Assessing and Exploiting
Embedded Firmware

Module Outline:

  • Examples when to use

  • Overview of methodology

  • Obtaining the firmware

    • Overview of JTAG

    • Exercise: Using OpenOCD to debug our ARM Cortex m4 Launchpad

    • Exercise: Using OpenOCD to dump our ARM Cortex Launchpad memory

    • Exercise: Identifying where the firmware is in the dump

  • Firmware disassembly

    • Code object analysis

  • Code functional analysis

  • Firmware exploitation

    • Exploiting firmware flaws

  • Bonus material in the appendix (not covered in class)

    • Exercise: Dumping memory and firmware from MSP430 LaunchPad

    • Exercise: Firmware encoding types and converting between them

    • Exercise: Disassembling MSP430 firmware

  • Exercise: MSP430 firmware crypto challenge

Software

  • ControlThings Platform Virtual Machine

Hardware

  • TI TM4C123G Launchpad
    (Uses TI's Tiva C (Stellaris) based on ARM Cortex-M4. Same CPU family our Velocio PLC is based on...)