Determining the Image Base of ARM Firmware by Matching Function Addresses

<table class="algorithm-group"><tr><td><table class="algorithm" id="alg1"><tr><td colspan="2">Input: binaryFile</td></tr><tr><td colspan="2">Output: The addressees loaded by LDR instruction in ARM state.</td></tr><tr><td colspan="2">function Find_ARM_LDR(binaryFile)</td></tr><tr><td colspan="2">  bin[fileSize] ⟵ binaryFile</td></tr><tr><td colspan="2">  offset ⟵0</td></tr><tr><td colspan="2">   while(0 ≤ offset &lt; fileSize-3) do</td></tr><tr><td colspan="2">     if (bin[offset +2] ==0x9F &amp;&amp; bin[offset+3] ==0xE5)</td></tr><tr><td colspan="2">       PC ⟵ offset +8</td></tr><tr><td colspan="2">       immed_12 ⟵ bit[11,…,0]</td></tr><tr><td colspan="2">       address ⟵ PC&amp;0xFFFFFFFC + (immed_12)</td></tr><tr><td colspan="2">       Rd ⟵ Memory[address, 4]</td></tr><tr><td colspan="2">       Output: Rd</td></tr><tr><td colspan="2">     end if</td></tr><tr><td colspan="2">     offset ⟵ offset +4</td></tr><tr><td colspan="2">   end while</td></tr><tr><td colspan="2">end function</td></tr></table></td></tr></table>

Wireless Communications and Mobile Computing

alg1

Algorithm 1

Algorithm 1: Determining the Image Base of ARM Firmware by Matching Function Addresses 