Reverse Engineering IoT Firmware: Where to Start
Internet of Things (IoT) devices are already a significant part of our day-to-day life, work environments, hospitals, government facilities, and vehicle fleets. They are represented by Wi-Fi printers, smart door locks, alarm systems, and so on. In 2020, the average US resident had access to more than ten connected devices. But users who choose IoT devices for their usefulness also need to be sure these devices are secure.
Since IoT devices are usually connected to internal home or corporate networks, compromising such devices can provide criminals with access to the entire system.
During the first six months of 2021, there were around 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency, or build botnets.
One way to ensure decent security for IoT devices is to perform reverse engineering activities that will help you better understand the way particular devices are built and allow you to perform further analysis of a device and its firmware.
The process of reverse engineering IoT firmware varies significantly depending on the device under research.
IoT devices evolve quite fast, and the dominating architecture in the market changes all the time. Less than ten years ago, the most popular choices were mainly x86 or ARM, and less likely MIPS or PowerPC. But now there are a great variety of microcontroller architectures you need to know to reverse engineer embedded devices: Tricore, rh850, i8051, PowerPC VLE, etc.
Going deep into learning a single architecture isn’t enough to succeed in IoT reverse engineering. And if it’s necessary for developers to start reverse engineering as fast as possible, they should start by learning the basics of the firmware’s architecture and structure.
The IoT firmware reverse engineering process consists of the following five stages:
