Uwe Muller, Eicke Hauck, Timm Welz, Jiska Classen, Matthias Hollick (Secure Mobile Networking Lab, TU Darmstadt)

Even though PowerPC mostly disappeared from the consumer device market, its architectural properties continue being popular for highly specialized systems. This particularly includes embedded systems with real-time requirements that are deeply integrated into critical infrastructures as well as aeronautics, transportation, control systems in power plants, etc. One example is Terrestrial Trunked Radio (TETRA), a digital radio system used in the public safety domain and deployed in more than 120 countries worldwide: base stations of at least one of the main vendors are based on PowerPC. Despite the criticality of the aforementioned systems, many follow a security by obscurity approach and there are no openly available analysis tools. While analyzing a TETRA base station, we design and develop a set of analysis tools centered around a PowerPC binary patcher. We further create various dynamic tooling on top, including a fast memory dumper, function tracer, flexible patching capabilities at runtime, and a fuzzer. We describe the genesis of these tools and detail the binary patcher, which is general in nature and not limited to our base station under test.

View More Papers

Mondrian: Comprehensive Inter-domain Network Zoning Architecture

Jonghoon Kwon (ETH Zürich), Claude Hähni (ETH Zürich), Patrick Bamert (Zürcher Kantonalbank), Adrian Perrig (ETH Zürich)

Read More

LibAFL QEMU: A Library for Fuzzing-oriented Emulation

Romain Malmain (EURECOM), Andrea Fioraldi (EURECOM), Aurelien Francillon (EURECOM)

Read More

Demo #5: Securing Heavy Vehicle Diagnostics

Jeremy Daily, David Nnaji, and Ben Ettlinger (Colorado State University)

Read More

Preventing and Detecting State Inference Attacks on Android

Andrea Possemato (IDEMIA and EURECOM), Dario Nisi (EURECOM), Yanick Fratantonio (EURECOM and Cisco Talos)

Read More