University of Twente Student Theses
As of Friday, 8 August 2025, the current Student Theses repository is no longer available for thesis uploads. A new Student Theses repository will be available starting Friday, 15 August 2025.
XtractIO: Statically locating MMIO addresses in non-Linux firmware
Scholtens, M.D. (2025) XtractIO: Statically locating MMIO addresses in non-Linux firmware.
|
PDF
914kB |
| Abstract: | As embedded devices become increasingly integrated into our everyday lives, so does the risk of malicious actors compromising our security. To secure these devices, various analyses, including static and fuzz-testing (fuzzing), are developed to identify vulnerabilities before they are exploited. One key area of research is Memory Mapped Input-Output (MMIO), as these enable untrusted input from peripherals (such as Bluetooth and Ethernet) to reach the CPU. A common approach researchers use to extract MMIO addresses is to manually look them up in datasheets and other types of documentation. This is possible when analysing minimal amounts of firmware. However, this will be challenging to do when we need to examine them in bulk. Additionally, when the microcontroller~(MCU) is unknown, we are also unable to locate its datasheet, making MMIO address lookups impossible. To facilitate analysis in these situations, we developed XtractIO, which automatically locates MMIO addresses in non-Linux firmware. Our approach uses patterns to locate MMIO operations, after which it extracts the referenced addresses. We evaluated our approach against a set of 40 firmware images consisting of ARM Cortex-M and Xtensa architectures. XtractIO performs, on average, 30 per cent better compared to a naive approach. However, even though XtractIO outperforms a naive approach, it still has an average F1-score of 60 to 70 per cent, indicating that it still produces both false positives and negatives. These results demonstrate that it is possible to locate MMIO addresses automatically, but further research is necessary to make the results reliable. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/107177 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page