u-INJECTOR: Unicorn-based Firmware Dynamic Analysis Tool

Youngbeen Yoo, Hanbit Kim, Junghyung Park, Jinsung Cho

http://doi.org/10.5626/JOK.2025.52.4.269

As proliferation of IoT devices fuels growth of the embedded market and expands application areas of embedded devices, the risk of vulnerability exploitation is increasing, particularly as many IoT device manufacturers does not allow security guidelines. This has led to an increased risk of exploitation through vulnerability attacks. Consequently, it's crucial to analyze and address vulnerabilities in embedded firmware beforehand to ensure system safety. While dynamic analysis techniques are crucial for assessing such vulnerabilities, unique development environments of embedded devices, as opposed to host PCs, along with the diversity in hardware architectures, pose challenges in setting up a firmware analysis environment using virtualization tools like QEMU alone. To overcome these challenges, this study introduced an embedded firmware vulnerability analysis tool, u-INJECTOR, utilizing the open-source CPU virtualization tool, Unicorn. u-INJECTOR can significantly reduce environment construction costs compared to QEMU by automatically analyzing symbols of executable files and establishing a virtualization environment for embedded firmware. The u-INJECTOR described in this research is expected to serve as a valuable tool for detecting vulnerabilities against side-channel and fault injection attacks.