%0 Journal Article
%A LI Ji-yuan
%A SHI Zhi-qiang
%A YANG Shou-guo
%A YING Huan
%A ZHANG Guo-dong
%T Automatic Identification and Cracking Method for Vulnerable Hash Functions of Embedded Firmwares
%D 2020
%R 10.13190/j.jbupt.2019-085
%J Journal of Beijing University of Posts and Telecommunications
%P 46-53
%V 43
%N 1
%X There exist some problems for the existing firmware vulnerable Hash functions mining technology, for the reason that the identification error rate is high, the positioning is not accurate, the cracking is difficult and so on. To solve these problems, a method that uses vulnerable Hash functions identification and positioning technique based on machine learning model and a structured matching method is proposed. Meantime, constraint solution of Z3 satisfiability modulo theories (Z3 SMT) based on VEX intermediate representation (VEX IR) and symbol execution techniques for an automatic identification and cracking method or vulnerable Hash functions of embedded firmwares are proposed. A complete automated analysis process is constructed for the vulnerable Hash functions in the firmware binaries from being identified and positioned to being cracked. Experiments show that the method can identify and position the vulnerable Hash functions in the binary files which compiled by multiple architectures and compiler optimization options with the accuracy rate as high as 98%, vulnerable Hash functions with a structure similar to the BKDRHash Hash function structure can be accurately positioned and quickly cracked out of many collision values.
%U https://journal.bupt.edu.cn/EN/10.13190/j.jbupt.2019-085