cwe_checker: Hunting Binary Code Vulnerabilities Across CPU Architectures

The security assessment of closed source IoT software is a tedious and time-consuming task. First, we are facing a multitude of CPU architectures. Second, security experts are a scarce resource. Therefore, it is desirable to keep the expert as much as possible out of the loop and automate as much as possible. Unfortunately, there is a lack of publicly available binary code scanners that are CPU architecture agnostic.

To the best of our knowledge, we present the first publicly available vulnerability scanner for binary code that is CPU architecture agnostic. In this talk, we introduce the static analysis tool cwe_checker, which is build upon the Binary Analysis Platform (BAP). It focuses on security vulnerabilities in ordinary software and firmware. cwe_checker heuristically detects several bug classes, commonly known as Common Weakness Enumerations (CWEs). By using an intermediate representation of the binary code, it supports many CPU architectures such as ARM, MIPS, PPC, and x86/x64. cwe_checker’s results can be exported to IDA Pro for convenient manual assessment of potential bugs.

This is the first public presentation of this open source project. We introduce cwe_checker’s architecture and general features. Afterwards, we demonstrate the tool with several use cases from the realm of IoT.

Speakers

Thomas Barabosch (Fraunhofer FKIE), Nils-Edvin Enkelmann (Fraunhofer FKIE)

Bio

Thomas holds a PhD in computer science. His research interests include malware analysis, firmware analysis, and bug hunting. Throughout the last years he has found numerous vulnerabilities in low-level software including FreeBSD, OpenBSD, and Virtualbox. He has presented at many scientific as well as non-scientific conferences like Black Hat Europe, Botconf, FOSDEM, and RAID.

Nils is a software security enthusiast who recently turned his hobby into his job.