December 10, 2024
Research cooperation between SCHUTZWERK and Lauterbach
Together for a better embedded security
Research cooperation between SCHUTZWERK and Lauterbach to improve fuzzing in embedded systems
We are pleased to announce a research collaboration between SCHUTZWERK and Lauterbach. Together we will work on the exploration of debugger-assisted fuzzing using the Lauterbach TRACE32® debug and trace tools. The collaboration aims to develop new methods to improve fuzzing and manual pentesting of embedded and automotive devices under greybox conditions, even without available source code or symbols.
Project goals and steps
As part of this project, we plan to implement the following steps:
1. Data conversion and data collection
Development of a converter tool to feed exported tracing data from Lauterbach Debugger into Ghidra and enable the use of Ghidra Cartographer. The goal is to analyze the state of the firmware after fuzzing and manual testing, and to evaluate the coverage by common scanners and blind fuzzing without feedback.
2. Interpolation of the program flow between program counter samples
Since the program counter in limited debugging environments is expected to be captured in snooping mode with limited sampling rate, we need to interpolate the program flow. To do this, the basic block graph of the program is determined using Ghidra and exported.
3. Integration into guided fuzzing
The information obtained about the program flow and coverage is used as input for guided fuzzing that interacts with the embedded system via a communication bus.
Who is Lauterbach?
Lauterbach is the leading manufacturer of cutting-edge development tools for embedded systems with more than 45 years of experience. It is a well-established company, serving customers all over the world, partnering with all semiconductor manufacturers and growing steadily. Lauterbach’s TRACE32® debug and trace tools support more than 150+ processor architectures, much more than 10.000 individual chips, and cover even the most complex System-on-a-Chip (SoC).
Is fuzzing exactly your thing? – Then come to us!
The publication of the results is planned for the end of 2025. We are looking for a student (M/F/D) who will support us in this project; preferably as part of a final thesis. If you are interested in embedded security research and would like to be part of an exciting project, we look forward to your application!
We are looking forward to this research project and the new opportunities it will offer for the security analysis of embedded systems.