Harzer Roller: Linker-Based Instrumentation for Enhanced Embedded Security Testing

by   Katharina Bogad, et al.

Due to the rise of the Internet of Things, there are many new chips and platforms available for hobbyists and industry alike to build smart devices. The SDKs for these new platforms usually include closed-source binaries containing wireless protocol implementations, cryptographic implementations, or other library functions, which are shared among all user code across the platform. Leveraging such a library vulnerability has a high impact on a given platform. However, as these platforms are often shipped ready-to-use, classic debug infrastructure like JTAG is often times not available. In this paper, we present a method, called Harzer Roller, to enhance embedded firmware security testing on resource-constrained devices. With the Harzer Roller, we hook instrumentation code into function call and return. The hooking not only applies to the user application code but to the SDK used to build firmware as well. While we keep the design of the Harzer Rollergenerally architecture independent, we provide an implementation for the ESP8266 Wi-Fi IoT chip based on the xtensa architecture. We show that the Harzer Roller can be leveraged to trace execution flow through libraries without available source code and to detect stack-based buffer-overflows. Additionally, we showcase how the overflow detection can be used to dump debugging information for later analysis. This enables better usage of a variety of software security testing methods like fuzzing of wireless protocol implementations or proof-of-concept attack development.


page 1

page 2

page 3

page 4


ThingPot: an interactive Internet-of-Things honeypot

The Mirai Distributed Denial-of-Service (DDoS) attack exploited security...

The Cost of OSCORE and EDHOC for Constrained Devices

Many modern IoT applications rely on the Constrained Application Protoco...

Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets

Wireless communication standards and implementations have a troubled his...

Hardware Implementation of an OPC UA Server for Industrial Field Devices

Industrial plants suffer from a high degree of complexity and incompatib...

A Survey of Asynchronous Programming Using Coroutines in the Internet of Things and Embedded Systems

Many Internet of Things and embedded projects are event-driven, and ther...

InternalBlue - Bluetooth Binary Patching and Experimentation Framework

Bluetooth is one of the most established technologies for short range di...

Security Risks of Porting C Programs to WebAssembly

WebAssembly is a compilation target for cross-platform applications that...

Please sign up or login with your details

Forgot password? Click here to reset