Extending Emulation and Analysis Engines for Fuzzing Embedded Systems


Supervision: Tobias Scharnowski

Start date: as soon as possible

Duration: 6 months

More details: [angr] [Unicorn Engine]


IOT and other embedded systems are increasingly becoming predominant in our everyday life. To make those systems more secure, recent work has been done on emulation and fuzz-testing of embedded systems firmware. Analyzing these systems - especially in a generic manner - is a hard and unique challenge.

In this thesis, you will get familiar with and extend a generic emulation and fuzzing system to make it applicable to additional microcontroller-focused CPU architectures. The project builds on Unicorn Engine, AFL and angr to perform emulation, fuzzing and analysis. You will provide different modifications and extensions to the project:

  1. Allow flexible handling of different CPU architectures in the emulator component (based on Unicorn)
  2. Add endianness support
  3. Make the angr-based analysis generically applicable to different architectures
  4. Add interrupt handling support for the targeted architectures

Optionally, you may add a whole new architecture to the core code of angr and/or Unicorn Engine.


In order to work on this project, the student should be familiar with and enjoy different tasks:

  1. Interest in embedded systems firmware
  2. Interest in fuzzing, program analysis and emulation technologies
  3. Programming in Python
  4. Programming in C
  5. Familiarity with at least one assembly language (preferably ARM, MIPS, PowerPC or SPARC. x86 may also be a good start)
  6. Some familiarity or eagerness to dive into angr (https://docs.angr.io)
  7. Some familiarity or eagerness to dive into Unicorn Engine (https://github.com/unicorn-engine/unicorn)