Debugging embedded systems and associated firmware can be more art than science. Is the problem in hardware or is it in software? Both? The ability to understand what’s going inside the processor at any given moment is key to troubleshooting. The difficulty in achieving this deep is understanding is compounded for systems integrators that are leveraging pre-built, off-the-shelf components to design and assemble more complex systems. Over the next two articles we will look at various software and hardware tools to make this work much efficient. First, a look at some software tools to understand the firmware that increasingly drives the embedded systems fueling demand for smart devices and Internet of Things devices.
Binwalk
According to Binwalk’s GitHub repository, the software “is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.” Binwalk is a command prompt driven tool that is written in Python. It can perform a variety of tasks useful to integrators and security researchers alike. Binwalk takes a binary image file, say a firmware update for an embedded device, and looks for various digital fingerprints called signatures for the various objects that make of the binary image. This can include bootloaders, kernels, and even entire filesystems. Furthermore, it can recursively extract files and folders, so you can navigate the contents right from the command prompt. Binwalk also gives the ability to search for strings within the binary image as well perform a diff (check for differences between two files) on multiple binary images. For advanced users Binwalk can also perform entropy analysis and is scriptable through a provided Python API. Binwalk is currently only available for Linux but a Windows version is in development. It’s free and available on GitHub.
Hexinator
Hexeditors are very useful family of tools that allow the manipulation of thefundamental binary data that makes up software files. It allows the user toview and even manipulate the raw bits of a file. The bits are displayed inhexadecimal format (base-16) thus the name “hex”. Hexinator is one such toolthat is available for both Windows and Linux operating systems. Furthermore, itsupports a great number of target architectures, in particular ARM processorswhich are of keen interest to embedded systems developers. Hex editors allow engineersand programmers to edit software without the need for compiling from sourcecode. This can be useful for performing quick debugging of code on the fly.Hexinator provides for a mechanism to automatically parse and decode binaryfiles known as grammars. Hexinator comes with grammars built for many popularfile formats but also allows the user to create their own grammars forproprietary file formats. Advanced features include compare files (diff),computing checksums, Python-based scripting, and the ability to display ahistogram of binary files to help determine if a file is compressed. Hexinatoris available in three options: free, paid for hobbyist, and paid for commercialuse. Available to downloadhere.
PLASMA Disassembler
PLASMAis an interactive disassembler that was previously known as Reverse. It takesmachine code and generates assembly code that is human readable with coloredsyntax for easier understanding. As with the other tools covered PLASMA isscriptable using Python. It supports x86/x64, MIPS and ARM architectures andfile formats including ELF, PE, RAW. PLASMA is available for free on GitHub.
Radare2 / Cutter
Lastbut certainly not least is Radare2 and an accompanying front-end Graphical UserInterface (GUI) known as Cutter. Radare2 is a so-called “reversing framework”.In short it provides for much of the functionality in the previous three toolsinto one very powerful tool. Radare2 can disassemble and assemble code for manyarchitectures including ARM, ARM64, MIPS, AVR, PowerPC, and x86/x64. It has abuilt-in debugger as well as support for external debuggers such as gdb. It canon a variety of operating systems include Windows, Mac OS, Linux, BSD, Android,iOS, and even Solaris. Additional functionality can be provided using thescripts. Unlike the other tools the scripts can not only be written in Pythonbut also JavaScript and Go. Radare2 can also help engineers to visualize datastructures of several file types including avr, elf, elf64, mach0, pe/pe53, andzip files. Engineers can also patch programs to uncover new features or fixvulnerabilities similar to the hex editors discussed previously. Radare2 andCutter are both free and available to download here.
Looking to reach an an engaged audience of embedded professionals and enthusiasts? Advertise with Gears of Resistance and find your audience.
Michael Parks, P.E. is the owner of Green Shoe Garage, a custom electronics design studio and technology consultancy located in Southern Maryland. He produces the Gears of Resistance podcast to help raise public awareness of technical and scientific matters. Michael is also a licensed Professional Engineer in the state of Maryland and holds a Master’s degree in systems engineering from Johns Hopkins University.