Binary-Level Code Injection for Automated Tool Support on the ESP32 Platform

The analysis and testing of proprietary ESP32 firmware by independent security experts is often hampered by the lack of specialized tools that provide the necessary capabilities and ease of use to effectively support these tasks.
This paper presents a novel binary rewriting framework that addresses this challenge by allowing additional instructions to be inserted into ESP32 firmware without altering its original functionality. The framework leverages two already existing tools, Esptool and ESP32-Image-Parser, to extract firmware from ESP32 devices and convert it to ELF format, simplifying both the implementation of the framework and the development of subsequent tools.
In addition, an assembler has been developed to encode Xtensa assembly instructions without the need for linking the code afterward, facilitating the development of patch code. The framework includes a new patching methodology adapted from x86 patching tactics to the Xtensa architecture. These tactics have been implemented in a binary rewriting framework capable of inserting code at almost arbitrary locations without affecting the original firmware functionality.
A proof of concept tool that inserts fuzzing instrumentation was implemented to demonstrate the utility of the framework. ... mehrThis tool successfully integrates functional coverage information into ESP32 binaries. This framework represents a significant advancement in the tools available for firmware analysis and security testing of ESP32 devices.