Embedded Firmware Rehosting System Through Automatic Peripheral Modeling

Embedded Firmware Rehosting System Through Automatic Peripheral Modeling

Blog Article

Embedded devices are becoming increasingly common and, as a result, more susceptible to security threats.Consequently, analyzing the firmware of these devices is essential for detecting and mitigating vulnerabilities.Hardware dependencies pose a major challenge for firmware analysis, as they require either running the firmware on the original hardware or emulating various hardware behaviors in a virtualized environment.Firmware rehosting, which allows firmware to run in a virtualized environment (i.e.

, emulation), is a recent research approach read more to overcome the hardware dependency problem.However, this approach faces several challenges, such as: limited applicability, path elimination, and lack of support for dynamic direct memory access (DMA).To address these challenges, we propose VDEmu, a novel firmware rehosting system that integrates hybrid fuzzing-based memory-mapped I/O (MMIO) modeling and dynamic DMA support.VDEmu can handle MMIO accesses without requiring precise implementation of peripherals and can access overlooked DMA logic by creating and removing DMA streams through a virtual DMA controller.Therefore, VDEmu can mitigate limited applicability and path elimination through fuzzing and explore more firmware logic through DMA support.

We evaluated our approach on real-world targets comprising a total of eight hardware platforms and 14 grand love red heart reposado tequila firmware images.Compared with state-of-the-art works, VDEmu was the only work that could model all interactions between firmware and hardware (i.e., MMIO, DMA, and interrupts), and VDEmu achieved a code coverage that was up to 9.15 times higher.

VDEmu discovered two previously unknown bugs, including ones previously analyzed in other works.