Embedded firmware analysis with the Avatar framework

OData support
Dr. Buttyán Levente
Department of Networked Systems and Services

Embedded devices are created to perform a dedicated function, usually as part of a larger system. The conventional requirements for embedded devices are reliability and availability, which are necessary to keep the larger system functioning. They often handle mission-critical tasks like controlling an airplane or an uranium refinement centrifuge. Other times they work as part of a regular PC, responsible for storing and accessing valuable data.

The trend of recent years shows that embedded systems are becoming network-connected, sometimes directly, other times indirectly through a controlling PC. These connections allowed execution of attacks towards systems which were believed to be isolated. Because design specifications of the devices have rarely adapted to the larger security risk, analysis by independent researchers is necessary to uncover vulnerabilities.

The most advanced analysis methods are dynamic, meaning they require execution of the code under test. Because the architectures are different, software emulation of the device is necessary to dynamically analyze a firmware. Most of the processors can already be emulated, but the disperse peripherals connected to the device can not. Avatar Framework is a software created to demonstrate a new idea, which in some cases allows usage of the connected peripherals on the device itself while emulating the CPU only. This allows monitoring the inside state of the processor and memory without the need to create a full emulator.

In this thesis I summarize the capabilities and limitations of Avatar Framework and examine the practicability of the framework through the analysis of a hard drive firmware. Then I do some further analysis of the firmware and its update procedure using methods which are currently outside of Avatar's capabilities and could serve as a base for future work.


Please sign in to download the files of this thesis.