Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware
Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware.
We present our approach and the findings of this work in the following research paper:
KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware
[PDF]
Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna.
In Proceedings of the IEEE Symposium on Security & Privacy (S&P), May 2020
If you use Karonte in a scientific publication, we would appreciate citations using this Bibtex entry:
tex @inproceedings{redini_karonte_20, author = {Nilo Redini and Aravind Machiry and Ruoyu Wang and Chad Spensky and Andrea Continella and Yan Shoshitaishvili and Christopher Kruegel and Giovanni Vigna}, booktitle = {In Proceedings of the IEEE Symposium on Security & Privacy (S&P)}, month = {May}, title = {KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware}, year = {2020} }
There are four main directories: - tool: Karonte python files - firmware: Karonte firmware dataset - configs: configuration files to analyze the firmware samples in the dataset - eval: scripts to run the various evaluations on Karonte - karonte-viz: script to visualize the results produced by Karonte
To run karonte, from the root directory, just run
SYNOPSIS python tool/karonte.py JSONCONFIGFILE [LOG_NAME]
DESCRIPTION runs karonte on the firmware sample represented by the JSONCONFIGFILE, and save the results in LOG_NAME
EXAMPLE python tool/karonte.py config/NETGEAR/r_7800.json It runs karonte on the R7800 NETGEAR firmware
By default, results are saved in /tmp/ with the suffix Karonte.txt.
To inspect the generated alerts, just run:
python tool/pretty_print.py LOG_NAME
A dockerized version of Karonte ready to use can be found here
You can obtain Karonte dataset at this link