Custom use cases: Providing API patterns

In order for argXtract to be able to extract arguments from configuration API calls, it first has to be able to recognise the API calls. In binaries that include symbol tables, this wouldn't be a problem. But most IoT firmware files are only available as stripped binaries, without the ELF headers and symbol tables. So, pinpointing the location of the API function within the disassembled instructions will require some guidance.

API calls are normally just normal functions. But in the case of some Nordic Semiconductors protocol stacks, the API calls are translated to ARM supervisor calls. This makes them easier to recognise within code, as argXtract only needs to look for an svc instruction. If the API call is a normal function, then argXtract performs pattern matching to identify the function.

If your use case targets supervisor calls, you'll need to follow the instructions provided in SVC mode.

If your use case targets normal functions (which is probably the most cmmon scenario), then you will need to look at Function mode.

argxtract_small

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Custom use cases: Providing API patterns

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally