2

2015104162

컴퓨터공학과_김정현

da3618e8 Update 15th weekly report · by JungHyun Kim

IoT 펌웨어 취약점 분석을 위한 프레임워크

Overview

2021-1 캡스톤디자인2(CSE405-00) 수업 프로젝트로 만든 Arduino M0 계열 취약점 분석 툴.

Date

2021.03 ~ 2021.06

Usage

  1. Analyze the given firmware. It generates the followings:
    • api.txt: It contains the list of restored APIs.
    • cfg.txt: It contains the restored Control-Flow Graph in the form of disassembly.
    • vuln.txt: It contains the list of found vulnerabilities. python3 m0-angr.py --type a --name firm.bin
  2. Generate exploitable payloads.
    • {{vuln_offset}}: The offset where vulnerable codes are located(listed in the generated vuln.txt).
    • {{dest_offset}}: The offset to jump into. It must be of the prologue in a function.
    • {{ret_offset}}: The offset to go back to after its first step of ROP ends. python3 m0-angr.py --type g --name firm.bin --out payload.bin --code {{vuln_offset}} --dest {{dest_offset}} --ret {{ret_offset}}
  3. Enjoy~.

Requirements

  • Ubuntu 18.04
  • Python 3.6+
  • Radare2
  • Angr

Member

  • 2015104162 김정현