Overcoming challenges of firmware analysis: Fuzzing and symbolic execution based on partial emulation.

Software security is very important in the modern world. Due to the complexity of modern software, many automated tools and methods are developed. A famous and efficient approach is the combination of fuzzing and symbolic execution. However, while a large toolset is available for general-purpose computers, the situation with firmware analysis is much more difficult. Lack of information, mechanisms, tools as well as physical restrictions raises serious problems for automated scalable testing. A possible solution in this situation is partial emulation – execution of an interesting code fragment from the initial state in an emulator, based on user scripts. This paper presents a new dynamic symbolic execution (DSE) module based on partial emulation. The paper also describes a combination of fuzzing and DSE – the developed module has been integrated into Crusher (Fuzzer by ISP RAS). This technology has been tested on various model and real cases. [ABSTRACT FROM AUTHOR]