Nowadays internet of things (commonly referred to as IoT) devices can be found in the majority of homes. These devices however doesn’t get the same attention as our phones or computers do when it comes to security. This is true for the end user as well for the manufacturers. More often than not IoT devices receive just a handful of critical security updates at most, and run very old and insecure software. Therefore these devices need to be analysed to ensure that nothing really bad can slip trough the cracks or preferably cracks do not exist. Analysis of these devices’ software can be accomplished without the actual hardware since that can be virtualized, in this example using QEMU. There is a however a problem with this approach. Using the original binaries is not possible due to its’ reliance on the original hardware. Core system functionality needs to be made compatible with QEMU’s virtual hardware. During our work We were making a utility that aids in creating a kernel, that can be ran via QEMU and is compatible with the devices’ origial userspace software. We conducted an end-to-end test as well that is documented at the end of this document.
Dr. Bencsáth Boldizsár
2022-07-15
Támogató: CUJO AI Labs