Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware.
The master
branch provides the latest version of Karonte, ported to python3. For the original implementation and experiments presented in our paper, please checkout the IEEE-SP-20
branch and have a look at our docker container.
We present our approach and the findings of this work in the following research paper:
KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware
[PDF]
Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna.
In Proceedings of the IEEE Symposium on Security & Privacy (S&P), May 2020
If you use Karonte in a scientific publication, we would appreciate citations using this Bibtex entry:
@inproceedings{redini_karonte_20,
author = {Nilo Redini and Aravind Machiry and Ruoyu Wang and Chad Spensky and Andrea Continella and Yan Shoshitaishvili and Christopher Kruegel and Giovanni Vigna},
booktitle = {In Proceedings of the IEEE Symposium on Security & Privacy (S&P)},
month = {May},
title = {KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware},
year = {2020}
}
There are four main directories:
To run karonte, from the root directory, just run
SYNOPSIS python tool/karonte.py JSON_CONFIG_FILE [LOG_NAME]
DESCRIPTION runs karonte on the firmware sample represented by the JSON_CONFIG_FILE, and save the results in LOG_NAME
EXAMPLE python tool/karonte.py config/NETGEAR/r_7800.json It runs karonte on the R7800 NETGEAR firmware
By default, results are saved in /tmp/ with the suffix Karonte.txt.
To inspect the generated alerts, just run:
python tool/pretty_print.py LOG_NAME
You can obtain the dataset that we used to evaluate Karonte at this link.