#HITBLockdown D2 - Army Of Undead: Tailored Firmware Emulation - Thomas Weber

The exploding number of embedded systems, like network cameras, routers and programmable logic controllers (PLCs) of the past years raise the question how secure these devices are and which connections are established in the background. As these devices are often concepted as closed systems, a popular possibility is emulation of the firmware of such devices. Past projects like FIRMADYNE by Chen et al. and Automated Dynamic Firmware Analysis at Scale by Costin et al. showed that emulation of such devices is possible, but only by doing manual modifications on the Linux kernel and restricted to few architectures. During this talk, comprehensive methods for tasks like finding the file system root, determining the exact instruction set and emulating the target firmware in an automated manner will be discussed. All these steps can be done by simple scripts and open-source components without changing the code of any kernel.

===

Thomas Weber is a security researcher and consultant with a focus on embedded device security/reverse engineering. Prior to his employment at SEC Consult, he worked as developer for various embedded devices in different companies. Thomas disassembles and dissects the hardware and the extracted firmware from embedded devices for customers and during research projects in the Hardware Lab of SEC Consult. He published several advisories for devices in the embedded (industrial) environment, e.g. products from: Ubiquiti, Linksys, Zyxel, WAGO, JUNG, Kathrein, Sprecher and Solare Datensysteme.