| Reverse analysis of firmware in embedded devices is useful to maintenance and upgrade of legacy system, along with function understanding and security defending of key electric equipment. It plays an important significance to study on the technology of reverse analysis on firmware.An identification framework is brought forward that reversely analyzes Linux firmware. The general structure of firmware, execution mechanism, realization mechanism, memory relativity and the relation between them are all studied. Local characteristics, combined with distribution characteristics are used to search doubtful modules and strip object modules. To deal with the problem of less integrality and errors in firmware obtained, general information of file system is obtained maximally according to multi-level characteristic extraction. According to fine granularity reverting, the problem that data reverted can't meet integration is solved. Then files left that are still integrative are reverted using correct mechanism. The file system that contains errors is reverted based on filtration and correction on errors, which effectively fulfills the integrality of data in reverting process. To deal with the problem of characteristic extraction and characteristic collision in static library functions identification, general characteristic extraction arithmetic is proposed. To solve the problem of big characteristic library and low matching speed, the minimal perfect hash arithmetic is used to fulfill fast matching, which is optimized on characteristic matching according to secondary characteristics.A prototype system of firmware analysis is designed and achieved, which is tested on several Linux firmwares. The results indicate that Linux firmware can be analyzed well. |
PDF Full Text Request