binary analysis (especially some black-box) techniques can also be applied on firmware. Those tools can give a quick insight on the firmware to analysis. To demonstrate these CLI on Linux, we can take samples in my re-organized firmware collection as examples and then test with those tools.
Usage |
Example |
|
|---|---|---|
|
Test file type (format)
Note: If the file format of the provided firmware image is unknown, then |
$ file P2IM.Steering_Control.elf
# P2IM.Steering_Control.elf:
# ELF 32-bit LSB executable,
# ARM, EABI5 version 1 (SYSV), statically linked,
# with debug_info, not stripped
|
|
Extract printable strings in file |
$ strings P2IM.Steering_Control.elf | head
# L#x3
# O"F)F
# ...
# 9M(`4H
|
|
Display binary files in hexadecimal |
$ hexdump -C P2IM.Steering_Control.elf | head
# ...
|
binwalk¶
Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images
$ git clone https://github.com/ReFirmLabs/binwalk
$ cd binwalk
$ sudo python3 setup.py install
Usage |
Example |
|
|---|---|---|
|
inspection of regions with high entropy (compressed or encrypted data) |
$ binwalk --term --entropy P2IM.Steering_Control.elf
|
binvis¶
binvis generates a visualization of the firmware image with space-filling curves in order to identify regions with non-random data.
cortesi/scurve is not updated from many years ago, many dependencies are deprecated.
Todo: I may modify it later to fix those issues when I have time.
But we can upload the firmware file to http://binvis.io/ to view the results.