Determining the Image Base of ARM Firmware by Matching Function Addresses

Determining the Image Base of ARM Firmware by Matching Function Addresses

Firmware is software embedded in a device and acts as the most fundamental work of a system. Disassembly is a necessary step to understand the operational mechanism or detect the vulnerabilities of the firmware. When disassembling a firmware, it should first obtain the processor type of running envi...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Ruijin Zhu, Baofeng Zhang, Yu-an Tan, Yueliang Wan, Jinmiao Wang
Formato: article
Lenguaje:EN
Publicado: Hindawi-Wiley 2021
Materias:
Technology
T
Telecommunication
TK5101-6720
Acceso en línea:https://doaj.org/article/4ad0d887c1b748d193377b2c9e862df4
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:4ad0d887c1b748d193377b2c9e862df4
record_format dspace
spelling oai:doaj.org-article:4ad0d887c1b748d193377b2c9e862df42021-11-29T00:56:29ZDetermining the Image Base of ARM Firmware by Matching Function Addresses1530-867710.1155/2021/4664882https://doaj.org/article/4ad0d887c1b748d193377b2c9e862df42021-01-01T00:00:00Zhttp://dx.doi.org/10.1155/2021/4664882https://doaj.org/toc/1530-8677Firmware is software embedded in a device and acts as the most fundamental work of a system. Disassembly is a necessary step to understand the operational mechanism or detect the vulnerabilities of the firmware. When disassembling a firmware, it should first obtain the processor type of running environment and the image base of firmware. In general, the processor type can be obtained by tearing down the device or consulting the product manual. However, at present, there is still no automated tool that can be used to obtain the image base of all types of firmware. In this paper, we focus on firmware in ARM and propose an automated method to determine the image base address. Firstly, by studying the storage rule and loading mode of the function address, we can obtain the function offset and the function address loaded by LDR instruction, respectively. Then, with this information, we propose an algorithm, named Determining image Base by Matching Function Addresses (DBMFA), to determine the image base. The experimental results indicate that the proposed method can successfully determine the image base of firmware which uses LDR instruction to load function address.Ruijin ZhuBaofeng ZhangYu-an TanYueliang WanJinmiao WangHindawi-WileyarticleTechnologyTTelecommunicationTK5101-6720ENWireless Communications and Mobile Computing, Vol 2021 (2021)
institution DOAJ
collection DOAJ
language EN
topic Technology
T
Telecommunication
TK5101-6720
spellingShingle Technology
T
Telecommunication
TK5101-6720
Ruijin Zhu
Baofeng Zhang
Yu-an Tan
Yueliang Wan
Jinmiao Wang
Determining the Image Base of ARM Firmware by Matching Function Addresses
description Firmware is software embedded in a device and acts as the most fundamental work of a system. Disassembly is a necessary step to understand the operational mechanism or detect the vulnerabilities of the firmware. When disassembling a firmware, it should first obtain the processor type of running environment and the image base of firmware. In general, the processor type can be obtained by tearing down the device or consulting the product manual. However, at present, there is still no automated tool that can be used to obtain the image base of all types of firmware. In this paper, we focus on firmware in ARM and propose an automated method to determine the image base address. Firstly, by studying the storage rule and loading mode of the function address, we can obtain the function offset and the function address loaded by LDR instruction, respectively. Then, with this information, we propose an algorithm, named Determining image Base by Matching Function Addresses (DBMFA), to determine the image base. The experimental results indicate that the proposed method can successfully determine the image base of firmware which uses LDR instruction to load function address.
format article
author Ruijin Zhu
Baofeng Zhang
Yu-an Tan
Yueliang Wan
Jinmiao Wang
author_facet Ruijin Zhu
Baofeng Zhang
Yu-an Tan
Yueliang Wan
Jinmiao Wang
author_sort Ruijin Zhu
title Determining the Image Base of ARM Firmware by Matching Function Addresses
title_short Determining the Image Base of ARM Firmware by Matching Function Addresses
title_full Determining the Image Base of ARM Firmware by Matching Function Addresses
title_fullStr Determining the Image Base of ARM Firmware by Matching Function Addresses
title_full_unstemmed Determining the Image Base of ARM Firmware by Matching Function Addresses
title_sort determining the image base of arm firmware by matching function addresses
publisher Hindawi-Wiley
publishDate 2021
url https://doaj.org/article/4ad0d887c1b748d193377b2c9e862df4
work_keys_str_mv AT ruijinzhu determiningtheimagebaseofarmfirmwarebymatchingfunctionaddresses
AT baofengzhang determiningtheimagebaseofarmfirmwarebymatchingfunctionaddresses
AT yuantan determiningtheimagebaseofarmfirmwarebymatchingfunctionaddresses
AT yueliangwan determiningtheimagebaseofarmfirmwarebymatchingfunctionaddresses
AT jinmiaowang determiningtheimagebaseofarmfirmwarebymatchingfunctionaddresses
_version_ 1718407703680778240

Ejemplares similares