FUNCTION IDENTIFICATION THREATS IN EMBEDDED SYSTEMS
Markarian, Henry
Loading…
Permalink
https://hdl.handle.net/2142/124816
Description
Title
FUNCTION IDENTIFICATION THREATS IN EMBEDDED SYSTEMS
Author(s)
Markarian, Henry
Issue Date
2023-05-01
Keyword(s)
decompilation; function identification; embedded systems.
Abstract
As a proof of concept, we leveraged Ghidra’s scripting capabilities and Jython API to test the discernability of Zlib functions across multiple versions, compilers, and compiler settings, referred to from now on as compilations. This was done by generating FIDBs (Function Identification Databases) from a set of libraries and using Ghidra’s FunctionID analysis tools to search for matches in other libraries’ test binaries, all done headlessly from the command line with a series of BASH and Python scripts. We found that out of 30 different compilations of Zlib, two-thirds of them had more matches with their own binaries than matches with others, and none had more matches with another library’s binaries than its own. More abstractly, we learned about the nuances of uncommented government code and automation of systems designed for manual use.
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.
