Uwe Muller, Eicke Hauck, Timm Welz, Jiska Classen, Matthias Hollick (Secure Mobile Networking Lab, TU Darmstadt)

Even though PowerPC mostly disappeared from the consumer device market, its architectural properties continue being popular for highly specialized systems. This particularly includes embedded systems with real-time requirements that are deeply integrated into critical infrastructures as well as aeronautics, transportation, control systems in power plants, etc. One example is Terrestrial Trunked Radio (TETRA), a digital radio system used in the public safety domain and deployed in more than 120 countries worldwide: base stations of at least one of the main vendors are based on PowerPC. Despite the criticality of the aforementioned systems, many follow a security by obscurity approach and there are no openly available analysis tools. While analyzing a TETRA base station, we design and develop a set of analysis tools centered around a PowerPC binary patcher. We further create various dynamic tooling on top, including a fast memory dumper, function tracer, flexible patching capabilities at runtime, and a fuzzer. We describe the genesis of these tools and detail the binary patcher, which is general in nature and not limited to our base station under test.

View More Papers

Panel – Experiment Artifact Sharing: Challenges and Solutions

Moderator: Laura Tinnel (SRI International) Panelists: Clémentine Maurice (CNRS, IRIS); Martin Rosso (Eindhoven University of Technology); Eric Eide (U. Utah)

Read More

Demo #9: Attacking Multi-Sensor Fusion based Localization in High-Level...

Junjie Shen, Jun Yeon Won, Zeyuan Chen and Qi Alfred Chen (UC Irvine)

Read More

User Expectations and Understanding of Encrypted DNS Settings

Alexandra Nisenoff, Nick Feamster, Madeleine A Hoofnagle†, Sydney Zink. (University of Chicago and †Northwestern)

Read More