08:00 - 09:10

Attendant Registration Time

09:10 - 09:30

Welcome Speech

09:30 - 09:55

Event Introduce

09:55 - 10:40
10:40 - 10:55

Break

10:55 - 11:40
11:40 - 12:40

Lunch

12:40 - 13:25
13:25 - 13:40

Break

13:40 - 14:25
14:25 - 14:55

Tea Time

14:55 - 15:40
15:40 - 15:55

Break

15:55 - 16:40
16:40 - 16:55

Break

16:55 - 17:40
17:40 - 17:50

Closing

Enabling dynamic analysis of Legacy Embedded Systems in full emulated environment

Exploring vulnerabilities in embedded systems generally requires simulation or real-world exploration, but the cost of purchasing hardware can sometimes be high or difficult.
Simulation hardware is sometimes an option, but for specialized hardware, a very deep understanding of the platform is required to perform the simulation.
In addition, manufacturers often make the firmware highly coupled with the hardware (e.g., special I/Os), so the difficulty of emulation is generally very high.

In the case of embedded systems, off-the-shelf tools cannot simulate hardware from a decade or more ago.
In the case of embedded systems, off-the-shelf tools cannot simulate hardware from a decade or more ago, and there are no supporting measures to simulate these firmware in the current space-time environment. This study focuses on "liberating" this long-standing need.

In this study, we propose two solutions. One solution is to directly modify the original firmware extensively.
However, this approach was found to be very time consuming, so even though it was successful in one of our experimental setups, we did not consider this solution to be feasible.
Another option we proposed was to "reconstruct PE relocation information by static analysis", which would allow us to retrieve binary files from any firmware, to the point where these executable files could be used.
to the point where these executables can be placed in any environment that we have full control over.

Tool: https://github.com/evanslify/pe-necro