{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,3]],"date-time":"2026-07-03T16:41:08Z","timestamp":1783096868012,"version":"3.54.6"},"publisher-location":"Singapore","reference-count":41,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819788002","type":"print"},{"value":"9789819788019","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,12,25]],"date-time":"2024-12-25T00:00:00Z","timestamp":1735084800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,12,25]],"date-time":"2024-12-25T00:00:00Z","timestamp":1735084800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-97-8801-9_16","type":"book-chapter","created":{"date-parts":[[2024,12,24]],"date-time":"2024-12-24T07:06:02Z","timestamp":1735023962000},"page":"310-331","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["FirmPorter: Porting RTOSes at\u00a0the\u00a0Binary Level for\u00a0Firmware Re-hosting"],"prefix":"10.1007","author":[{"given":"Mingfeng","family":"Xin","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hui","family":"Wen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Liting","family":"Deng","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hong","family":"Li","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Qiang","family":"Li","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Limin","family":"Sun","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2024,12,25]]},"reference":[{"key":"16_CR1","unstructured":"Pwntools github repository (2024). https:\/\/github.com\/Gallopsled\/pwntools"},{"key":"16_CR2","unstructured":"Afek, J.: Booting the iOS Kernel to an Interactive Bash Shell on QEMU (2019). https:\/\/www.blackhat.com\/eu-19\/briefings\/schedule\/#booting-the-ios-kernel-to-an-interactive-bash-shell-on-qemu-17498"},{"key":"16_CR3","doi-asserted-by":"crossref","unstructured":"Basnight, Z., Butts, J., Lopez\u00a0Jr, J., Dube, T.: Firmware modification attacks on programmable logic controllers. In: International Journal of Critical Infrastructure Protection (2013)","DOI":"10.1016\/j.ijcip.2013.04.004"},{"key":"16_CR4","unstructured":"Bellard, F.: QEMU, a fast and portable dynamic translator. In: USENIX Annual Technical Conference (2005)"},{"key":"16_CR5","unstructured":"Cadar, C., Dunbar, D., Engler, D.: KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In: USENIX Symposium on Operating Systems Design and Implementation (2008)"},{"key":"16_CR6","doi-asserted-by":"crossref","unstructured":"Cao, C., Guan, L., Ming, J., Liu, P.: Device-agnostic Firmware Execution is Possible A Concolic Execution Approach for Peripheral Emulation. In: Annual Computer Security Applications Conference (2020)","DOI":"10.1145\/3427228.3427280"},{"key":"16_CR7","doi-asserted-by":"crossref","unstructured":"Chen, D.D., Egele, M., Woo, M., Brumley, D.: Towards automated dynamic analysis for linux-based embedded firmware. In: Network and Distributed System Security Symposium (2016)","DOI":"10.14722\/ndss.2016.23415"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Chipounov, V., Kuznetsov, V., Candea, G.: S2E: a platform for in-vivo multi-path analysis of software systems. In: Architectural support for programming languages and operating systems (2011)","DOI":"10.1145\/1950365.1950396"},{"key":"16_CR9","unstructured":"Clements, A.A., Carpenter, L., Moeglein, W., Wright, C.M.: Is your firmware real or re-hosted?. In: NDSS 2021 Binary Analysis Research (BAR) Workshop (2021)"},{"key":"16_CR10","doi-asserted-by":"crossref","unstructured":"Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (2016)","DOI":"10.1145\/2897845.2897900"},{"key":"16_CR11","unstructured":"Davidson, D., Moench, B., Jha, S., Ristenpart, T.: FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution. In: USENIX Security Symposium (2013)"},{"key":"16_CR12","unstructured":"Dola, F.: Applying a Stuxnet Type Attack to a Modicon PLC (2020). https:\/\/airbus-cyber-security.com\/applying-a-stuxnet-type-attack-to-a-modicon-plc"},{"key":"16_CR13","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Hodosh, J., Hulin, P., Leek, T., Whelan, R.: Repeatable reverse engineering with PANDA. In: Program Protection and Reverse Engineering Workshop (2015)","DOI":"10.1145\/2843859.2843867"},{"key":"16_CR14","doi-asserted-by":"crossref","unstructured":"Fasano, A., et\u00a0al.: Sok: Enabling security analyses of embedded systems via rehosting. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (2021)","DOI":"10.1145\/3433210.3453093"},{"key":"16_CR15","doi-asserted-by":"crossref","unstructured":"Feng, B., Luo, M., Liu, C., Lu, L., Kirda, E.: Aim: Automatic interrupt modeling for dynamic firmware analysis. IEEE Transactions on Dependable and Secure Computing (2023)","DOI":"10.1109\/TDSC.2023.3339569"},{"key":"16_CR16","unstructured":"Feng, B., Mera, A., Lu, L.: P2IM: scalable and hardware-independent firmware testing via automatic peripheral interface modeling. In: USENIX Security Symposium (2020)"},{"key":"16_CR17","unstructured":"Goodman, P., Dinaburg, A., Brunson, T.: PowerFL:Fuzzing VxWorks embedded systems (2019). https:\/\/www.petergoodman.me\/docs\/qpss-2019-slides.pdf"},{"key":"16_CR18","unstructured":"Gustafson, E., et al.: Toward the analysis of embedded firmware through automated re-hosting. In: International Symposium on Research in Attacks, Intrusions and Defenses (2019)"},{"key":"16_CR19","unstructured":"Harrison, L., Vijayakumar, H., Padhye, R., Sen, K., Grace, M.: PARTEMU: enabling dynamic analysis of real-world trustzone software using emulation. In: USENIX Security Symposium (2020)"},{"key":"16_CR20","unstructured":"Hex-Rays: IDAPython. https:\/\/www.hex-rays.com\/products\/ida\/support\/idapython_docs\/"},{"key":"16_CR21","doi-asserted-by":"crossref","unstructured":"Jiang, M.,et al.: Ecmo: Peripheral transplantation to rehost embedded linux kernels. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (2021)","DOI":"10.1145\/3460120.3484753"},{"key":"16_CR22","unstructured":"Johnson, E., et al.: Jetset: Targeted firmware rehosting for embedded systems. In: 30th USENIX Security Symposium (USENIX Security 21) (2021)"},{"key":"16_CR23","unstructured":"Kammerstetter, M., Burian, D., Kastner, W.: Embedded security testing with peripheral device caching and runtime program state approximation. In: International Conference on Emerging Security Information, Systems and Technologies (SECUWARE) (2016)"},{"key":"16_CR24","doi-asserted-by":"crossref","unstructured":"Kammerstetter, M., Platzer, C., Platzer, C.: Prospect: peripheral proxying supported embedded code testing. In: ACM symposium on Information, computer and communications security (2014)","DOI":"10.1145\/2590296.2590301"},{"key":"16_CR25","unstructured":"Koret, J.: Diaphora. https:\/\/github.com\/joxeankoret\/diaphora"},{"key":"16_CR26","unstructured":"Koscher, K., Kohno, T., Molnar, D.: SURROGATES: Enabling near-real-time dynamic analyses of embedded systems. In: USENIX Workshop on Offensive Technologies (2015)"},{"key":"16_CR27","doi-asserted-by":"crossref","unstructured":"Li, W., Shi, J., Li, F., Lin, J., Wang, W., Guan, L.: $$\\mu $$afl: non-intrusive feedback-driven fuzzing for microcontroller firmware. In: Proceedings of the 44th International Conference on Software Engineering (2022)","DOI":"10.1145\/3510003.3510208"},{"key":"16_CR28","doi-asserted-by":"crossref","unstructured":"Liu, Q., et al.: Firmguide: Boosting the capability of rehosting embedded linux kernels through model-guided kernel execution. In: 2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE) (2021)","DOI":"10.1109\/ASE51524.2021.9678653"},{"key":"16_CR29","doi-asserted-by":"crossref","unstructured":"Mera, A., Feng, B., Lu, L., Kirda, E.: Dice: Automatic emulation of dma input channels for dynamic firmware analysis. In: 2021 IEEE Symposium on Security and Privacy (SP) (2021)","DOI":"10.1109\/SP40001.2021.00018"},{"key":"16_CR30","doi-asserted-by":"crossref","unstructured":"Muench, M., Nisi, D., Francillon, A., Balzarotti, D.: Avatar2: a multi-target orchestration platform. In: Binary Analysis Research (2018)","DOI":"10.14722\/bar.2018.23017"},{"key":"16_CR31","unstructured":"Quarkslab: LIEF. https:\/\/github.com\/lief-project\/LIEF"},{"key":"16_CR32","unstructured":"Renzelmann, M.J., Kadav, A., Swift, M.M.: SymDrive: testing drivers without devices. In: USENIX Symposium on Operating Systems Design and Implementation (2012)"},{"key":"16_CR33","unstructured":"Scharnowski, T., Bars, N., Schloegel, M., Gustafson, E., Muench, M., Vigna, G., Kruegel, C., Holz, T., Abbasi, A.: Fuzzware: Using precise MMIO modeling for effective firmware fuzzing. In: 31st USENIX Security Symposium (USENIX Security 22) (2022)"},{"key":"16_CR34","unstructured":"Scharnowski, T., W\u00f6rner, S., Buchmann, F., Bars, N., Schloegel, M., Holz, T.: Hoedur: embedded firmware fuzzing using multi-stream inputs. In: USENIX Security Symposium (USENIX Sec) (2023)"},{"key":"16_CR35","unstructured":"Talebi, S.M.S., Zhang, H.T., Hang, Zhang, Z., Sani, A.A., Qian, Z.: Charm: facilitating dynamic analysis of device drivers of mobile systems. In: USENIX Security Symposium (2018)"},{"key":"16_CR36","unstructured":"Tay, H.J., et\u00a0al.: Greenhouse:$$\\{$$Single-Service$$\\}$$ rehosting of $$\\{$$Linux-Based$$\\}$$ firmware binaries in $$\\{$$User-Space$$\\}$$ emulation. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 5791\u20135808 (2023)"},{"key":"16_CR37","unstructured":"Wei, Z.: Almost booting an iOS kernel in QEMU (2018). https:\/\/worthdoingbadly.com\/xnuqemu\/"},{"key":"16_CR38","unstructured":"Wei, Z.: Tutorial - emulate an iOS kernel in QEMU up to launchd and userspace (2018). https:\/\/worthdoingbadly.com\/xnuqemu2\/"},{"key":"16_CR39","doi-asserted-by":"crossref","unstructured":"Wright, C., Moeglein, W.A., Bagchi, S., Kulkarni, M., Clements, A.A.: Challenges in firmware re-hosting, emulation, and analysis. ACM Computing Surveys (CSUR) (2021)","DOI":"10.1145\/3423167"},{"key":"16_CR40","doi-asserted-by":"crossref","unstructured":"Zaddach, J., Bruno, L., Francillon, A., Balzarotti, D.: Avatar: a framework to support dynamic security analysis of embedded systems\u2019 firmwares. In: Network and Distributed System Security Symposium (2014)","DOI":"10.14722\/ndss.2014.23229"},{"key":"16_CR41","unstructured":"Zhou, W., Guan, L., Liu, P., Zhang, Y.: Automatic firmware emulation through invalidity-guided knowledge inference. In: 30th USENIX Security Symposium (USENIX Security 21) (2021)"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-8801-9_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,24]],"date-time":"2024-12-24T08:04:59Z","timestamp":1735027499000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-8801-9_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,25]]},"ISBN":["9789819788002","9789819788019"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-8801-9_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,25]]},"assertion":[{"value":"25 December 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information and Communications Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Mytilene","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 August 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 August 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/icics2024.aegean.gr","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}