Emulating firmware is increasingly popular for systems research, particularly vulnerability research. In this paper we describe how we extend HALucinator to work with real-world systems that use the popular VxWorks RTOS. We describe the Re-hosting Support Layer (its definition and implementation) with the functions necessary to get a Schneider Electric SCADAPack 350 remote terminal unit, a Schneider Electric Modicon 340 programmable logic controller, and Hughes 9201 BGAN inmarsat terminal up and re-hosted (at least partially). We share the process and our path of performing this work over the last year, and give a retrospective approach for re-hosting other RTOSes. We provide a case study with 3 real devices, and show that we can re-host portions of the firmware and perform analyses to show the success of our approach.

View More Papers

Tales of Favicons and Caches: Persistent Tracking in Modern...

Konstantinos Solomos (University of Illinois at Chicago), John Kristoff (University of Illinois at Chicago), Chris Kanich (University of Illinois at...

Read More

Forward and Backward Private Conjunctive Searchable Symmetric Encryption

Sikhar Patranabis (ETH Zurich), Debdeep Mukhopadhyay (IIT Kharagpur)

Read More

RandRunner: Distributed Randomness from Trapdoor VDFs with Strong Uniqueness

Philipp Schindler (SBA Research), Aljosha Judmayer (SBA Research), Markus Hittmeir (SBA Research), Nicholas Stifter (SBA Research, TU Wien), Edgar Weippl...

Read More

Understanding the Growth and Security Considerations of ECS

Athanasios Kountouras (Georgia Institute of Technology), Panagiotis Kintis (Georgia Institute of Technology), Athanasios Avgetidis (Georgia Institute of Technology), Thomas Papastergiou...

Read More