IoT 펌웨어 취약점 분석을 위한 프레임워크

Overview

2021-1 캡스톤디자인2(CSE405-00) 수업 프로젝트로 만든 Arduino M0 계열 취약점 분석 툴.

Date

2021.03 ~ 2021.06

Usage

1. Analyze the given firmware. It generates the followings:
   • api.txt: It contains the list of restored APIs.
   • cfg.txt: It contains the restored Control-Flow Graph in the form of disassembly.
   • vuln.txt: It contains the list of found vulnerabilities. python3 m0-angr.py --type a --name firm.bin
2. Generate exploitable payloads.
   • {{vuln_offset}}: The offset where vulnerable codes are located(listed in the generated vuln.txt).
   • {{dest_offset}}: The offset to jump into. It must be of the prologue in a function.
   • {{ret_offset}}: The offset to go back to after its first step of ROP ends. python3 m0-angr.py --type g --name firm.bin --out payload.bin --code {{vuln_offset}} --dest {{dest_offset}} --ret {{ret_offset}}
3. Enjoy~.

Requirements

• Ubuntu 18.04
• Python 3.6+
• Radare2
• Angr

Member

• 2015104162 김정현