Skip to main content
SpringerLink
Log in

Automatically Inferring Image Base Addresses of ARM32 Binaries Using Architecture Features

  • Conference paper
  • First Online:
Ubiquitous Security (UbiSec 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 2034))

Included in the following conference series:

  • 63 Accesses

Abstract

We designed an innovative method, namely iBase, which automatically infers the image base address of an ARM32 binary by statistically, structurally, and semantically correlating the absolute and the relative addresses contained in the binary. iBase exploits ARM32’s architecture features, and hence it is immune to variances introduced by software development and compilation. In addition, iBase is parameter-free and it requires no manual configuration. We implemented iBase and performed evaluation using 20 ARM32 binaries. Our evaluation results have shown that iBase successfully detects base addresses for all of them and outperforms start-of-the-art tools including Ghidra and Radare2.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: 23rd \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2014), pp. 95–110 (2014)

    Google Scholar 

  2. Basnight, Z.H.: Firmware counterfeiting and modification attacks on programmable logic controllers. Technical report, Air Force Inst of Tech Wright-Patterson AFB OH Graduate School of ... (2013)

    Google Scholar 

  3. Skochinsky, I.: Intro to embedded reverse engineering for pc reversers. In: REcon Conference, Montreal, Canada (2010)

    Google Scholar 

  4. Basnight, Z.: Firmware counterfeiting and modification attacks on programmable logic controllers. Master’s thesis, Air Force Institute of Technology (2013)

    Google Scholar 

  5. Zhu, R., Tan, Y., Zhang, Q., Wu, F., Zheng, J., Xue, Y.: Determining image base of firmware files for arm devices. IEICE Trans. Inf. Syst. 99(2), 351–359 (2016)

    Article  Google Scholar 

  6. Zhu, R., Zhang, B., Tan, Y., Wan, Y., Wang, J.: Determining the image base of arm firmware by matching function addresses. Wirel. Commun. Mob. Comput. 2021 (2021)

    Google Scholar 

  7. Eagle, C., Nance, K.: The Ghidra Book: The Definitive Guide. No Starch Press, San Francisco (2020)

    Google Scholar 

  8. Ni, Z., Li, B., Sun, X., Chen, T., Tang, B., Shi, X.: Analyzing bug fix for automatic bug cause classification. J. Syst. Softw. 163, 110538 (2020)

    Article  Google Scholar 

  9. Slowinska, A., Stancescu, T., Bos, H.: Howard: a dynamic excavator for reverse engineering data structures. In: NDSS (2011)

    Google Scholar 

  10. Du, Y., et al.: Learning symbolic operators: a neurosymbolic solution for autonomous disassembly of electric vehicle battery. arXiv preprint arXiv:2206.03027 (2022)

  11. Zheng, Y., Davanian, A., Yin, H., Song, C., Zhu, H., Sun, L.: FIRM-AFL: high-throughput greybox fuzzing of IoT firmware via augmented process emulation. In: USENIX Security Symposium, pp. 1099–1114 (2019)

    Google Scholar 

  12. Kruegel, C., Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: USENIX security Symposium, vol. 13, p. 18 (2004)

    Google Scholar 

  13. Shin, E.C.R., Song, D., Moazzezi, R.: Recognizing functions in binaries with neural networks. In: 24th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2015), pp. 611–626 (2015)

    Google Scholar 

  14. ARM paging (2019). https://wiki.osdev.org/ARM_Paging

  15. Identifying outliers: IQR method (2022). https://online.stat.psu.edu/stat200/lesson/3/3.2

  16. ARM. ARM Architecture Reference Manual (2005)

    Google Scholar 

  17. Valvano, J., Yerraballi, R.: Embedded Systems - Shape The World, 5th edn. Jonathan Valvano, Texas (2014)

    Google Scholar 

  18. Platoformio (2014). https://docs.platformio.org/en/latest/

  19. Ben-Gal, I.: Outlier detection. In: Data Mining and Knowledge Discovery Handbook, pp. 131–146 (2005)

    Google Scholar 

  20. Pang, G., Shen, C., Cao, L., Van Den Hengel, A.: Deep learning for anomaly detection: a review. ACM Comput. Surv. (CSUR) 54(2), 1–38 (2021)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Wright State University, Dayton, 45435, USA

    Daniel Chong, Junjie Zhang, Nathaniel Boland & Lingwei Chen

Authors
  1. Daniel Chong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Junjie Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nathaniel Boland
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lingwei Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Chong .

Editor information

Editors and Affiliations

  1. School of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Department of Computer Science, University of Exeter, Exeter, UK

    Haozhe Wang

  3. Department of Computer Science, University of Exeter, Exeter, UK

    Geyong Min

  4. Applied Research Department, British Telecom, London, UK

    Nektarios Georgalas

  5. Department of Applied Mathematics and Computer Science, University of Denmark, Copenhagen, Denmark

    Weizhi Meng

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chong, D., Zhang, J., Boland, N., Chen, L. (2024). Automatically Inferring Image Base Addresses of ARM32 Binaries Using Architecture Features. In: Wang, G., Wang, H., Min, G., Georgalas, N., Meng, W. (eds) Ubiquitous Security. UbiSec 2023. Communications in Computer and Information Science, vol 2034. Springer, Singapore. https://doi.org/10.1007/978-981-97-1274-8_29

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-1274-8_29

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-1273-1

  • Online ISBN: 978-981-97-1274-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation