SpringerLink
Log in

Determining the Range of Image Base of ARM Firmware

  • Conference paper
  • First Online:
Advances in Production (ISPEM 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 790))

  • 268 Accesses

Abstract

Disassembling is a necessary step for vulnerability mining or deep understanding of the operating mechanism of firmware. When disassembling firmware, the image base of the firmware need to be determined first, but the image base usually cannot be obtained directly. Given the widespread use of ARM processors in embedded systems, a method is proposed to determine the range of the firmware image base by targeting ARM firmware. First, the addresses loaded by the LDR instruction in the firmware are obtained, and then these addresses are deduplicated, sorted, and segmented to calculate the cumulative frequency. Then, the rapidly rising segment in the cumulative frequency curve is considered as the range of image base. Experimental results demonstrate that the proposed method can effectively determine the range of image base for firmware that uses LDR instruction to load address.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now
Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 117.69
Price includes VAT (Germany)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 160.49
Price includes VAT (Germany)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Yan, S., Wang, R., Hauser, C., Kruegel, C., Vigna, G.: Firmalice – automatic detection of authentication bypass vulnerabilities in binary firmware. In: Network and Distributed System Security Symposium, Network and Distributed System Security Symposium (2015)

    Google Scholar 

  2. Giese, D., Wegemer, D.: Reversing iot: **aomi ecosystem (2018)

    Google Scholar 

  3. Schiller, N., et al.: Drone security and the mysterious case of DJI’s DroneID. In: Network and Distributed System Security Symposium (NDSS) (2023)

    Google Scholar 

  4. Melotti, D., Bellom, M.R.: Attack on titan m, reloaded: vulnerability research on a modern security chip. In: blackhat USA 2022, blackhat USA 2022, Las Vegas, USA (2022)

    Google Scholar 

  5. Eagle, C.: The IDA pro book: the unofficial guide to the world’s most popular disassembler, No Starch Press (2008)

    Google Scholar 

  6. Basnight, Z., Butts, J., Lopez, J., Dube, T.: Analysis of programmable logic controller firmware for threat assessment and forensic investigation. In: Proceedings of the 8th International Conference on Information Warfare and Security: ICIW 2013, Proceedings of the 8th International Conference on Information Warfare and Security: ICIW 2013, p. 9 16. Academic Conferences Limited, Denver, Colorado, USA (2013). http://toc.proceedings.com/17592webtoc.pdf

  7. Basnight, Z., Butts, J., Lopez, J., Jr., Dube, T.: Firmware modification attacks on programmable logic controllers. Int. J. Crit. Infrastruct. Prot. 6(2), 76–84 (2013). https://doi.org/10.1016/j.ijcip.2013.04.004

    Article  Google Scholar 

  8. Basnight, Z.H.: Firmware counterfeiting and modification attacks on programmable logic controllers, Ph.D. thesis, Air Force Institute of Technology (2013)

    Google Scholar 

  9. Peck, D., Peterson, D., Leveraging ethernet card vulnerabilities in field devices. In: SCADA Security Scientific Symposium, SCADA Security Scientific Symposium, pp. 1–19. Digital Bond Press (2009)

    Google Scholar 

  10. Heffner, C.: Reverse engineering vxworks firmware: Wrt54gv8 (2011)

    Google Scholar 

  11. Heffner, C.: Reversing belkin’s wps pin algorithm (2015)

    Google Scholar 

  12. Zhu, R., Tan, Y.-A., Zhang, Q., Wu, F., Zheng, J., Xue, Y.: Determining image base of firmware files for arm devices. Trans. Inf. Syst. 99-D(2), 351–359 (2016). https://doi.org/10.1587/transinf.2015EDP7217

    Article  Google Scholar 

  13. Zhu, R., Tan, Y.-A., Zhang, Q., Li, Y., Zheng, J.: Determining image base of firmware for arm devices by matching literal pools. Digit. Investig. 16, 19–28 (2016). https://doi.org/10.1016/j.diin.2016.01.002

    Article  Google Scholar 

  14. Zhu, R., Zhang, B., Mao, J., Luo, Y., Tan, Y.-a., Zhang, Q.: Determining image base of arm firmware based on matching string addresses. Acta Electron. Sin. 45(06), 1475–1482 (2017) 11–2087/TN

    Google Scholar 

  15. Zhu, R., Zhang, B., Mao, J., Zhang, Q., Tan, Y.-A.: A methodology for determining the image base of arm-based industrial control system firmware. Int. J. Crit. Infrastruct. Prot. 16, 26–35 (2017). https://doi.org/10.1016/j.ijcip.2016.12.002

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Run Technologies Co., Ltd. Bei**g, Bei**g, 100192, China

    **miao Wang & **aofei Cao

  2. Bei**g Cyberspace Data Analysis and Applied Engineering Technology Research Center, Bei**g, 100192, China

    **miao Wang & **aofei Cao

  3. China Information Technology Security Evaluation Center, Bei**g, 100085, China

    Rui** Zhu

  4. Bei**g Union University, Bei**g, 100101, China

    Yue** Zhang

Authors
  1. **miao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rui** Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. **aofei Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yue** Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yue** Zhang .

Editor information

Editors and Affiliations

  1. Wroclaw University of Science and Technology, Wrocław, Poland

    Anna Burduk

  2. Liverpool John Moores University, Liverpool, UK

    Andre Batako

  3. School of Engineering, University of Minho, Guimarães, Portugal

    José Machado

  4. Katedra Budowy Maszyn, Politechnika ÅšlÄ…ska, Gliwice, Poland

    Ryszard Wyczółkowski

  5. Rzeszow University of Technology, Rzeszów, Poland

    Katarzyna Antosz

  6. Lublin University of Technology, Lublin, Poland

    Arkadiusz Gola

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, J., Zhu, R., Cao, X., Zhang, Y. (2023). Determining the Range of Image Base of ARM Firmware. In: Burduk, A., Batako, A., Machado, J., Wyczółkowski, R., Antosz, K., Gola, A. (eds) Advances in Production. ISPEM 2023. Lecture Notes in Networks and Systems, vol 790. Springer, Cham. https://doi.org/10.1007/978-3-031-45021-1_9

Download citation

Publish with us

Policies and ethics

Search

Navigation