Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.6.1121

Firmware Fuzzing Method through Pseudo-HAL Identification  

Jeong, Seyeon (Yonsei University)
Hwang, Eunbi (Yonsei University)
Cho, Yeongpil (Hanyang University)
Kwon, Taekyoung (Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.6, 2022 , pp. 1121-1125 More about this Journal
Abstract
HAL-Fuzz, a fuzzing technique to find firmware vulnerabilities, is efficient by using the HAL function of the hardware abstraction layer provided by MCU vendors. However, it cannot handle most firmware that unused the exact HAL function. In this paper, we propose a new method for identifying pseudo-HAL functions to increase the fuzzing availability of HAL-Fuzz. In experiments, we identified not only the HAL but also the pseudo-HAL functions, implemented by the developer, and that fuzzing is possible.
Keywords
Firmware fuzzing; Firmware emulation; HAL; Pseudo-HAL identification;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B. Feng, A. Mera, and L. Lu."P2im: Scalable and hardware-independent fir mware testing via automatic peripheral interface modeling," USENIX 20, p p. 1237-1254, 2020
2 M. Muench, J. Stijohann, F. Kargl, A. Francillon, and D. Balzarotti. "What You Corrupt Is Not What You Crash: Challenges in fuzzing embedded de vices," NDSS, Jan. 2018.
3 A. A Clements, E. Gustafson, T. Scharnowski, P. Grosen, D. Fritz, C. Krue gel, G. Vigna, S. Bagchi,and M. Payer."Halucinator: Firmware re-hosting through abstraction layer emulation," USENIX 20, pp. 1201-1218, 2020.
4 E. Gustafson, M. Muench, C. Spensky, N. Redini, A. Machiry, Y. Fratantonio, D. Balzarotti, A. Francillon, Y. RynChoe, C. Kruegel, et al. "Toward the analysis of embedded firmware through automated re-hosting," RAID, pp. 135-150, Sep. 2019
5 Wei Zhou, Le Guan, Peng Liu, and Yuqing Zhang. "Automatic firmware emulation through invalidity-guided knowledge inference," USENIX 21, 2021.