Presentation Material

Abstract

Don’t you wish you had a VM for testing IoT devices? I created ARM-X IoT Firmware Emulation Framework initially as a testing platform for my own research and development needs. Over the years what started as a clumsy Linux-on-ARM QEMU image has now turned into a tried-and-tested framework which has led to four 0-days discovered on SoHo routers, IP cameras and VoIP exchanges. In this talk, I shall cover the evolution of ARM-X, demonstrate a few use cases and discuss future directions of IoT firmware emulation.

AI Generated Summary^{may contain errors}

Here is a summary of the content:

The speaker has demonstrated an exploit that allows them to gain shell access to an IP camera. The exploit uses QEMU and NFS to share directories between the host and guest systems, (Remote Mix). The speaker plans to release the website for this project on or before October 23rd, 2019.

The Remote Mix architecture uses QEMU, NFS, custom kernels, and scripts to create a shared folder between the host and guest systems. This allows for testing, fuzzing, web hacking, binary exploitation, and reversing.

The speaker answers questions from the audience:

• They plan to extend support to MIPS platforms in the future.
• GDB is not built into QEMU, but rather used separately within the environment.
• The kernel and root filesystem are built with Buildroot, which includes GDB for debugging.
• To deal with encrypted firmware, one would need to decrypt it themselves or use a bootloader that can decrypt it.

The speaker gives a shoutout to Dr. Quinn and X-Wings, who have developed an alternative approach to instrumented emulation using their Chilling framework. This allows for dynamically instrumenting binaries using Python code and covers more platforms than Remote Mix.