Automated Analysis of Android Applications: Reverse Engineering the Firmware Update Process of SmartHome Devices
Automated Analysis of Android Applications: Reverse Engineering the Firmware Update Process of SmartHome Devices
Supervisor(s): | Fabian Franzen |
Status: | finished |
Topic: | Others |
Author: | Nico Nußer |
Submission: | 2023-04-17 |
Type of Thesis: | Masterthesis |
DescriptionSmartHome devices are becoming more and more popular in private homes. Since these devices often handle personal and sensitive data, it is especially important to analyze their firmware for vulnerabilities and to check for abnormal behavior. There are multiple existing binary analysis approaches, that can be performed on a device’s firmware. As not all manufacturers offer their firmware binaries for public download, researchers need to obtain the firmware binaries through alternative means. One possible source can be companion apps for smartphones, that are often used to perform firmware updates on SmartHome devices. In this thesis, we introduce FirmwareFinder. A toolkit that is designed to help researchers to reverse engineer firmware update processes, in order to obtain firmware binaries. Using static code analysis, it is able to extract firmware binaries and REST API endpoint definitions from APK files. Further, it enables researchers to dynamically analyze applica- tions, by logging and manipulating Bluetooth and Network interactions. The evaluation showed that FirmwareFinder is able to extract complete definitions of REST API end- points. Using FirmwareFinder’s dynamic analysis features, the successful manipulation of a Bluetooth interaction during a firmware update was demonstrated. Additionally to this, the firmware update binary was intercepted and extracted at the same time. Lastly, the firmware update processes of 100 randomly selected, SmartHome related, apps were deconstructed and analyzed. The Update mechanisms were categorized and 484 firmware binaries from 16 Apps were obtained. We concluded that FirmwareFinder can assist researchers in the process of reverse engineering Android applications. It facilitates the process of extracting firmware binaries and can also be used in other fields of application. While the evaluation confirmed the overall functionality of FirmwareFinder, it also revealed that certain features can still be improved. |