https://github.com/ucsb-seclab/karonte
Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware
https://github.com/ucsb-seclab/karonte
Last synced: 16 days ago
JSON representation
Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware
- Host: GitHub
- URL: https://github.com/ucsb-seclab/karonte
- Owner: ucsb-seclab
- License: bsd-2-clause
- Created: 2019-10-17T21:10:07.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2021-09-18T17:15:47.000Z (over 3 years ago)
- Last Synced: 2024-11-09T13:38:02.722Z (6 months ago)
- Language: Python
- Homepage:
- Size: 1.18 MB
- Stars: 391
- Watchers: 22
- Forks: 60
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-rainmana - ucsb-seclab/karonte - Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware (Python)
- awesome-hacking-lists - ucsb-seclab/karonte - Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware (Python)
README
# Karonte
[](https://github.com/angr/angr/blob/master/LICENSE)
Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware.
The `master` branch provides the latest version of Karonte, ported to python3. For the original implementation and experiments presented in our paper, please checkout the `IEEE-SP-20` branch and have a look at our [docker container](https://hub.docker.com/r/badnack/karonte).
## Overview
## Research paper
We present our approach and the findings of this work in the following research paper:
**KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware**
[[PDF]](https://www.badnack.it/static/papers/University/karonte.pdf)
Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna.
*In Proceedings of the IEEE Symposium on Security & Privacy (S&P), May 2020*
If you use *Karonte* in a scientific publication, we would appreciate citations using this **Bibtex** entry:
``` tex
@inproceedings{redini_karonte_20,
author = {Nilo Redini and Aravind Machiry and Ruoyu Wang and Chad Spensky and Andrea Continella and Yan Shoshitaishvili and Christopher Kruegel and Giovanni Vigna},
booktitle = {In Proceedings of the IEEE Symposium on Security & Privacy (S&P)},
month = {May},
title = {KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware},
year = {2020}
}
```
## Repository Structure
There are four main directories:
- **tool**: Karonte python files
- **firmware**: Karonte firmware dataset
- **configs**: configuration files to analyze the firmware samples in the dataset
- **eval**: scripts to run the various evaluations on Karonte
- **karonte-viz**: script to visualize the results produced by Karonte
## Run Karonte
To run karonte, from the root directory, just run
> **SYNOPSIS**
> python **tool/karonte.py** JSON_CONFIG_FILE [LOG_NAME]
>
> **DESCRIPTION**
> runs karonte on the firmware sample represented by the JSON_CONFIG_FILE, and save the results in LOG_NAME
>
> **EXAMPLE**
> python tool/karonte.py config/NETGEAR/r_7800.json
> It runs karonte on the R7800 NETGEAR firmware
By default, results are saved in **/tmp/** with the suffix **Karonte.txt**.
To inspect the generated alerts, just run:
> python **tool/pretty_print.py** LOG_NAME
## Dataset
You can obtain the dataset that we used to evaluate Karonte at this [link](https://drive.google.com/file/d/1-VOf-tEpu4LIgyDyZr7bBZCDK-K2DHaj/view?usp=sharing).