Design And Implementation Of Firmware Security Analysis System

In recent years,IoT technology has developed rapidly,but its security status is worrying,and attacks on IoT devices are gradually entering our field of vision.At this stage,the security analysis and research on IoT devices at home and abroad mostly lock the target object as the firmware in the device.The firmware is also called "fixed software",that is,the software embedded in the IoT terminal,which controls the device driver and interacts with the outside world.Interactive.At present,domestic and foreign manufacturers have not reached a unified standard on the file structure of the firmware.Therefore,different types of firmware often correspond to different unpacking methods,which brings many difficulties to the static analysis of the firmware.In the analysis and research,some of them choose to use black-box dynamic analysis methods,such as development board debugging or emulator simulation.The process is relatively complicated,depends on the environment,and has limitations.At the same time,this testing method can detect Network equipment may contain security vulnerabilities,but it is the current technical difficulty in locating the trigger points of the vulnerabilities and exploring and analyzing the specific causes,which brings difficulties to batch and large-scale firmware security analysis.In response to the above problems,this article uses binary and assembly technology as the basis to in-depth study and summarize the structure of different firmware files and the corresponding unpacking process.At the same time,it draws on the unpacking ideas of existing unpacking tools to realize a set of universal and An easy-to-expandable firmware file unpacking scheme,and then on this basis,summarizes the more general firmware security analysis ideas that can be adopted after the firmware file is successfully unpacked.Finally,based on the above research results,a set of A system that automates the unpacking of firmware and its safety analysis.The system includes the functions of firmware extraction,firmware unpacking,firmware analysis and generating analysis reports.It can identify and unpack common firmware formats,and then perform instruction architecture,component versions,vulnerabilities,built-in key certificates,startup information,and executable file protection measures And many other security analysis.The functional core consists of 5 modules,which are firmware analysis module,task scheduling module,data storage module,display module and user management module.(1)Firmware analysis module: This module contains four sub-modules,namely the file identification module,the file unpacking module,the security analysis module and the report generation module.The file identification module and the file unpacking module cooperate with each other to decompose the firmware file into sufficiently small granularity,and then use the security analysis module to perform item-by-item security analysis,and finally call the report generation module to count the security analysis results and generate reports.(2)Task scheduling module: The core engine of the system is the safety analysis module,which mainly completes 4 tasks,namely identification task,unpacking task,safety analysis task and report generation task.Through the task scheduling module,it can support relatively independent task concurrent execution,Improve the execution efficiency of the safety analysis module.(3)Data storage module: Dominates the data storage in the system,covering firmware files,firmware unpacking results,firmware analysis results,firmware analysis reports,and firmware security analysis vulnerability libraries.(4)Display module: Responsible for the display of system functions and data content,including firmware list display,firmware analysis result display,and vulnerability library display.(5)User management module: Manage user information in the system,and provide the functions of adding/deleting users,activating/freezing users,and modifying user information.