Enabling dynamic analysis of Legacy Embedded Systems in full emulated environment
Exploring vulnerabilities in embedded systems generally requires simulation or real-world exploration, but the cost of purchasing hardware can sometimes be high or difficult.
Simulation hardware is sometimes an option, but for specialized hardware, a very deep understanding of the platform is required to perform the simulation.
In addition, manufacturers often make the firmware highly coupled with the hardware (e.g., special I/Os), so the difficulty of emulation is generally very high.
In the case of embedded systems, off-the-shelf tools cannot simulate hardware from a decade or more ago.
In the case of embedded systems, off-the-shelf tools cannot simulate hardware from a decade or more ago, and there are no supporting measures to simulate these firmware in the current space-time environment. This study focuses on "liberating" this long-standing need.
In this study, we propose two solutions. One solution is to directly modify the original firmware extensively.
However, this approach was found to be very time consuming, so even though it was successful in one of our experimental setups, we did not consider this solution to be feasible.
Another option we proposed was to "reconstruct PE relocation information by static analysis", which would allow us to retrieve binary files from any firmware, to the point where these executable files could be used.
to the point where these executables can be placed in any environment that we have full control over.