CN116880858A - Method, device, equipment and storage medium for acquiring actual base address of firmware - Google Patents

Method, device, equipment and storage medium for acquiring actual base address of firmware Download PDF

Info

Publication number
CN116880858A
CN116880858A CN202311144222.6A CN202311144222A CN116880858A CN 116880858 A CN116880858 A CN 116880858A CN 202311144222 A CN202311144222 A CN 202311144222A CN 116880858 A CN116880858 A CN 116880858A
Authority
CN
China
Prior art keywords
base address
firmware
calibrated
character string
initial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311144222.6A
Other languages
Chinese (zh)
Inventor
齐继辉
沈传宝
肖达
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Huayuan Information Technology Co Ltd
Original Assignee
Beijing Huayuan Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Huayuan Information Technology Co Ltd filed Critical Beijing Huayuan Information Technology Co Ltd
Priority to CN202311144222.6A priority Critical patent/CN116880858A/en
Publication of CN116880858A publication Critical patent/CN116880858A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/53Decompilation; Disassembly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/205Parsing
    • G06F40/226Validation
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y20/00Information sensed or collected by the things

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Artificial Intelligence (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the disclosure provides a method, a device, equipment and a storage medium for acquiring a firmware actual base address, which are applied to the technical field of data processing. The method comprises the steps of obtaining an initial base address of a character string to be calibrated in firmware; generating a starting position of the character string to be calibrated according to the initial base address; acquiring all assembly codes loaded by a disassembler according to the starting position; traversing all assembly codes, and assigning and searching absolute addresses of function calls corresponding to character strings to be calibrated according to the starting positions and assembly instructions corresponding to firmware; calculating the difference between the absolute address and the initial position to obtain a relative position difference value; and generating an actual base address according to the initial base address and the relative position difference value. In this way, the correct base address of the firmware can be automatically generated, time and effort consumed by relying on manual implementation of the firmware analysis process of the IoT device are reduced, and the accuracy and efficiency of the analysis are improved.

Description

Method, device, equipment and storage medium for acquiring actual base address of firmware
Technical Field
The disclosure relates to the technical field of data processing, in particular to the technical field of internet of things, and specifically relates to a method, a device, equipment and a storage medium for acquiring a firmware actual base address.
Background
The physical network (Internet of Things, ioT) is an important component of the new generation of information technology, where interconnected IoT devices store and propagate much sensitive information. However, the security of IoT devices is not optimistic, and vulnerabilities and security threats that are explored from IoT device firmware are endless. Based on this, backdoors and vulnerabilities in the IoT device firmware can be discovered by reverse analysis of the IoT device firmware, thereby helping to improve the security of the device. However, in the process of analyzing the IoT device firmware, the correct base address of the IoT device firmware is obtained by highly relying on manual analysis, so that the process of analyzing the IoT device firmware is time-consuming and labor-consuming, and the accuracy and efficiency of analysis are not high.
Disclosure of Invention
The disclosure provides a method, a device, equipment and a storage medium for acquiring a firmware actual base address.
According to a first aspect of the present disclosure, a method for acquiring a firmware actual base address is provided. The method comprises the following steps:
acquiring an initial base address of a character string to be calibrated in firmware, wherein the initial base address is a base address of the character string to be calibrated obtained by loading the firmware by using a disassembler;
generating a starting position of the character string to be calibrated according to the initial base address;
acquiring all assembly codes loaded by the disassembler according to the starting position;
traversing all assembly codes, and assigning and searching absolute addresses of function calls corresponding to character strings to be calibrated according to the starting positions and assembly instructions corresponding to firmware;
calculating the difference between the absolute address and the initial position to obtain a relative position difference value;
and generating an actual base address according to the initial base address and the relative position difference value.
In the aspect and any possible implementation manner described above, there is further provided an implementation manner, where generating a starting position of a character string to be calibrated according to the initial base address includes:
selecting a corresponding generation rule according to the firmware type of the firmware;
and generating the initial position of the character string to be calibrated according to the initial base address and the generation rule.
In the aspect and any possible implementation manner described above, there is further provided an implementation manner, before the obtaining an initial base address of a character string to be calibrated in the firmware, the method further includes:
and determining the character string to be calibrated according to the preset function corresponding to the character string to be calibrated.
In accordance with aspects and any one of the possible implementations described above, there is further provided an implementation, the generating an actual base address according to the initial base address and the relative position difference value, including:
judging whether the initial base address starts from 0;
and if the initial base address starts from 0, determining the address corresponding to the relative position difference value as an actual base address.
In the aspect and any possible implementation manner described above, there is further provided an implementation manner, where the generating an actual base address according to the initial base address and the relative position difference value further includes:
if the initial base address is not from 0, determining the address corresponding to the sum of the initial base address and the relative position difference value as an actual base address.
In the aspect and any possible implementation manner described above, there is further provided an implementation manner, where the character string to be calibrated includes a plurality of initial positions, and generating, according to the initial base address, a start position of the character string to be calibrated includes:
generating a starting position of each character string to be calibrated in a plurality of character strings to be calibrated according to the initial base address;
the obtaining the all assembly codes loaded by the disassembler according to the starting position comprises the following steps:
acquiring all assembly codes loaded by a disassembler according to the starting position of each character string to be calibrated;
and traversing all assembly codes, and assigning and searching absolute addresses of function calls corresponding to character strings to be calibrated according to the starting positions and assembly instructions corresponding to firmware, wherein the absolute addresses comprise:
traversing all assembly codes loaded at the starting position of each character string to be calibrated, and assigning and searching absolute addresses of function calls corresponding to each character string to be calibrated according to the starting position of each character string to be calibrated and assembly instructions corresponding to firmware;
the calculating the difference between the absolute address and the starting position, the obtaining a relative position difference value includes:
calculating the difference between the absolute address and the initial position corresponding to each character string to be calibrated to obtain the relative position difference value of each character string to be calibrated;
said generating an actual base address from said initial base address and said relative position difference comprises:
and generating an actual base address corresponding to each character string to be calibrated according to the initial base address and the relative position difference value corresponding to each character string to be calibrated.
Aspects and any one of the possible implementations as described above, further providing an implementation, the method further including:
the real base address of the firmware in running is mapped to the real base address to realize the recovery of the calling function of the firmware by using the disassembler.
According to a second aspect of the present disclosure, there is provided an apparatus for acquiring a firmware actual base address. The device comprises:
the acquisition module is used for acquiring an initial base address of a character string to be calibrated in the firmware, wherein the initial base address is a base address of the character string to be calibrated obtained by loading the firmware by using a disassembler;
the generating module is used for generating the initial position of the character string to be calibrated according to the initial base address;
the acquisition module is also used for acquiring all assembly codes loaded by the disassembler according to the starting position;
the searching module is used for traversing all assembly codes, and assigning and searching absolute addresses of function calls corresponding to the character strings to be calibrated according to the starting positions and assembly instructions corresponding to the firmware;
the calculating module is used for calculating the difference between the absolute address and the initial position to obtain a relative position difference value;
and the generating module is also used for generating an actual base address according to the initial base address and the relative position difference value.
According to a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: a memory and a processor, the memory having stored thereon a computer program, the processor implementing the method as described above when executing the program.
According to a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method as described above.
The method, the device, the equipment and the storage medium for acquiring the actual base address of the firmware can be used for acquiring the initial base address of the character string to be calibrated in the firmware and generating the initial position of the character string to be calibrated according to the initial base address; acquiring all assembly codes loaded by the disassembler according to the starting position; traversing all assembly codes, and assigning and searching absolute addresses of function calls corresponding to character strings to be calibrated according to the starting positions and assembly instructions corresponding to firmware; calculating the difference between the absolute address and the initial position to obtain a relative position difference value; and then automatically generating the actual base address of the firmware, namely automatically generating the correct base address of the firmware according to the relative position difference between the initial base address and the absolute address of the firmware and the initial position, so that the time and labor consumption of relying on manual implementation of the firmware analysis process of the IoT device are reduced, and the accuracy and efficiency of analysis are improved.
It should be understood that what is described in this summary is not intended to limit the critical or essential features of the embodiments of the disclosure nor to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. For a better understanding of the present disclosure, and without limiting the disclosure thereto, the same or similar reference numerals denote the same or similar elements, wherein:
FIG. 1 illustrates a flow chart of a method of acquiring a firmware actual base address according to an embodiment of the present disclosure;
FIG. 2 illustrates a schematic diagram of loading firmware with a disassembler, according to an embodiment of the present disclosure;
FIG. 3 illustrates a schematic diagram of any string of a firmware data area, according to an embodiment of the present disclosure;
FIG. 4 shows a schematic diagram of a string to be calibrated in acquired firmware according to an embodiment of the present disclosure;
FIG. 5 illustrates a schematic diagram of finding absolute addresses of function calls corresponding to strings to be calibrated according to an embodiment of the present disclosure;
FIG. 6 shows a schematic diagram of mapping a real base address to a real base address at firmware runtime according to an embodiment of the present disclosure;
FIG. 7 illustrates a schematic diagram of a firmware data area after acquiring a firmware actual base address in accordance with an embodiment of the present disclosure;
FIG. 8 illustrates a schematic diagram of firmware function call relationship restoration after acquiring a firmware actual base address in accordance with an embodiment of the present disclosure;
FIG. 9 shows a schematic diagram of further analysis of firmware after acquisition of a firmware actual base address in accordance with an embodiment of the present disclosure;
FIG. 10 shows a block diagram of a firmware actual base address acquisition device according to an embodiment of the present disclosure;
fig. 11 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to be within the scope of this disclosure.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
In the method, the actual base address of the firmware is automatically generated according to the relative position difference between the initial base address and the absolute address of the firmware and the initial position, namely, the correct base address of the firmware is automatically generated, time and effort consumed in the process of manually analyzing the firmware of the IoT device are reduced, and the accuracy and efficiency of analysis are improved.
Fig. 1 shows a flowchart of a method 100 of acquiring a firmware actual base address according to an embodiment of the present disclosure.
At block 110, an initial base address of a string to be calibrated in the firmware is obtained, where the initial base address is a base address of the string to be calibrated obtained by loading the firmware with a disassembler.
In some embodiments, the firmware may be internet of things device firmware, such as router firmware, smart phone firmware, smart car firmware, or drone firmware.
In some embodiments, the disassembler may be a tool that can be disassembled into assembly language, such as a static disassembler (W32 Dasm) and an interactive disassembler (Interactive Disassembler Professional, IDA).
In some embodiments, the base address of the string to be calibrated is obtained by loading the internet of things device firmware with a disassembler. The character string to be calibrated can be a character string to be calibrated, which is arbitrarily selected according to the requirement of a user.
For example, as shown in fig. 2, the string to be calibrated may be a string that normally loads the router firmware with IDA, arbitrarily chosen base address starts from 0, subsequent functional relationships are disordered, and only directly jumped strings remain for function calls.
For another example, as shown in fig. 3, the character string to be calibrated may be any character string in a data area selected in a data domain obtained by using IDA to normally load the router firmware, where no reference relation is called, no reference between functions is called, and no jump is determined.
It can be seen that based on uncalibrated strings, binary reverse analysis for firmware is highly disadvantageous. Based on this, for convenience of explanation, as shown in fig. 4, a character string having an initial base address of 000F60AC may be selected as the character string to be calibrated for explanation.
At block 120, a starting position of the character string to be calibrated is generated based on the initial base address.
In some embodiments, the initial base address comprises 32 bytes, and the starting position of the character string to be calibrated may be determined and generated from the initial base address of the character string to be calibrated according to the firmware type of the firmware.
For example, when the initial base address is 000F60AC, the start position 000F60AC of the character string to be calibrated, or 60AC may be determined and generated according to the firmware type of the firmware. The firmware type is determined by the architecture of the firmware, such as reduced instruction set architecture (Performance Optimization With Enhanced RISC-Performance Computing, PPC) firmware and advanced reduced instruction set machine architecture (Advanced RISC Machine, ARM) firmware.
At block 130, all assembly code loaded by the disassembler from the starting location is obtained.
In some embodiments, after the start position of the string to be calibrated is generated, the start position of the string to be calibrated is sent to the disassembler to obtain all assembly code loaded by the disassembler according to the start position.
At block 140, all assembly codes are traversed, and absolute addresses of function calls corresponding to character strings to be calibrated are found through assignment according to the starting positions and assembly instructions corresponding to firmware.
In some embodiments, the assembler instructions corresponding to the firmware are determined based on the firmware type of the firmware. For example, the assembler instruction corresponding to the PPC firmware is a lui+addi instruction, and the assembler instruction corresponding to the ARM firmware is an LR instruction.
In some embodiments, all assembly codes are traversed, a search tool may be used to assign a starting position to an assembly instruction corresponding to firmware, and find an absolute address of a function call corresponding to a string to be calibrated.
As shown in fig. 5, according to the lui+addi instruction corresponding to the PPC firmware, the absolute address 8D60AC of the function call corresponding to the string to be calibrated is found.
At block 150, the difference between the absolute address and the starting position is calculated, resulting in a relative position difference.
In some embodiments, the absolute address minus the starting position is calculated to obtain a relative position difference between the absolute address and the starting position, e.g., 8D60AC-60 ac=7e0000.
At block 160, an actual base address is generated based on the initial base address and the relative position difference.
In some embodiments, the actual base address may be equal to the initial base address plus the relative position difference, and the actual base address may also be equal to the relative position difference.
According to the embodiment of the disclosure, the following technical effects are achieved:
the initial base address of the character string to be calibrated in the firmware is obtained, and the initial position of the character string to be calibrated is generated according to the initial base address; acquiring all assembly codes loaded by the disassembler according to the starting position; traversing all assembly codes, and assigning and searching absolute addresses of function calls corresponding to character strings to be calibrated according to the starting positions and assembly instructions corresponding to firmware; calculating the difference between the absolute address and the initial position to obtain a relative position difference value; and then automatically generating the actual base address of the firmware, namely automatically generating the correct base address of the firmware according to the relative position difference between the initial base address and the absolute address of the firmware and the initial position, so that the time and labor consumption of relying on manual implementation of the firmware analysis process of the IoT device are reduced, and the accuracy and efficiency of analysis are improved.
In some embodiments, before the obtaining the initial base address of the character string to be calibrated in the firmware, the method further includes:
and determining the character string to be calibrated according to the preset function corresponding to the character string to be calibrated.
In some embodiments, the preset function may be a function preset by human being according to actual requirements. For example, the preset function may be to check whether a character string starts with a specified character string, to detect whether a character string is composed of only digits, to replace a specified old character string with a new character string, or to convert a case.
According to the embodiment of the disclosure, the following technical effects are achieved:
the character strings to be calibrated are determined through the preset functions corresponding to the character strings to be calibrated, automatic selection of the character strings to be calibrated is achieved, time and labor consumption in the process of manually analyzing the firmware of the IoT device are further reduced, and analysis accuracy and analysis efficiency are improved.
In some embodiments, the generating the starting position of the character string to be calibrated according to the initial base address includes:
selecting a corresponding generation rule according to the firmware type of the firmware;
and generating the initial position of the character string to be calibrated according to the initial base address and the generation rule.
In some embodiments, for PPC firmware, the starting position of the string to be calibrated is the last 16-bit byte in the PPC firmware's initial base address. For firmware other than PPC firmware, such as ARM firmware, the starting position of the string to be calibrated is the full 32-bit byte in the PPC firmware's initial base address.
For example, when the initial base address of the character string to be calibrated is 000F60AC, the start position of the character string to be calibrated is 60AC for PPC firmware, and the start position of the character string to be calibrated is 000F60AC for firmware other than PPC firmware.
According to the embodiment of the disclosure, the following technical effects are achieved:
through the process, the actual base address of the firmware can be automatically generated aiming at the firmware of different architectures, so that the time and labor consumption of relying on manual operation for carrying out the firmware analysis process of the IoT device are further reduced, and the accuracy and efficiency of analysis are improved.
In some embodiments, generating the actual base address based on the initial base address and the relative position difference value includes:
judging whether the initial base address starts from 0;
if the initial base address starts from 0, the address corresponding to the relative position difference value is determined to be the actual base address.
In some embodiments, if the initial base address starts from 0, the address corresponding to the relative position difference is the actual base address. For example, if the initial base address is 000F60AC, the generated actual base address is 7e 0000.
According to the embodiment of the disclosure, the following technical effects are achieved:
through the process, based on different scenes of the initial base address, the actual base address of the firmware is automatically generated, so that the time and labor consumption of manually carrying out the firmware analysis process of the IoT device are further reduced, and the accuracy and efficiency of the analysis are improved.
In some embodiments, the generating an actual base address according to the initial base address and the relative position difference value further includes:
if the initial base address is not from 0, determining the address corresponding to the sum of the initial base address and the relative position difference value as the actual base address.
In some embodiments, if the initial base address is not from 0, it indicates that the address corresponding to the relative position difference is not an actual base address, and further calculation of the actual base address according to the relative position difference is required.
In some embodiments, the sum of the initial base address and the relative position difference is calculated and the address corresponding to the sum of the initial base address and the relative position difference is determined to be the actual base address.
According to the embodiment of the disclosure, the following technical effects are achieved:
through the process, based on different scenes of the initial base address, the actual base address of the firmware is automatically generated, so that the time and labor consumption of manually carrying out the firmware analysis process of the IoT device are further reduced, and the accuracy and efficiency of the analysis are improved.
In some embodiments, the character string to be calibrated includes a plurality of initial positions, and generating the initial position of the character string to be calibrated according to the initial base address includes:
generating a starting position of each character string to be calibrated in the plurality of character strings to be calibrated according to the initial base address;
all assembly codes loaded by the acquisition disassembler according to the starting position comprise:
acquiring all assembly codes loaded by a disassembler according to the starting position of each character string to be calibrated;
traversing all assembly codes, and assigning and searching absolute addresses of function calls corresponding to character strings to be calibrated according to the starting positions and assembly instructions corresponding to firmware, wherein the absolute addresses comprise:
traversing all assembly codes loaded at the starting position of each character string to be calibrated, and assigning and searching absolute addresses of function calls corresponding to each character string to be calibrated according to the starting position of each character string to be calibrated and assembly instructions corresponding to firmware;
calculating the difference between the absolute address and the starting position to obtain a relative position difference value includes:
calculating the difference between the absolute address and the initial position corresponding to each character string to be calibrated to obtain the relative position difference value of each character string to be calibrated;
the generating the actual base address according to the initial base address and the relative position difference value comprises:
and generating an actual base address corresponding to each character string to be calibrated according to the initial base address and the relative position difference value corresponding to each character string to be calibrated.
In some embodiments, for brevity, the specific step of obtaining the actual base address of the plurality of character strings to be calibrated may refer to the specific step of obtaining the actual base address of one character string to be calibrated, which is not described herein.
According to the embodiment of the disclosure, the following technical effects are achieved:
through the above process, under the condition that partial calibration can be performed on a single character string to be calibrated, the whole calibration can be performed on a plurality of character strings to be calibrated, so that the calibration of the character strings to be calibrated is finished in batches, and more calibration choices are provided for users.
In some embodiments, the above method further comprises:
the real base address of the firmware run time is mapped to the real base address to implement the call function to recover the firmware using the disassembler.
In some embodiments, the mapping of the real base address at firmware runtime to the actual base address aims at modifying the base address of the firmware in the disassembler to the real base address at firmware runtime, i.e. the actual base address, in order to implement a call function to recover the firmware with the disassembler.
As shown in fig. 6, 7 and 8, the base address of the firmware in the disassembler is modified to the real base address of the firmware in the running state, and then the function call relationship in the data area is observed again, so that the function call relationship is restored.
In some embodiments, after the function call relationship is restored, the disassembler disassembles the assembly and uses the calibrated string for further analysis, as shown in FIG. 9.
According to the embodiment of the disclosure, the following technical effects are achieved:
through the steps, the real base address is mapped to the real base address when the firmware runs, so that the disassembler can automatically recover the calling function of the firmware according to the real base address, the time and effort consumed by relying on manual operation for the firmware analysis process of the IoT device are further reduced, and the accuracy and efficiency of analysis are improved.
In some embodiments, the execution body of the method for obtaining the actual base address of the firmware may be a plug-in configured in a disassembler, and the disassembler is matched to analyze the firmware.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present disclosure is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present disclosure. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required by the present disclosure.
The foregoing is a description of embodiments of the method, and the following further describes embodiments of the present disclosure through examples of apparatus.
Fig. 10 shows a block diagram of a firmware actual base address acquisition device 1000 according to an embodiment of the present disclosure. As shown in fig. 10, the apparatus 1000 includes:
an obtaining module 1010, configured to obtain an initial base address of a character string to be calibrated in the firmware, where the initial base address is a base address of the character string to be calibrated obtained by loading the firmware with a disassembler;
a generating module 1020, configured to generate a starting position of the character string to be calibrated according to the initial base address;
the obtaining module 1010 is further configured to obtain all assembly codes loaded by the disassembler according to the starting position;
the searching module 1030 is configured to traverse all assembly codes, and to assign and search an absolute address of a function call corresponding to the character string to be calibrated according to the starting position and an assembly instruction corresponding to the firmware;
a calculating module 1040, configured to calculate a difference between the absolute address and the starting position, and obtain a relative position difference;
the generating module 1020 is further configured to generate an actual base address according to the initial base address and the relative position difference.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the described modules may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the related user personal information all conform to the regulations of related laws and regulations, and the public sequence is not violated.
According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.
Fig. 11 shows a schematic block diagram of an electronic device 1100 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
The electronic device 1100 includes a computing unit 1101 that can perform various appropriate actions and processes according to a computer program stored in the ROM1102 or a computer program loaded from a storage unit 1108 into the RAM 1103. In the RAM1103, various programs and data required for the operation of the electronic device 1100 can also be stored. The computing unit 1101, ROM1102, and RAM1103 are connected to each other by a bus 1104. I/O interface 1105 is also connected to bus 1104.
A number of components in the electronic device 1100 are connected to the I/O interface 1105, including: an input unit 1106 such as a keyboard, a mouse, etc.; an output unit 1107 such as various types of displays, speakers, and the like; a storage unit 1108, such as a magnetic disk, optical disk, etc.; and a communication unit 1109 such as a network card, modem, wireless communication transceiver, or the like. The communication unit 1109 allows the electronic device 1100 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunications networks.
The computing unit 1101 may be a variety of general purpose and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 1101 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 1101 performs the various methods and processes described above, such as method 100. For example, in some embodiments, the method 100 may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as the storage unit 1108. In some embodiments, some or all of the computer programs may be loaded and/or installed onto electronic device 1100 via ROM1102 and/or communication unit 1109. One or more of the steps of the method 100 described above may be performed when a computer program is loaded into the RAM1103 and executed by the computing unit 1101. Alternatively, in other embodiments, the computing unit 1101 may be configured to perform the method 100 by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: display means for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.

Claims (10)

1. The method for acquiring the actual base address of the firmware is characterized by comprising the following steps:
acquiring an initial base address of a character string to be calibrated in firmware, wherein the initial base address is a base address of the character string to be calibrated obtained by loading the firmware by using a disassembler;
generating a starting position of the character string to be calibrated according to the initial base address;
acquiring all assembly codes loaded by the disassembler according to the starting position;
traversing all assembly codes, and assigning and searching absolute addresses of function calls corresponding to character strings to be calibrated according to the starting positions and assembly instructions corresponding to firmware;
calculating the difference between the absolute address and the initial position to obtain a relative position difference value;
and generating an actual base address according to the initial base address and the relative position difference value.
2. The method of claim 1, wherein generating a starting position of the character string to be calibrated based on the initial base address comprises:
selecting a corresponding generation rule according to the firmware type of the firmware;
and generating the initial position of the character string to be calibrated according to the initial base address and the generation rule.
3. The method of claim 1, wherein prior to the obtaining the initial base address of the string to be calibrated in the firmware, the method further comprises:
and determining the character string to be calibrated according to the preset function corresponding to the character string to be calibrated.
4. The method of claim 1, wherein said generating an actual base address from said initial base address and said relative position difference comprises:
judging whether the initial base address starts from 0;
and if the initial base address starts from 0, determining the address corresponding to the relative position difference value as an actual base address.
5. The method of claim 4, wherein generating an actual base address from the initial base address and the relative position difference value, further comprises:
if the initial base address is not from 0, determining the address corresponding to the sum of the initial base address and the relative position difference value as an actual base address.
6. The method of claim 1, wherein the string to be calibrated comprises a plurality of strings, and wherein generating the starting position of the string to be calibrated based on the initial base address comprises:
generating a starting position of each character string to be calibrated in a plurality of character strings to be calibrated according to the initial base address;
the obtaining the all assembly codes loaded by the disassembler according to the starting position comprises the following steps:
acquiring all assembly codes loaded by a disassembler according to the starting position of each character string to be calibrated;
and traversing all assembly codes, and assigning and searching absolute addresses of function calls corresponding to character strings to be calibrated according to the starting positions and assembly instructions corresponding to firmware, wherein the absolute addresses comprise:
traversing all assembly codes loaded at the starting position of each character string to be calibrated, and assigning and searching absolute addresses of function calls corresponding to each character string to be calibrated according to the starting position of each character string to be calibrated and assembly instructions corresponding to firmware;
the calculating the difference between the absolute address and the starting position, the obtaining a relative position difference value includes:
calculating the difference between the absolute address and the initial position corresponding to each character string to be calibrated to obtain the relative position difference value of each character string to be calibrated;
said generating an actual base address from said initial base address and said relative position difference comprises:
and generating an actual base address corresponding to each character string to be calibrated according to the initial base address and the relative position difference value corresponding to each character string to be calibrated.
7. The method according to any one of claims 1 to 6, further comprising:
the real base address of the firmware in running is mapped to the real base address to realize the recovery of the calling function of the firmware by using the disassembler.
8. An apparatus for acquiring a firmware actual base address, comprising:
the acquisition module is used for acquiring an initial base address of a character string to be calibrated in the firmware, wherein the initial base address is a base address of the character string to be calibrated obtained by loading the firmware by using a disassembler;
the generating module is used for generating the initial position of the character string to be calibrated according to the initial base address;
the acquisition module is also used for acquiring all assembly codes loaded by the disassembler according to the starting position;
the searching module is used for traversing all assembly codes, and assigning and searching absolute addresses of function calls corresponding to the character strings to be calibrated according to the starting positions and assembly instructions corresponding to the firmware;
the calculating module is used for calculating the difference between the absolute address and the initial position to obtain a relative position difference value;
and the generating module is also used for generating an actual base address according to the initial base address and the relative position difference value.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor;
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-7.
CN202311144222.6A 2023-09-06 2023-09-06 Method, device, equipment and storage medium for acquiring actual base address of firmware Pending CN116880858A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311144222.6A CN116880858A (en) 2023-09-06 2023-09-06 Method, device, equipment and storage medium for acquiring actual base address of firmware

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311144222.6A CN116880858A (en) 2023-09-06 2023-09-06 Method, device, equipment and storage medium for acquiring actual base address of firmware

Publications (1)

Publication Number Publication Date
CN116880858A true CN116880858A (en) 2023-10-13

Family

ID=88262482

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311144222.6A Pending CN116880858A (en) 2023-09-06 2023-09-06 Method, device, equipment and storage medium for acquiring actual base address of firmware

Country Status (1)

Country Link
CN (1) CN116880858A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107861729A (en) * 2017-11-08 2018-03-30 中国信息安全测评中心 A kind of firmware loads localization method, device and the electronic equipment of plot
CN109214149A (en) * 2018-09-11 2019-01-15 中国人民解放军战略支援部队信息工程大学 A kind of MIPS firmware base address automated detection method
CN111881455A (en) * 2020-07-27 2020-11-03 绿盟科技集团股份有限公司 Firmware security analysis method and device
CN112965724A (en) * 2021-03-22 2021-06-15 中国信息安全测评中心 Method and system for determining loading base address range of firmware
US20220237300A1 (en) * 2021-01-22 2022-07-28 Microsoft Technology Licensing, Llc Firmware component identification and vulnerability assessment
CN115022414A (en) * 2022-04-20 2022-09-06 华东师范大学 CAN ID reverse direction and determination method for vehicle electronic control unit
CN115904485A (en) * 2022-12-29 2023-04-04 南京邮电大学 IoT firmware loading base address determination method based on pointer reference address
CN116049835A (en) * 2023-03-08 2023-05-02 中汽智联技术有限公司 Method, device and storage medium for detecting security hole of automobile firmware

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107861729A (en) * 2017-11-08 2018-03-30 中国信息安全测评中心 A kind of firmware loads localization method, device and the electronic equipment of plot
CN109214149A (en) * 2018-09-11 2019-01-15 中国人民解放军战略支援部队信息工程大学 A kind of MIPS firmware base address automated detection method
CN111881455A (en) * 2020-07-27 2020-11-03 绿盟科技集团股份有限公司 Firmware security analysis method and device
US20220237300A1 (en) * 2021-01-22 2022-07-28 Microsoft Technology Licensing, Llc Firmware component identification and vulnerability assessment
CN112965724A (en) * 2021-03-22 2021-06-15 中国信息安全测评中心 Method and system for determining loading base address range of firmware
CN115022414A (en) * 2022-04-20 2022-09-06 华东师范大学 CAN ID reverse direction and determination method for vehicle electronic control unit
CN115904485A (en) * 2022-12-29 2023-04-04 南京邮电大学 IoT firmware loading base address determination method based on pointer reference address
CN116049835A (en) * 2023-03-08 2023-05-02 中汽智联技术有限公司 Method, device and storage medium for detecting security hole of automobile firmware

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
朱瑞瑾 等: "一种基于匹配字符串地址判定ARM 固件装载基址的方法", 电子学报, pages 1 - 4 *

Similar Documents

Publication Publication Date Title
US20220198137A1 (en) Text error-correcting method, apparatus, electronic device and readable storage medium
CN108459964B (en) Test case selection method, device, equipment and computer readable storage medium
CN112764755A (en) Code conversion method, device, equipment and storage medium
CN115456167A (en) Lightweight model training method, image processing device and electronic equipment
CN113220367A (en) Applet running method and device, electronic equipment and storage medium
CN116502680B (en) Parallel training method and device for mixed expert model
CN116880858A (en) Method, device, equipment and storage medium for acquiring actual base address of firmware
CN115481594B (en) Scoreboard implementation method, scoreboard, electronic equipment and storage medium
CN112506796B (en) Data processing method, device, equipment and storage medium
CN114881235A (en) Inference service calling method and device, electronic equipment and storage medium
CN115469561A (en) Simulation test method and device, electronic device and storage medium
CN114816467B (en) Upgrade file generation method and device and electronic equipment
CN116820486A (en) Bug positioning method, device and equipment of application program and storage medium
CN115829053B (en) Model operation strategy determination method and device, electronic equipment and storage medium
CN116932416B (en) Fuzzy test method, device, equipment and storage medium based on sensitive function
CN113031962B (en) Compiling method, compiling apparatus, electronic device, storage medium, and program product
CN117406988A (en) Project online method, device, equipment and storage medium capable of assembling online step
CN115576265B (en) PLC equipment simulation method, device, equipment and storage medium
CN116931954B (en) Built-in software package compiling construction method, device, equipment and medium
CN117931195A (en) Data dictionary processing method and device, electronic equipment and storage medium
CN114997329A (en) Method, apparatus, device, medium and product for generating a model
CN116893819A (en) Program compiling method, device, chip, electronic device and storage medium
CN117931202A (en) Method for generating byte code replacement configuration file and byte code replacement method
CN117591145A (en) Updating method and device of interface document, electronic equipment and storage medium
CN116384466A (en) Multi-operator parallel processing method, device, equipment and medium for deep learning model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination