• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1225-1234
• /
• 2019

The security of the firmware is more important because embedded devices have become popular. Network devices such as routers can be attacked by attackers through web application vulnerabilities in embedded firmware. Therefore, they must be found and removed quickly. The Firmadyne framework proposes a dynamic analysis method to find vulnerabilities after emulating firmware. However, it only performs vulnerability checks according to the analysis methods defined in the tool, thus limiting the scope of vulnerabilities that can be found. In this paper, fuzzing is performed in emulation-based environment through fuzzing, one of the software security test techniques. We also propose a Fabfuzz tool for efficient emulation based fuzzing. Experiments have shown that in addition to the vulnerabilities identified in existing tools, other types of vulnerabilities have been found.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1121-1125
• /
• 2022

HAL-Fuzz, a fuzzing technique to find firmware vulnerabilities, is efficient by using the HAL function of the hardware abstraction layer provided by MCU vendors. However, it cannot handle most firmware that unused the exact HAL function. In this paper, we propose a new method for identifying pseudo-HAL functions to increase the fuzzing availability of HAL-Fuzz. In experiments, we identified not only the HAL but also the pseudo-HAL functions, implemented by the developer, and that fuzzing is possible.

• The Journal of the Korea Contents Association
• /
• v.4 no.1
• /
• pp.1-7
• /
• 2004

In addition to wired communication technology, wireless communication technology has been driving communication revolution nowadays. Bluetooth technology carries out data/voice communication making pico-net and the various application services are supported by access network connected to public network. This paper presents educational software development of bluetooth protocol stack including HCI, L2CAP, RFCOMM, SDP and profiles including GAP, SPP, GEOP, FTP. This software which supports programming environment of these protocol monitoring and emulation is implemented basically step by step for education based on H connected to the bluetooth device through RS-232-C, UART or USB cable. Application program coded by Visual C is operated over the firmware loaded on the bluetooth device connected to the PC. Additionally ftp and chatting function are developed to enhance educational efficiency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.847-857
• /
• 2020

As IoT equipment is commercialized, Bluetooth or wireless networks will be built into general living devices such as IP cameras, door locks, cars and TVs. Security for IoT equipment is becoming more important because IoT equipment shares a lot of information through the network and collects personal information and operates the system. In addition, web-based attacks and application attacks currently account for a significant portion of cyber threats, and security experts are analyzing the vulnerabilities of cyber attacks through manual analysis to secure them. However, since it is virtually impossible to analyze vulnerabilities with only manual analysis, researchers studying system security are currently working on automated vulnerability detection systems, and Firm-AFL, published recently in USENIX, proposed a system by conducting a study on fuzzing processing speed and efficiency using a coverage-based fuzzer. However, the existing tools were focused on the fuzzing processing speed of the firmware, and as a result, they did not find any vulnerability in various paths. In this paper, we propose IoTFirmFuzz, which finds more paths, resolves constraints, and discovers more crashes by strengthening the mutation process to find vulnerabilities in various paths not found in existing tools.

• Journal of Institute of Control, Robotics and Systems
• /
• v.6 no.10
• /
• pp.903-910
• /
• 2000

In this paper, we describe a slave chip based on the Profibus-DP protocol and a system board to verify the developed slave chip. The Profibus-DP protocol is designed using VHDL and implemented on FPGA. The system board adopting the developed FPGA is designed FPGA is designed in which the firmware is implemented on Intel 8051 by using C language. Among the Profibus-DP protocols, low level layers from the physical layer to the data link layer is implemented in the form of hardware that we are able to greatly reduce the CPU load in processing protocols, and then higher layers could be processed by software. These technologies result in an IP to make terminal devices in the distributed control systems. Therefore, many digital logics as well as communication logics can be implemented onto SOC(System On a Chip) and it could be applied to various fieldbus-related areas.