Florian Hofhammer (EPFL), Marcel Busch (EPFL), Qinying Wang (EPFL and Zhejiang University), Manuel Egele (Boston University), Mathias Payer (EPFL)

Dynamic analysis of microcontroller-based embedded firmware remains challenging. The general lack of source code availability for Commercial-off-the-shelf (COTS) firmware prevents powerful source-based instrumentation and prohibits compiling the firmware into an executable directly runnable by an analyst. Analyzing firmware binaries requires either acquisition and configuration of custom hardware, or configuration of extensive software stacks built around emulators. In both cases, dynamic analysis is limited in functionality by complex debugging and instrumentation interfaces and in performance by low execution speeds on Microcontroller Units (MCUs) and Instruction Set Architecture (ISA) translation overheads in emulators.

SURGEON provides a performant, flexible, and accurate rehosting approach for dynamic analysis of embedded firmware. We introduce transplantation to transform binary, embedded firmware into a Linux user space process executing natively on compatible high-performance systems through static binary rewriting. In addition to the achieved performance improvements, SURGEON scales horizontally through process instantiation and provides the flexibility to apply existing dynamic analysis tooling for user space processes without requiring adaptations to firmware-specific use cases. SURGEON’s key use cases include debugging binary firmware with off-the-shelf tooling for user space processes and fuzz testing.

View More Papers

BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks

Cameron Morris (University of Connecticut), Amir Herzberg (University of Connecticut), Bing Wang (University of Connecticut), Samuel Secondo (University of Connecticut)

Read More

Connecting the Dots in the Sky: Website Fingerprinting in...

Prabhjot Singh (University of Waterloo), Diogo Barradas (University of Waterloo), Tariq Elahi (University of Edinburgh), Noura Limam (University of Waterloo)

Read More

QSynth – A Program Synthesis based approach for Binary...

Robin David (Quarkslab), Luigi Coniglio (University of Trento), Mariano Ceccato (University of Verona)

Read More

WIP: Modeling and Detecting Falsified Vehicle Trajectories Under Data...

Jun Ying, Yiheng Feng (Purdue University), Qi Alfred Chen (University of California, Irvine), Z. Morley Mao (University of Michigan and Google)

Read More