lotus321 / karonte

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Karonte

License

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware.

Overview

Research paper

We present our approach and the findings of this work in the following research paper:

KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware [PDF]
Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna.
In Proceedings of the IEEE Symposium on Security & Privacy (S&P), May 2020

If you use Karonte in a scientific publication, we would appreciate citations using this Bibtex entry:

@inproceedings{redini_karonte_20,
 author    = {Nilo Redini and Aravind Machiry and Ruoyu Wang and Chad Spensky and Andrea Continella and Yan Shoshitaishvili and Christopher Kruegel and Giovanni Vigna},
 booktitle = {In Proceedings of the IEEE Symposium on Security & Privacy (S&P)},
 month     = {May},
 title     = {KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware},
 year      = {2020}
}

Repository Structure

There are four main directories:

  • tool: Karonte python files
  • firmware: Karonte firmware dataset
  • configs: configuration files to analyze the firmware samples in the dataset
  • eval: scripts to run the various evaluations on Karonte
  • karonte-viz: script to visualize the results produced by Karonte

Run Karonte

To run karonte, from the root directory, just run

SYNOPSIS       python tool/karonte.py JSON_CONFIG_FILE [LOG_NAME]

DESCRIPTION      runs karonte on the firmware sample represented by the JSON_CONFIG_FILE, and save the results in LOG_NAME

EXAMPLE      python tool/karonte.py config/NETGEAR/r_7800.json      It runs karonte on the R7800 NETGEAR firmware

By default, results are saved in /tmp/ with the suffix Karonte.txt.

To inspect the generated alerts, just run:

      python tool/pretty_print.py LOG_NAME

Docker

A dockerized version of Karonte ready to use can be found here

Dataset

You can obtain Karonte dataset at this link

About

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware

License:BSD 2-Clause "Simplified" License


Languages

Language:Python 100.0%Language:CSS 0.0%