Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Nov 26, 2019
Nov 22, 2019
Aug 3, 2021
Dec 28, 2019
Sep 18, 2021

Karonte

License

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware.

The master branch provides the latest version of Karonte, ported to python3. For the original implementation and experiments presented in our paper, please checkout the IEEE-SP-20 branch and have a look at our docker container.

Overview

Research paper

We present our approach and the findings of this work in the following research paper:

KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware [PDF]
Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna.
In Proceedings of the IEEE Symposium on Security & Privacy (S&P), May 2020

If you use Karonte in a scientific publication, we would appreciate citations using this Bibtex entry:

@inproceedings{redini_karonte_20,
 author    = {Nilo Redini and Aravind Machiry and Ruoyu Wang and Chad Spensky and Andrea Continella and Yan Shoshitaishvili and Christopher Kruegel and Giovanni Vigna},
 booktitle = {In Proceedings of the IEEE Symposium on Security & Privacy (S&P)},
 month     = {May},
 title     = {KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware},
 year      = {2020}
}

Repository Structure

There are four main directories:

  • tool: Karonte python files
  • firmware: Karonte firmware dataset
  • configs: configuration files to analyze the firmware samples in the dataset
  • eval: scripts to run the various evaluations on Karonte
  • karonte-viz: script to visualize the results produced by Karonte

Run Karonte

To run karonte, from the root directory, just run

SYNOPSIS       python tool/karonte.py JSON_CONFIG_FILE [LOG_NAME]

DESCRIPTION      runs karonte on the firmware sample represented by the JSON_CONFIG_FILE, and save the results in LOG_NAME

EXAMPLE      python tool/karonte.py config/NETGEAR/r_7800.json      It runs karonte on the R7800 NETGEAR firmware

By default, results are saved in /tmp/ with the suffix Karonte.txt.

To inspect the generated alerts, just run:

      python tool/pretty_print.py LOG_NAME

Dataset

You can obtain the dataset that we used to evaluate Karonte at this link.

About

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages