Full Program »
PIE: Parser Identification in Embedded Systems
of modern societies, controlling the correct operation of cars
and airplanes, satellites and medical equipments, military
units and all critical infrastructures. Being integrated in
large and complex environments, embedded systems need
to support several communication protocols to interact with
other devices or with their users. Interestingly, embedded
software often implements protocols that deviate from their
original specifications. Some are extended with additional
features, while others are completely undocumented. Fur-
thermore, embedded parsers often consist of complex C code
which is optimized to improve performance and reduce size.
However, this code is rarely designed with security in mind,
and often lacks proper input validation, making those de-
vices vulnerable to memory corruption attacks. Further-
more, most embedded designs are closed source and third
party security evaluations are only possible by looking at
the binary firmware.
In this paper we propose a methodology to identify parsers
and complex code present in binary code without access
to their source code or documentation. Specifically we es-
tablish and evaluate a heuristic for detecting this type of
code by means of static analysis. Afterwards we demon-
strate the utility of this heuristics to identify firmware com-
ponents treating input, perform reverse engineering to ex-
tract protocols, and discover and analyze bugs on four widely
used devices: a GPS receiver, a power meter, a hard disk
drive (HDD) and a Programmable Logic Controller (PLC)
Author(s):
Lucian Cojocar
Vrije Universiteit Amsterdam
Netherlands
Jonas Zaddach
EURECOM
France
Roel Verdult
Radboud Universiteit Nijmegen
Netherlands
Herbert Bos
Vrije Universiteit Amsterdam
Netherlands
Davide Balzarotti
EURECOM
France
Aurélien Francillon
EURECOM
France