Showing
1 changed file
with
41 additions
and
1 deletions
| 1 | -ㅁㄴㅇㄹ | ||
| ... | \ No newline at end of file | ... | \ No newline at end of file |
| 1 | +# IoT 펌웨어 취약점 분석을 위한 프레임워크 | ||
| 2 | + | ||
| 3 | +## Overview | ||
| 4 | + | ||
| 5 | +2021-1 캡스톤디자인2(CSE405-00) 수업 프로젝트로 만든 Arduino M0 계열 취약점 분석 툴. | ||
| 6 | + | ||
| 7 | +## Date | ||
| 8 | + | ||
| 9 | +2021.03 ~ 2021.06 | ||
| 10 | + | ||
| 11 | +## Usage | ||
| 12 | + | ||
| 13 | +1. Analyze the given firmware: | ||
| 14 | + | ||
| 15 | + ```python3 m0-angr.py --type a --name firm.bin``` | ||
| 16 | + | ||
| 17 | + It generates the followings: | ||
| 18 | + + `api.txt`: It contains the list of restored APIs. | ||
| 19 | + + `cfg.txt`: It contains the restored Control-Flow Graph in the form of disassembly. | ||
| 20 | + + `vuln.txt`: It contains the list of found vulnerabilities. | ||
| 21 | + | ||
| 22 | +2. Generate exploitable payloads: | ||
| 23 | + | ||
| 24 | + ```python3 m0-angr.py --type g --name firm.bin --out payload.bin --code {{vuln_offset}} --dest {{dest_offset}} --ret {{ret_offset}} ``` | ||
| 25 | + | ||
| 26 | + + `{{vuln_offset}}`: The offset where vulnerable codes are located(listed in the generated `vuln.txt`). | ||
| 27 | + + `{{dest_offset}}`: The offset to jump into. It must be of the prologue in a function. | ||
| 28 | + + `{{ret_offset}}`: The offset to go back to after its first step of ROP ends. | ||
| 29 | + | ||
| 30 | +3. Enjoy~. | ||
| 31 | + | ||
| 32 | +## Requirements | ||
| 33 | + | ||
| 34 | ++ Ubuntu 18.04 | ||
| 35 | ++ Python 3.6+ | ||
| 36 | ++ Radare2 | ||
| 37 | ++ Angr | ||
| 38 | + | ||
| 39 | +## Member | ||
| 40 | + | ||
| 41 | ++ 2015104162 김정현 | ||
| ... | \ No newline at end of file | ... | \ No newline at end of file | ... | ... |
-
Please register or login to post a comment