Research Article
Determining the Image Base of Smart Device Firmware for Security Analysis
Listing 2
Determining the image base by searching jump tables (DBJT).
| Input:firmwareFile | | Output: A sorted result of the elements and their occurrence in multiset M | | function DBJT (firmwareFile) | | fileSize ⟵Obtain the size of firmwareFile | | offset ⟵0 | | while(0 ≤ offset < fileSize) do | | CMP_FLAG ⟵ FALSE | | LDRLS_FLAG ⟵ FALSE | | B_FLAG ⟵ FALSE | | if Current instruction is CMP instruction, then | | CMP_FLAG ⟵ TRUE | | else | | offset ⟵ offset +4 | | continue | | end if | | if The second instruction is LDRLS instruction, then | | LDRLS_FLAG ⟵ TRUE | | else | | offset ← offset +4 | | continue | | end if | | if The third instruction is B instruction, then | | B_FLAG ⟵ TRUE | | else | | offset ⟵ offset +4 | | continue | | end if | | if CMP_FLAG ==TRUE && LDRLS_FLAG == TRUE && B_FLAG == TRUE then | | jt[n] ⟵ Read the jump table | | min_addr ⟵ Obtain the minimum element of the array jt[n] | | offset_case1 ⟵ Obtain offset of the first case block | | base ⟵ min_addr - offset_case1 | | if base % 4 ==0 then | | M ⟵ base | | end if | | offset ⟵ offset_case1 | | end if | | offset ⟵ offset +4 | | end while | | Count the number of occurrences of each element in the multiset M | | Sort the elements and their occurrence in descending order by number of occurrences | | Output: Sorted elements and their occurrences | | end function |
|
