Reversing FreeRTOS on embedded devices

More documents

Recommendations

Info

̶ ̶ ̶ ̶ Security issues • These are not real bugs in <strong>FreeRTOS</strong>, this is just observation from the point of adversary who wants to do some exploitation! TCP/IP stack is not very resilient Stack overflow protection is rudimentary MPU usage is not very common (supported only on ARM M3 platforms anyway) § Unprivileged task can spawn privileged task, if MPU is used; or § Everything runs in the same context otherwise It is developed in C inheriting all possible security problems as any other C programs (buffer overflows, heap corruptions…) 20 RECON 2017 Brussels
̶ ̶ Sample application • Sample => simple • Goals Get the button state Toggle the LED if button is pushed • Idea is to create a simple firmware for a device which will have MCU, a button and a LED. • When button is pressed, LED will change its state. 21 RECON 2017 Brussels
Page 1 and 2: Reversing
Page 3 and 4: About us - Vladan • Senior Managi
Page 5 and 6: Why? • Recent project challenges
Page 7 and 8: …To Embedded • Usually around s
Page 9 and 10: Tools of choice • IDA Pro • Cap
Page 11 and 12: Main constraints • Limited amount
Page 13 and 14: Software Requirements • Needs to
Page 15 and 16: Supported high level functionalitie
Page 17 and 18: FreeRTOS main comp
Page 19: ̶ ̶ ̶ Security Features overview
Page 23 and 24: Application architecture C O R E Bu
Page 25 and 26: Run // LED connected to GPIO port P
Page 27 and 28: What is next? • Now we have creat
Page 29 and 30: Reverse engineering on embedded sys
Page 31 and 32: The entry point • STM32 has some
Page 33 and 34: The entry point - IVT raw • Conte
Page 35 and 36: The entry point - Reset Handler Now
Page 37 and 38: Reverse engineering on STM32F0 •
Page 39 and 40: IDA Plugin - Functions manipulating
Page 41 and 42: Reverse engineering on STM32F0 •
Page 43 and 44: Critical code decoding and listing
Page 45 and 46: Interesting registers 45 RECON 2017
Page 47: THANK YOU

Reversing FreeRTOS on embedded devices

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?