Firmware Disassembly System
First Claim
1. A method for disassembling firmware, the method comprising:
- receiving a binary firmware image;
dividing the binary firmware image using a sliding window into a plurality of segments;
classifying segments of the plurality of segments as file types;
identifying code file types among the classified segments of the plurality of segments;
classifying code architectures of the identified code file types of the classified plurality of segments; and
disassembling at least the code file types of the binary firmware image based on the classified code architecture.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide a method for disassembling firmware. A binary firmware image is received. If portions of the image are compressed, those portions are uncompressed. The binary firmware image is divided using a sliding window into a plurality of segments. Segments of the plurality of segments are classified as file types. Code file types are identified among the classified segments of the plurality of segments. Code architectures of the identified code file types of the classified plurality of segments are then classified. At least the classified code file types of the binary firmware image are disassembled based on the classified code architecture. The disassembled binary firmware image is evaluated for malware.
-
Citations
23 Claims
-
1. A method for disassembling firmware, the method comprising:
-
receiving a binary firmware image; dividing the binary firmware image using a sliding window into a plurality of segments; classifying segments of the plurality of segments as file types; identifying code file types among the classified segments of the plurality of segments; classifying code architectures of the identified code file types of the classified plurality of segments; and disassembling at least the code file types of the binary firmware image based on the classified code architecture. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for disassembling firmware, the method comprising:
-
receiving a binary firmware image; uncompressing all compressed segments within the binary firmware image; dividing the uncompressed binary firmware image using a sliding window into a plurality of segments; classifying segments of the plurality of segments as file types; identifying code file types among the classified segments of the plurality of segments; classifying code architectures of the identified code file types of the classified plurality of segments; and disassembling at least the code file types of the binary firmware image based on the classified code architecture. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus, comprising:
-
a memory; a processor; and program code resident in the memory and configured to be executed by the processor configured to disassembling firmware, the program code further configured to receive a binary firmware image in the memory, divide the binary firmware image using a sliding window into a plurality of segments, classify segments of the plurality of segments as file types, identify code file types among the classified segments of the plurality of segments, classify code architectures of the identified code file types of the classified plurality of segments, and disassemble the binary firmware image based on the classified code architecture. - View Dependent Claims (20, 21, 22, 23)
-
Specification