Data Collection

Scrapy Crawler

This is a firmware scraper that aims to download firmware images and associated metadata from supported device vendor websites. The original version is designed by https://github.com/firmadyne/scraper. The spiders are extended and updated.

Dependencies

Usage

To run a specific scraper, e.g. dlink:

scrapy crawl dlink

To run all scrapers with maximum 4 in parallel, using GNU Parallel:

The scriper is not fully tested when running in parallel. parallel -j 4 scrapy crawl ::: `for i in ./firmware/spiders/*.py; do basename ${i%.*}; done`

Metadata

The ./metadata folder contains the meta data of firmware images used in the paper. The json files include the download links, firmware categories, release time and etc.

Analyzer

ELF Analyzer

The ELF analyzer takes one file as input to check the mitigations adopted by the ELF binary. We use Binaryninja to disassemble statically-linked binary to verify Stack Canary and Fortify Source. We separate this functionality from elf_analyzer.py since BinaryNinja is a commercial tool unavailable to general public.

Dependencies

Usage

Run with following command:

python3 elf_analyzer.py file_path

The output includes the mitigations adopted by the ELF binary

File name: /bin/ls
Arch: amd64-64
Dynamic linked: Yes
PIE/PIC: Yes
Protected with Canary: Yes
Protected with NX: Yes
Protected with full RELRO
Protected with Fortify Source: Yes

To accurately verify Stack Canary & Fortify Source in statically-linked binary, run following command with Binaryninja correctly installed:

python3 stc_stack.py file_path

Kernel Analyzer

The kernel analyzer takes ELF format Linux kernel as input to check the Linux kernel version and the existence of kernel attack mitigations. vmlinux-to-elf can be used to transfer raw format Linux kernel to a fully analyzable ELF file.

Dependencies:

Usage:

The kernel_example folder contains a raw format Linux kernel its corresponding recovered ELF format Linux kernel. To check the mitigations, run the example with following:

bash kernel_analyzer.sh -f kernel_example/elf_kernel

Citation

If your research find one or several components of this work useful, please cite the following paper:

@article{yu2022building,
  title={Building Embedded Systems Like It's 1996},
  author={Yu, Ruotong and Del Nin, Francesca and Zhang, Yuchen and Huang, Shan and Kaliyar, Pallavi and Zakto, Sarah and Conti, Mauro and Portokalidis, Georgios and Xu, Jun},
  journal={arXiv preprint arXiv:2203.06834},
  year={2022}
}