Skip to main content
SpringerLink
Log in

XOR

A Web Application Framework for Automated Security Analysis of Firmware Images of Embedded Devices

  • Conference paper
  • First Online:
Smart Industry & Smart Education (REV 2018)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 47))

  • 1339 Accesses

Abstract

Embedded Linux devices are very popular today and due their simple implementation they have become ubiquitous in our daily lives. Manufactures provide firmware updates online to enhance software security and quality of their products. In this context, software updates and firmware versions represent an enormous potential for security analysts to perform vulnerability analyses, because no real device is needed to gain valuable insights into systems. Previous solutions show the enormous advantages of automatically performing vulnerability research, but do not correlate program versions with ‘Common Vulnerabilities and Exposures’ (CVE) entries. Our solution provides a remote debugging interface to analyse extracted programs.

Therefore, in this paper we present XOR, an expandable web application framework, which supports the manual reverse engineering process of embedded Linux firmware images. In addition, an internal correlation database offers valuable insights for further research. XOR features detect system services, provides a remote debugging interface and allow the correlation between program version and CVE entries. We analysed 47 firmware images of 20 different vendors and found 487 related CVE entries.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.ubnt.com/.

References

  1. Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: Proceedings of the 23rd USENIX Security Symposium 2014 (2014). https://www.usenix.org/system/files/conference/usenixsecurity14/-sec14-paper-costin.pdf

  2. Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: Proceedings of the US Blackhat 2015 (2015). http://adsabs.harvard.edu/abs/2015arXiv151103609C

  3. Chen, D., Egele, M., Woo, M., Brumley, D.: Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. Boston University (2016). https://github.com/firmadyne

  4. Metasploit. https://www.metasploit.com

  5. Docker. https://www.docker.com/

  6. CVE. https://cve.mitre.org/

  7. CVE-search. https://github.com/cve-search/cve-search

  8. Heffner, C.: Exploiting embedded systems part 3. In: /DEV/TTYS0 Embedded Device Hacking, blog post, 25 September 2011. http://www.devttys0.com/2011/09/exploiting-embedded-systems-part-3/

  9. Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: Proceedings of the US Blackhat 2015 (2015). http://adsabs.harvard.edu/abs/2015arXiv151103609C

  10. Heffner, C.: Differentiate encryption from compression using math. In: /DEV/TTYS0 Embedded Device Hacking, blog post, 12 June 2013. http://www.devttys0.com/2013/06/differentiate-encryption-from-compression-using-math/

  11. Zaddach, J., Costin, A.: Embedded devices security and firmware reverse engineering. In: Proceeding of the US Blackhat 2013 (2013). http://media.blackhat.com

  12. Siever, E., Figgins, S., Love, R., Robbins, A.: Linux in a Nutshell. O’Reilly Media Inc., Sebastopol (2009)

    Google Scholar 

  13. Eagle, C.: The IDA Pro Book. No Starch Press, San Francisco (2011)

    Google Scholar 

  14. Papp, D., Ma, Z., Buttyan, L.: Embedded systems security: threads, vulnerabilities, and attack taxonomy. In: Proceeding of the 14th Annual Conference of Privacy, Security and Trust (PST) (2015). http://www.cse.psu.edu/~pdm12/cse597g-f15/readings/cse597g-embedded_systems.pdf

  15. Heffner, C.: ‘Exploiting Embedded systems part 3’, /DEV/TTYS0 Embedded Device Hacking, blog post, 25 September 2011. http://www.devttys0.com/2011/09/exploiting-embedded-systems-part-3/

  16. Sally, G.: Pro Linux Embedded Systems. Springer, New York (2010)

    Book  Google Scholar 

  17. Strackx, R., Younan, Y., Philippaerts, P., Piessens, F.: Efficient and Effective Buffer Overflow Protection on ARM Processors. University of Leuven (2010). https://lirias.kuleuven.be/bitstream/123456789/266377/1/paper.pdf

  18. OWASP: OWASP Top 10, wiki (2013). https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet

  19. Shoshitaishvili, Y., Wang, R., Hauser, C., Kruegel, C., Vigna, G.: Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. UC Santa Barbara (2015). http://angr.io/

  20. Binwalk. http://binwalk.org

  21. CVE-2010-0597. http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0597

  22. firmwalker. https://github.com/craigz28/firmwalker

  23. QEMU. http://wiki.qemu.org/Main_Page

  24. Flask. http://flask.pocoo.org/

  25. Ubuntu 14.04. http://releases.ubuntu.com/14.04/

  26. Cent OS. http://isoredirect.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso

  27. mongodb. https://www.mongodb.com/

  28. Ubuntu bash image. https://github.com/Blitznote/docker-ubuntu-debootstrap

  29. IDA PRO. https://www.hex-rays.com/products/ida/index.shtml

  30. Exploit database. https://www.exploit-db.com

Download references

Author information

Authors and Affiliations

  1. Institute of Internet Technologies and Applications, FH JOANNEUM University of Applied Sciences, Kapfenberg, Austria

    Christoph Vorhauer & Klaus Gebeshuber

Authors
  1. Christoph Vorhauer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Klaus Gebeshuber
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Klaus Gebeshuber .

Editor information

Editors and Affiliations

  1. Carinthia University of Applied Sciences, Villach, Austria

    Michael E. Auer

  2. Competence Center Automation Duesseldorf (CCAD), Duesseldorf University of Applied Science, Duesseldorf, Germany

    Reinhard Langmann

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vorhauer, C., Gebeshuber, K. (2019). XOR. In: Auer, M., Langmann, R. (eds) Smart Industry & Smart Education. REV 2018. Lecture Notes in Networks and Systems, vol 47. Springer, Cham. https://doi.org/10.1007/978-3-319-95678-7_42

Download citation

Publish with us

Policies and ethics

Search

Navigation