D.A. Tavalinsky1, D.A. Krasikov2

1–2 Military University of Radioelectronics (Cherepovets, Russia)
 

The widespread use of spatially distributed computer networks has led to the emergence of new types of remote influence on information and computing systems - attacks on data flows that are directed to intelligent network-forming equipment (switches and routers). Malicious actions of this type are based on hardware vulnerabilities and use undeclared capabilities of embedded software. Despite the importance of the task of analyzing the embedded software of intelligent network equipment, today there are no unified methods for solving it. Modern reverse engineering tools cannot be used to analyze firmware without its preliminary study and construction of the software file structure. The signature approach used today to solve this problem requires specialists to have a non-standard, creative and individual approach to each piece of equipment. Thus, the development of a firmware pre-processing technique oriented towards subsequent software implementation is of particular relevance.

The main particular problems of embedded software analysis are considered. Taking into account the capabilities of existing special reverse engineering tools, a group of tasks that make up firmware preprocessing has been identified. To implement pre-processing, firmware was associated with a binary construct of arbitrary complexity, to the analysis of which a statistical approach was applied, used in the technical analysis of signals and messages. A pre-processing technique has been developed that is compatible with the existing methodological apparatus for software analysis in the interests of searching for undeclared capabilities.

The presented technique is universal and allows to convert the firmware of intelligent hardware to such a state that it is possible to solve the problem of software analysis using the existing special reverse engineering tools.

Tavalinsky D.A., Krasikov D.A. Pre-processing of embedded software of network-forming devices. Science Intensive Technologies. 2023. V. 24. № 3. P. 43−51. DOI: https://doi.org/ 10.18127/j19998465-202303-5 (in Russian)

1. Krasikov D.A., Myasoedov N.I. Sravnenie utilit, ispol'zuemyh dlya analiza programmnogo obespecheniya seteobrazuyushchego oborudovaniya. Sb. nauch. trudov fakul'teta avtomatizirovannyh sistem upravleniya. CHerepovec: CHVVIURE. 2018. S. 71–76.
2. Kasperski K., Rokko E. Iskusstvo dizassemblirovaniya. SPb.: BHV-Peterburg. 2008. 896 s.
3. Tavalinskij D.A., Zamarin A.I., Atakishchev O.I., Ryumshin K.YU. Posledovatel'nyj tekhnicheskij analiz cifrovyh posledo-vatel'nostej pri identifikacii slozhnyh struktur. Izv. Yugo-zapadnogo gosudarstvennogo universiteta. 2014. № 1. S. 14–21. (in Russian)
4. Krasikov D.A. Identifikaciya algoritmov szhatiya programmnogo obespecheniya seteobrazuyushchih ustrojstv. Sb. nauchnyh rabot fakul'teta avtomatizirovannyh sistem upravleniya. CHerepovec: CHVVIURE. 2019. S. 57–61.
5. Myasoedov N.I., Krasikov D.A. Metodika analiza programmnogo obespecheniya seteobrazuyushchih ustrojstv. Sb. nauchnyh tru-dov 44-oj voenno-nauchnoj konf. molodyh specialistov. CHerepovec: CHVVIURE. 2018. S. 96–101.
6. Krasikov D.A., Bodunov A.S. Analiz vstroennogo programmnogo obespecheniya seteobrazuyushchih ustrojstv. Sb. nauch. rabot II Vseros. nauchno-prakt. konf. CHerepovec: CHVVIURE. 2019. S. 87–91.
7. Krasikov D.A., Bodunov A.S. Algoritm analiza firmware seteobrazuyushchih ustrojstv. Sb. nauch. trudov 45-j voenno-nauchnoj konf. molodyh specialistov VURE. CHerepovec: VURE. 2020. S. 71–76.
8. Tavlinskij D.A., Krasikov D.A. Grafodinamicheskoe modelirovanie informacionno-telekommunikacionnoj seti v intere-sah racional'nogo raspredeleniya resursov. Dinamika slozhnyh sistem – XXI vek. 2022. T. 16. № 45. S. 40–46. DOI: 10.18127/j19997493-202203-04/  (in Russian)