Reversing FreeRTOS on embedded devices

More documents

Recommendations

Info

Internals • Heavily relies on double linked circular lists • pxTaskReadyListcontains a list of tasks that needs to be executed • Every task has its own Task Control Block. TCB has a pointer to the stack allocated for the task. • Queue is a list with additional pointers indicating where is the next read or write address. • Semaphore is a specific instance of queue which doesn’t track the data but the number of used elements in uxMessageWaiting field. • Mutex is similar to semaphore, but head pointer is always 0 indicating it is a mutex and pointer to the task owning it is in the tail pointer. 18 RECON 2017 Brussels
̶ ̶ ̶ Security Features overview • By design, not much of them • Since it is not designed as multitenant environment it lacks security controls we’re used to on the desktop • It supports: Tasks with different privilege levels (only on ARM Cortex M3 with MPU enabled) Stack overflow protection SSL library as an add-on 19 RECON 2017 Brussels
Page 1 and 2: Reversing
Page 3 and 4: About us - Vladan • Senior Managi
Page 5 and 6: Why? • Recent project challenges
Page 7 and 8: …To Embedded • Usually around s
Page 9 and 10: Tools of choice • IDA Pro • Cap
Page 11 and 12: Main constraints • Limited amount
Page 13 and 14: Software Requirements • Needs to
Page 15 and 16: Supported high level functionalitie
Page 17: FreeRTOS main comp
Page 21 and 22: ̶ ̶ Sample application • Sample
Page 23 and 24: Application architecture C O R E Bu
Page 25 and 26: Run // LED connected to GPIO port P
Page 27 and 28: What is next? • Now we have creat
Page 29 and 30: Reverse engineering on embedded sys
Page 31 and 32: The entry point • STM32 has some
Page 33 and 34: The entry point - IVT raw • Conte
Page 35 and 36: The entry point - Reset Handler Now
Page 37 and 38: Reverse engineering on STM32F0 •
Page 39 and 40: IDA Plugin - Functions manipulating
Page 41 and 42: Reverse engineering on STM32F0 •
Page 43 and 44: Critical code decoding and listing
Page 45 and 46: Interesting registers 45 RECON 2017
Page 47: THANK YOU

Reversing FreeRTOS on embedded devices

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?