Assessing and Exploiting
Embedded Firmware

Module Outline:

• Examples when to use

• Overview of methodology

• Obtaining the firmware

  • Overview of JTAG

  • Exercise: Using OpenOCD to debug our ARM Cortex m4 Launchpad

  • Exercise: Using OpenOCD to dump our ARM Cortex Launchpad memory

  • Exercise: Identifying where the firmware is in the dump

• Firmware disassembly

  • Code object analysis

• Code functional analysis

• Firmware exploitation

  • Exploiting firmware flaws

• Bonus material in the appendix (not covered in class)

  • Exercise: Dumping memory and firmware from MSP430 LaunchPad

  • Exercise: Firmware encoding types and converting between them

  • Exercise: Disassembling MSP430 firmware

• Exercise: MSP430 firmware crypto challenge

Software

• ControlThings Platform Virtual Machine

Hardware

• TI TM4C123G Launchpad(Uses TI's Tiva C (Stellaris) based on ARM Cortex-M4. Same CPU family our Velocio PLC is based on...)