Bushwacking your way around a bootloader
Rebecca (.bx) Shapiro
Even when you have access to some binary’s source code, it can still be challenging to un- derstand said software. In this talk, I will discuss the techniques and tools I developed in order to understand and navigate the pile of code that is the open-source Das U-Boot bootloader. The tools I developed do not rely on proprietary software and instead make use of free and powerful debugging tools such as Capstone, Unicorn, and the GDB Python plugin API. My approach strives to highlight the temporal and mechanical connections that exist between higher-level behaviors and regions of the code base/binary by instrumenting, tracing, and analyzing all memory writes with respect to the software’s current execution path. This technique allows us to develop and test our understanding of the relationships between code and objects (data structures and/or regions of memory). I will discuss how these tools and techniques can be used to identify and distinguish between different phases of U-Boot execution (including distinct phases of initialization and relocation) and then show how such information can be used to design a coarse-grained memory region-based access control policy.