Application of Function Matching Techniques to Determine Libraries in Embedded Firmware Public

Downloadable Content

open in viewer

With the increasing ubiquity of embedded devices there is a need to analyze the firmware of these systems since it is important to security, safety and privacy. Recognizing whether a firmware has been build on top of vulnerable libraries, separating out the application specific sections from library sections would help the analyst to assert the security of these systems and narrow down the analysis scope to focus more in to important sections of the disassembly. Though there are a number of techniques to identify functions, there is no previous work that tried to identify libraries from a firmware. In this thesis, we present a new approach i.e. LibDecoder to efficiently identify libraries in baremetal embedded firmware. We make use of the function matching techniques that has been previously proposed in literature along with our own technique as the foundation to identify libraries. The method we use to identify libraries in firmware starts with a corpus that contains popular libraries. We use these libraries with the function matching techniques to identify the functions in the unknown firmware. The results of the function fingerprinting would be then used as an input for the LibDecoder. Overall we were able to identify libraries within the firmware efficiently: an average weighted precision of 90% and average weighted recall of 94% with the firmware dataset.

  • etd-4701
Defense date
  • 2020
Date created
  • 2020-12-07
Resource type
Rights statement


In Collection:


Permanent link to this page: