Abstract
Disassembling is a necessary step for vulnerability mining or deep understanding of the operating mechanism of firmware. When disassembling firmware, the image base of the firmware need to be determined first, but the image base usually cannot be obtained directly. Given the widespread use of ARM processors in embedded systems, a method is proposed to determine the range of the firmware image base by targeting ARM firmware. First, the addresses loaded by the LDR instruction in the firmware are obtained, and then these addresses are deduplicated, sorted, and segmented to calculate the cumulative frequency. Then, the rapidly rising segment in the cumulative frequency curve is considered as the range of image base. Experimental results demonstrate that the proposed method can effectively determine the range of image base for firmware that uses LDR instruction to load address.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Yan, S., Wang, R., Hauser, C., Kruegel, C., Vigna, G.: Firmalice – automatic detection of authentication bypass vulnerabilities in binary firmware. In: Network and Distributed System Security Symposium, Network and Distributed System Security Symposium (2015)
Giese, D., Wegemer, D.: Reversing iot: **aomi ecosystem (2018)
Schiller, N., et al.: Drone security and the mysterious case of DJI’s DroneID. In: Network and Distributed System Security Symposium (NDSS) (2023)
Melotti, D., Bellom, M.R.: Attack on titan m, reloaded: vulnerability research on a modern security chip. In: blackhat USA 2022, blackhat USA 2022, Las Vegas, USA (2022)
Eagle, C.: The IDA pro book: the unofficial guide to the world’s most popular disassembler, No Starch Press (2008)
Basnight, Z., Butts, J., Lopez, J., Dube, T.: Analysis of programmable logic controller firmware for threat assessment and forensic investigation. In: Proceedings of the 8th International Conference on Information Warfare and Security: ICIW 2013, Proceedings of the 8th International Conference on Information Warfare and Security: ICIW 2013, p. 9 16. Academic Conferences Limited, Denver, Colorado, USA (2013). http://toc.proceedings.com/17592webtoc.pdf
Basnight, Z., Butts, J., Lopez, J., Jr., Dube, T.: Firmware modification attacks on programmable logic controllers. Int. J. Crit. Infrastruct. Prot. 6(2), 76–84 (2013). https://doi.org/10.1016/j.ijcip.2013.04.004
Basnight, Z.H.: Firmware counterfeiting and modification attacks on programmable logic controllers, Ph.D. thesis, Air Force Institute of Technology (2013)
Peck, D., Peterson, D., Leveraging ethernet card vulnerabilities in field devices. In: SCADA Security Scientific Symposium, SCADA Security Scientific Symposium, pp. 1–19. Digital Bond Press (2009)
Heffner, C.: Reverse engineering vxworks firmware: Wrt54gv8 (2011)
Heffner, C.: Reversing belkin’s wps pin algorithm (2015)
Zhu, R., Tan, Y.-A., Zhang, Q., Wu, F., Zheng, J., Xue, Y.: Determining image base of firmware files for arm devices. Trans. Inf. Syst. 99-D(2), 351–359 (2016). https://doi.org/10.1587/transinf.2015EDP7217
Zhu, R., Tan, Y.-A., Zhang, Q., Li, Y., Zheng, J.: Determining image base of firmware for arm devices by matching literal pools. Digit. Investig. 16, 19–28 (2016). https://doi.org/10.1016/j.diin.2016.01.002
Zhu, R., Zhang, B., Mao, J., Luo, Y., Tan, Y.-a., Zhang, Q.: Determining image base of arm firmware based on matching string addresses. Acta Electron. Sin. 45(06), 1475–1482 (2017) 11–2087/TN
Zhu, R., Zhang, B., Mao, J., Zhang, Q., Tan, Y.-A.: A methodology for determining the image base of arm-based industrial control system firmware. Int. J. Crit. Infrastruct. Prot. 16, 26–35 (2017). https://doi.org/10.1016/j.ijcip.2016.12.002
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, J., Zhu, R., Cao, X., Zhang, Y. (2023). Determining the Range of Image Base of ARM Firmware. In: Burduk, A., Batako, A., Machado, J., Wyczółkowski, R., Antosz, K., Gola, A. (eds) Advances in Production. ISPEM 2023. Lecture Notes in Networks and Systems, vol 790. Springer, Cham. https://doi.org/10.1007/978-3-031-45021-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-45021-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-45020-4
Online ISBN: 978-3-031-45021-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)