This project is based on "Enabling dynamic analysis of Legacy Embedded Systems in full emulated environment", published on hardwear.io USA 2021 [1] and HITCON 2021 [2].
See slides [3].
This PoC is based on IDAPython, but using radare2 and similiar tools can achieve the same results.
- Extract PE from CE firmware
- Remove all extra sections (e.g. debug) from PE
- Use IDA in a way similiar to
go.batto createn.dll.relocs.txt - Use
write.py test.dll test.relocs.txtto write relocs back to the PE