Sökning: WFRF:(Abbas Muhammad) >
DUDE: Decryption, U...
-
Abbas, HaiderNational University of Sciences and Technology (NUST), Islamabad, Pakistan
(författare)
DUDE: Decryption, Unpacking, Deobfuscation, and Endian Conversion Framework for Embedded Devices Firmware
- Artikel/kapitelEngelska2023
Förlag, utgivningsår, omfång ...
-
Institute of Electrical and Electronics Engineers (IEEE),2023
-
printrdacarrier
Nummerbeteckningar
-
LIBRIS-ID:oai:DiVA.org:kth-350059
-
https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-350059URI
-
https://doi.org/10.1109/TDSC.2023.3320675DOI
Kompletterande språkuppgifter
-
Språk:engelska
-
Sammanfattning på:engelska
Ingår i deldatabas
Klassifikation
-
Ämneskategori:ref swepub-contenttype
-
Ämneskategori:art swepub-publicationtype
Anmärkningar
-
QC 20240706
-
Commercial-Off-The-Shelf (COTS) embedded devices rely on vendor-specific firmware to perform essential tasks. These firmware have been under active analysis by researchers to check security features and identify possible vendor backdoors. However, consistently unpacking newly created filesystem formats has been exceptionally challenging. To thwart attempts at unpacking, vendors frequently use encryption and obfuscation methods. On the other hand, when handling encrypted, obfuscated, big endian cramfs, or custom filesystem formats found in firmware under test, the available literature and tools are insufficient. This study introduces DUDE, an automated framework that provides novel functionalities, outperforming cutting-edge tools in the decryption, unpacking, deobfuscation, and endian conversion of firmware. For big endian compressed romfs filesystem formats, DUDE supports endian conversion. It also supports deobfuscating obfuscated signatures for successful unpacking. Moreover, decryption support for encrypted binaries from the D-Link and MOXA series has also been added, allowing for easier analysis and access to the contents of these firmware files. Additionally, the framework offers unpacking assistance by supporting the extraction of special filesystem formats commonly found in firmware samples from various vendors. A remarkable 78% (1424 out of 1814) firmware binaries from different vendors were successfully unpacked using the suggested framework. This performance surpasses the capabilities of commercially available tools combined on a single platform.
Ämnesord och genrebeteckningar
Biuppslag (personer, institutioner, konferenser, titlar ...)
-
Shahzad, MuhammadNational University of Sciences and Technology (NUST), Islamabad, Pakistan
(författare)
-
Safdar, MalihaNational University of Sciences and Technology (NUST), Islamabad, Pakistan
(författare)
-
Hemani, Ahmed,1961-KTH,Elektronik och inbyggda system(Swepub:kth)u131a9ju
(författare)
-
National University of Sciences and Technology (NUST), Islamabad, PakistanElektronik och inbyggda system
(creator_code:org_t)
Sammanhörande titlar
-
Ingår i:IEEE Transactions on Dependable and Secure Computing: Institute of Electrical and Electronics Engineers (IEEE)1545-59711941-0018
Internetlänk
Hitta via bibliotek
Till lärosätets databas