How to extract embedded systems binaries?

Extracting the firmware from embedded systems is currently a cumbersome, manual task that often involves significant trial & error, and significant skill. A technical expert needs to probe various connectors on the device, incl. pin layouts, baud rates, voltages etc. Once successful, the technical expert may be presented with a console shell, which may sometimes ask for login information. Once logged in, there is often a stripped-down operating system that makes mounting external storage challenging. Upon successfully mounting external storage (e.g. via USB), the firmware can be extracted and uploaded into the binary analysis solution.

If you are fortunate, your device manufacturer may provide you with diagnostics tools for the device under test. If so, these tools often make extraction much easier and more reliable. However, many organizations do not have access to such manufacturer specific diagnostics tools, or manufacturers do not offer them. Also, you likely need a manufacturer specific diagnostics tool for each kind of device.

Unfortunately there is currently no one-size-fits-all device that can extract the firmware from all embedded systems.

We have developed a pre-release of a handheld device platform that supports extraction from a (small-ish) number of embedded systems out of the box, via common connectors such as console serial ports, USB, UART etc. If you are interested in how this works, please check out the demo video on our VAPTBOX page. This pre-release device hardware/software platform makes it easier for organizations to develop repeatable and automated extraction tools for their devices – and ObjectSecurity can also assist.

ObjectSecurity securely brings together data & analytics to create intelligence and automation.

We are leading experts in technologies and services to drive the information age in your organization –  including:
cybersecurity, data analytics, supply chain risk analysis, and artificial intelligence.