Army of Undead - Tailored Firmware Emulation

Explore advanced techniques for emulating and analyzing embedded system firmware in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into methods for automating firmware emulation across various architectures without modifying the Linux kernel. Learn how to locate file system roots, determine instruction sets, and emulate target firmware using simple scripts and open-source components. Gain insights into the security implications of the growing number of embedded devices, including network cameras, routers, and programmable logic controllers (PLCs). Discover practical approaches to dissecting hardware and extracted firmware, drawing from real-world examples and research projects. Examine case studies, including a command injection vulnerability in Phoenix Contact devices, and understand the outcomes of Linux-based firmware emulation studies. Benefit from the expertise of Thomas Weber, a seasoned security researcher specializing in embedded device security and reverse engineering.

Intro
Outline
What? / Expectations
Nowadays Firmware Development - Storage
Nowadays Firmware Development - Distribution/ Device Upload
Nowadays Firmware Development - Extract Firmware from Devices
All Beginnings are Difficult
Preparations
Locate the Root File System
Identify the Architecture
Libraries are Relevant!
Script Preparation
Pre-Analysis - Sample Set of (Almost) 200 Firmwares across 49 Vend
Preparing Fake Images - Buildroot to the Rescue!
Preparing Fake Images - Covered Architectures
Monitoring and Debugging
Study Samples from...
Study Outcome of Linux Based Firmware Emulation
Command Injection in Phoenix Contact Devices - Analysis
Conclusion and Further Work