I recently noticed the presentation of Job de Haas of ITSX. It's not likely that I'll be attending any Black Hat conferences outside of the country so I wouldn't have been able to see it live.
The presentation mentions a Python toolkit for handling ROM images. If it gets released publicly I might not get around to writing a ROM file dumper.
Currently, I believe IDA is the only other software that handles Symbian ROM files. The python toolkit apparently allows one to browse the rom image, file to file.
The presentation also mentions acquiring the ordinals for the functions in the ARM binaries by converting from the emulator binaries while debugging with symbols. Nope, I misread that. It appears to state retrieving the ordinals from the Libs, a reference to the import libraries in the SDK. Makefn does something similar. The output from the nm in the Symbian SDK can also be used with suitable polishing. Using the emulator binaries with debug symbols is good for exploring the OS itself, but not as useful with analyzing ROM format malware. The python toolkit's browising capability provides the necessary ROM context in this case.
Good pointers on the Symbian 7.0 base porting guide. The guide includes the ROM formats with hex offsets. Clearer than the header files.
Subscribe to:
Post Comments (Atom)
Auto "Kill Switch", solving the wrong problem?
Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...
-
Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...
-
A number of factors drive malware on new platforms. The chance for pure discovery and experimentation, the desire to be the first, a need to...
No comments:
Post a Comment