Ready to learn why and how to leverage IDAPython to take hundreds of hours off of the time required to statically analyze the firmware of embedded devices? Tired of only being able to find IDAPython examples for x86 and ARM? Frustrated with developing analysis tools that can only apply to one architecture? Then this talk is for you!
This talk first discusses some important differences between the analysis process of applications and firmware images. It then shows how to use IDAPython to address these differences when analyzing firmware images running on a variety of microcontroller architectures. I will then explain and demonstrate a general toolkit of IDAPython scripts I wrote to triage, analyze, and annotate a firmware image’s IDA database for more efficient static analysis. The key focus is writing the scripts to be architecture-agnostic so that you have a toolkit that can be used repeatedly on each new target firmware image. All demonstrated and discussed scripts are available open-source at https://github.com/maddiestone/IDAPythonEmbeddedToolkit.
Maddie Stone is a reverse engineer at the Johns Hopkins University Applied Physics Laboratory. She is the lead of JHU/APL’s 150-person Reverse Engineering Working Group. The majority of her career has been spent deep in the firmware of embedded devices including 8051, C166, MIPS, PowerPC, BlackFin, the many flavors from Renesas (SH2, SH4, R8C, M16C), and more. She has previously spoken at the Women in Cybersecurity Conference and REcon Montreal. @maddiestone