Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. ·...
Transcript of Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. ·...
![Page 1: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/1.jpg)
Kwonyoup Kim
Embedded Security & IP Consultant / CEO
Embedded Devices Reversing– 2015 FIOS #1 –
![Page 2: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/2.jpg)
2 / 48
(주)에스엔티웍스
Cyber Law
&
Digital Forensics
Cryptographic
Theory
&
Practical
Hardware
R.E.
&
Software
R.E.
Based Technologies & Know-How
Security
• Offensive & Defensive Security
• Assessment, Evaluation, Assurance
- Cryptography
- Authentication
- Other’s security function
• Reverse engineering services
• Patent infringement investigations
• Patent Licensing defense
• Patent Litigation support
• Competitive technical intelligence
service
• Reverse engineering services
Intellectual Property
Patent attorney
& Law firm
![Page 3: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/3.jpg)
3 / 48
목 차
임베디드장치역분석과정
임베디드장치정적/동적역분석
임베디드장치분석 Readiness
임베디드장치정보및자원수집
2
3
4
5
임베디드장치역분석필요성1
![Page 4: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/4.jpg)
Embedded Devices Reversing- 임베디드 장치 역분석 필요성 -
![Page 5: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/5.jpg)
5 / 48
Proving Spy Devices
임베디드 장치 역분석 필요성
![Page 6: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/6.jpg)
6 / 48
Offensive / Defensive Analysis
임베디드 장치 역분석 필요성
![Page 7: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/7.jpg)
7 / 48
Proving Counterfeit
임베디드 장치 역분석 필요성
![Page 8: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/8.jpg)
8 / 48
Proving Supply Chain Attack
임베디드 장치 역분석 필요성
![Page 9: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/9.jpg)
9 / 48
Proving device for Crime (1/3)
임베디드 장치 역분석 필요성
![Page 10: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/10.jpg)
10 / 48
Proving device for Crime (2/3)
임베디드 장치 역분석 필요성
![Page 11: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/11.jpg)
11 / 48
Proving device for Crime (3/3)
임베디드 장치 역분석 필요성
![Page 12: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/12.jpg)
Embedded Devices Reversing- 임베디드 장치 역분석 과정 -
![Page 13: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/13.jpg)
13 / 48
Black-box testing vs. White-box testing
임베디드 장치 역분석 과정
Black-box
input output
White-box
input output
![Page 14: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/14.jpg)
14 / 48
Gray-Box Tesing
임베디드 장치 역분석 과정
BlackBox
External Resources
Sniffing
Scanning
Internal Resources
Access
Booting log
Processing log
Error log
Static Analysis
Deobfuscation
Code & Data Extract
Disassembling
Dynamic Analysis
Tracing
Debugging
Memory Dump
GrayBox
![Page 15: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/15.jpg)
15 / 48
임베디드장치의일반적인분석방법
• Interception (or Eavesdropping)
Gain access to protected information without opening the product
• Interruption (or Fault Generation)
Preventing the product from functioning normally
• Modification
Tampering with the product, typically invasive
• Fabrication
Creating counterfeit assets of a product
임베디드 장치 역분석 과정
![Page 16: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/16.jpg)
16 / 48
Embedded Reversing Process
임베디드 장치 역분석 과정
정적 분석내·외부 자원
접근 및 수집
대상 장치
정보 수집
• Sniffing Communications
• Debugging Interfaces
• Acquisitions
- (Non) Volatile Data
- Boot-loader
- Microcode (MCU, FPGA)
- File-System
• De-obfuscation
• Code Extraction
• Disassembling
• Reconstruction
• Code Simulation/Emulation
• Identifying Factory Mode
• On-Chip Debugging
• Remote Debugging
• Targets Teardown
• Products Documents
• Identifying Chip / Interface
• OS / Firmware Information
• Development methods
동적 분석
![Page 17: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/17.jpg)
Embedded Devices Reversing- 임베디드 장치 정보 및 자원 수집 -
![Page 18: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/18.jpg)
18 / 48
General / Private / Secret Information Gathering
• Crawling the Internet for specific information
Product specifications, design documents, marketing materials
Check forums, blogs, Twitter, Facebook, etc.
• Acquire target hardware
Purchase, borrow, rent, steal, or ask the vendor
Ex. : eBay, surplus
• Dumpster diving
• Social engineering
임베디드 장치 정보 및자원 수집
![Page 19: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/19.jpg)
19 / 48
Hardware Teardown (1/2)
• Hardware and electronics disassembly and reverse engineering
• Get access to the circuitry
• Component and subsystem identification
• Gives clues about design techniques, potential attacks, and system functionality
• Typically there are similarities between older and newer designs
임베디드 장치 정보 및자원 수집
![Page 20: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/20.jpg)
20 / 48
Hardware Teardown (2/2)
임베디드 장치 정보 및자원 수집
![Page 21: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/21.jpg)
21 / 48
On-Chip Debug Interfaces (1/6)
• UART (Universal Asynchronous Receiver / Transmitter)
UART 연결을위한 Pin : RxD, TxD, GND
임베디드 장치 정보 및자원 수집
![Page 22: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/22.jpg)
22 / 48
On-Chip Debug Interfaces (2/6)
• UART (Universal Asynchronous Receiver / Transmitter)
임베디드 장치 정보 및자원 수집
![Page 23: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/23.jpg)
23 / 48
On-Chip Debug Interface (3/6)
• JTAG (Joint Test Access Group, IEEE 1149.1)
Basic Pin : TMS, TCK, nTRST, TDI, TDO
Extended Pin : nRESET, VTref, DBGRQ, DBGACK
임베디드 장치 정보 및자원 수집
![Page 24: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/24.jpg)
24 / 48
On-Chip Debug Interface (4/6)
• JTAG (Joint Test Access Group, IEEE 1149.1)
임베디드 장치 정보 및자원 수집
![Page 25: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/25.jpg)
25 / 48
On-Chip Debug Interface (5/6)
• More difficult to located when available only on component pads or tented vias
임베디드 장치 정보 및자원 수집
![Page 26: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/26.jpg)
26 / 48
On-Chip Debug Interface (6/6)
• Automatic finding interfaces (UART, JTAG)
JTAGulator
JTAGFinder
임베디드 장치 정보 및자원 수집
![Page 27: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/27.jpg)
27 / 48
내·외부자원수집
• Communications monitoring
• Protocol decoding and/or emulation
• Example – Smartcard, Serial, USB, JTAG, I2C, SPI, Ethernet, CAN
• Any interface accessible to the outside world may be an avenue for attack
Especially program/debug connections: if a legitimate designer has access to the
interface, so do we
• Using oscilloscope, logic analyzer, dedicated sniffers, software tools, etc.
임베디드 장치 정보 및자원 수집
![Page 28: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/28.jpg)
28 / 48
내·외부자원수집 – Chip-Off (1/3)
• Flash memory (NOR / SPI) reading
임베디드 장치 정보 및자원 수집
![Page 29: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/29.jpg)
29 / 48
내·외부자원수집 – Chip-Off (2/3)
• PC-3000 Flash Edition (NAND Devices)
임베디드 장치 정보 및자원 수집
![Page 30: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/30.jpg)
30 / 48
내·외부자원수집 – Chip-Off (3/3)
• Extract Microcode (ROM, EEPROM, MCU, FPGA, …)
Searching “MCU Break” on Google search
임베디드 장치 정보 및자원 수집
![Page 31: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/31.jpg)
Embedded Devices Reversing- 임베디드 장치 정적 분석 -
![Page 32: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/32.jpg)
32 / 48
임베디드리눅스기반펌웨어구조
임베디드 장치 정적 분석
Decompress Code (RAW)
Boot Code (Compressed)
Kernel (Compressed)
File System (Compressed)
![Page 33: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/33.jpg)
33 / 48
RTOS (Real Time Operating System)기반펌웨어구조
임베디드 장치 정적 분석
Decompressed Code (RAW)
Boot Code (Compressed)
Kernel (Compressed)
Additional Support File & Data(Compressed)
![Page 34: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/34.jpg)
34 / 48
RAW Code 펌웨어구조
임베디드 장치 정적 분석
Decompressed Code (RAW)
Boot Code (Compressed)
RAW Code (Compressed)
![Page 35: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/35.jpg)
35 / 48
펌웨어압축해제 (Decoding, Decompressing, De-Obfuscating) 방안
• 자동화 도구 활용
Binwalk, FMK(Fimrware Modification Kit)
• 1st / 2nd Bootloader 분석
부팅과정에펌웨어를분해하는코드분석
• UART / JTAG을 활용
메모리상에압축해제된코드수집
임베디드 장치 정적 분석
![Page 36: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/36.jpg)
36 / 48
CISC vs. RISC Architecture
• 대상 장치의 Assembly 구조 및 패턴 이해 필요
Calling Convention, CallBack, IPC(Inter Process Communication)
Parameter, Static/Global Variable, Return Value
Store & Load Storage (Stack, Register, Memory)
임베디드 장치 정적 분석
CISC
(Complex Instruction Set Computer)
RISC
(Reduced Instruction Set Computer)
하드웨어가 강조됨 소프트웨어가 강조됨
여러 클럭의 복합 명령어를 포함 오직 단일 클럭의 축약명령어만 포함
Memory to Memory Register to Register
작은 코드 크기, 단위시간동안 높은 사이클 단위시간동안 낮은 사이클, 큰 코드 크기
Intel, AMDARM, MIPS, PowerPC, UltraSPARC
DEC Alpha, PA-RISC
![Page 37: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/37.jpg)
37 / 48
Disassembly 코드변환
• Disassembling File Format Code
COFF, PE, ELF, iHEX, SREC, S19
• Disassembling RAW Code
Identifying Code / Architecture
Finding Base Address
임베디드 장치 정적 분석
![Page 38: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/38.jpg)
38 / 48
코드정적분석
• 분석하고자 하는 코드 위치 파악
Symbols, Debug Message, API 활용
• Emulation/Simulation Tools 활용
IDA Pro with QEMU
Trace32
IAR
Product Disassembler
Custom Disassembler
임베디드 장치 정적 분석
![Page 39: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/39.jpg)
Embedded Devices Reversing- 임베디드 장치 동적 분석 -
![Page 40: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/40.jpg)
40 / 48
동적 역분석 환경 구축 (1/3)
• IDA Pro with Remote GDB (on QEMU)
• 장점
단독 PC 환경에서실행파일디버깅가능
• 단점
실행파일이아닌코드는디버깅불가능 (커널디버깅)
실행 중인 모듈 디버깅 불가능 (프로세스/쓰레드 디버깅)
임베디드 장치 동적 분석
IDA ProRemote GDB
![Page 41: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/41.jpg)
41 / 48
동적 역분석 환경 구축 (2/3)
• Trace32 with JTAG (on Target Devices)
• 장점
커널디버깅가능
내부모든자원에접근가능
• 단점
Enabling JTAG Pinout
실행 중인 모듈 디버깅 어려움 (프로세스/쓰레드 디버깅)
임베디드 장치 동적 분석
JTAG
PinoutTrace32
![Page 42: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/42.jpg)
42 / 48
동적 역분석 환경 구축 (3/3)
• IDA Pro with Remote GDB (on Target Devices)
• 장점
커널/프로세스/쓰레드디버깅가능
내부모든자원에접근가능
• 단점
펌웨어분해및재조립필요
Cross Compile (telnet, strace, gdb_server, …) 필요
임베디드 장치 동적 분석
Remote GDBIDA Pro
![Page 43: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/43.jpg)
Embedded Devices Reversing- Readiness condition -
![Page 44: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/44.jpg)
44 / 48
Secure Embedded Devices
임베디드 장치 역분석 – Readiness Condition
Authentication
Confidentiality
Integrity
Secure Boot
Secure Update
SecureDevelop
![Page 45: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/45.jpg)
45 / 48
The Fundamental Tradeoffs
임베디드 장치 역분석 – Readiness Condition
Cheap
Secure
Usable
![Page 46: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/46.jpg)
46 / 48
Trade off – Security vs. Usability vs. Cheap
임베디드 장치 역분석 – Readiness Condition
![Page 47: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/47.jpg)
47 / 48
Readiness
임베디드 장치 역분석 – Readiness Condition
•Bypass Temp Resistance
•De-Capping / De-Soldering
•Dumping Code/Data
•Debugging Environment
•Side Channel Environment
Hardware Reversing
Software Reversing
•Power Analysis
•Clock & Timing Analysis
•Fault Injection Analysis
Side Channel Attack
•Crypto Protocols Attack
•Crypto Algorithms Attack
•Crypto Keys Attack
Crypto Attack
Co-Works
•De-Obfuscation
•Exploiting Authentication
•Simulation/Emulation
•Automatic Reversing
•Code Interpretation
![Page 48: Embedded Devices Reversingforensicinsight.org/wp-content/uploads/2013/07... · 2015. 8. 22. · Embedded Reversing Process 임베디드장치역분석과정 정적분석 내·외부자원](https://reader033.fdocument.pub/reader033/viewer/2022060918/60aaaad1a2cdfb1b1c1a7f99/html5/thumbnails/48.jpg)
48 / 48
감사합니다.