Embedded Device Firmware Vulnerability Hunting Using FRAK, the Firmware Reverse Analysis Konsole

Presented at DEF CON 20 (2012), July 27, 2012, 10 a.m. (20 minutes)

We present FRAK, the firmware reverse analysis konsole. FRAK is a framework for unpacking, analyzing, modifying and repacking the firmware images of proprietary embedded devices. The FRAK framework provides a programmatic environment for the analysis of arbitrary embedded device firmware as well as an interactive environment for the disassembly, manipulation and re-assembly of such binary images. We demonstrate the automated analysis of Cisco IOS, Cisco IP phone and HP LaserJet printer firmware images. We show how FRAK can integrate with existing vulnerability analysis tools to automate bug hunting for embedded devices. We also demonstrate how FRAK can be used to inject experimental host-based defenses into proprietary devices like Cisco routers and HP printers.

Presenters:

• Ang Cui - Red Balloon Security
  Ang Cui is the founder of Red Ballon Security Inc., which specializes in the development of offensive and defensive technologies for embedded systems. Ang is also currently a PhD candidate at Columbia University in the Intrusion Detection Systems Laboratory.

Links:

• https://defcon.org/html/defcon-20/dc-20-speakers.html#Cui
• https://www.youtube.com/watch?v=EKy_f-etWy8

Similar Presentations:

• Black Hat Asia 2016 / Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
• Black Hat Europe 2014 / Firmware.RE: Firmware Unpacking, Analysis and Vulnerability-Discovery as a Service
• Black Hat USA 2012 / Embedded Device Firmware Vulnerability Hunting Using FRAK