PinDown: Generalized Application Code Identification And Functional Component Analysis In RTOS-based Firmware

Master thesis (2024)

Authors

D.A. Prinsze Electrical Engineering, Mathematics and Computer Science

Contributors

G. Smaragdakis (graduation committee member)
Jérémie Decouchant Data-Intensive Systems - EEMCS (graduation committee member)
A. Voulimeneas (mentor)
Andrea Continella University of Twente (mentor)
Faculty
Electrical Engineering, Mathematics and Computer Science
More Info
expand_more

Published Date

07-10-2024

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Small embedded devices are becoming more prevalent in the world with each passing year to improve our quality of life. However, as more devices are created, an increasing number of older devices are declared obsolete despite still being used. This results in an increasing amount of devices being vulnerable to exploitation due to a lack of security updates. Identifying these vulnerabilities manually without any system knowledge is an arduous task, and current state-of-the-art technologies do not perform generalized analysis in RTOS-based firmware. In this work, we present PinDown, an analysis framework that enables the automated identification of application code in RTOS-based firmware without requiring partial system knowledge. By identifying functions that modify the heap, we can identify RTOS components that can be leveraged to locate memory regions that host application code.