{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T13:16:23Z","timestamp":1775913383713,"version":"3.50.1"},"reference-count":79,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"8","license":[{"start":{"date-parts":[[2021,4,15]],"date-time":"2021-04-15T00:00:00Z","timestamp":1618444800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,4,15]],"date-time":"2021-04-15T00:00:00Z","timestamp":1618444800000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,4,15]],"date-time":"2021-04-15T00:00:00Z","timestamp":1618444800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,4,15]],"date-time":"2021-04-15T00:00:00Z","timestamp":1618444800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2018YFB0803400"],"award-info":[{"award-number":["2018YFB0803400"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2018YFB2100300"],"award-info":[{"award-number":["2018YFB2100300"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2017YFB1003000"],"award-info":[{"award-number":["2017YFB1003000"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"U.S. National Science Foundation","doi-asserted-by":"publisher","award":["Award 1643835"],"award-info":[{"award-number":["Award 1643835"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"U.S. National Science Foundation","doi-asserted-by":"publisher","award":["Award 1931871"],"award-info":[{"award-number":["Award 1931871"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"U.S. National Science Foundation","doi-asserted-by":"publisher","award":["Award 1915780"],"award-info":[{"award-number":["Award 1915780"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000015","name":"U.S. Department of Energy","doi-asserted-by":"publisher","award":["DEEE0009152"],"award-info":[{"award-number":["DEEE0009152"]}],"id":[{"id":"10.13039\/100000015","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072103"],"award-info":[{"award-number":["62072103"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072102"],"award-info":[{"award-number":["62072102"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072098"],"award-info":[{"award-number":["62072098"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62022024"],"award-info":[{"award-number":["62022024"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61972088"],"award-info":[{"award-number":["61972088"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61702097"],"award-info":[{"award-number":["61702097"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61632008"],"award-info":[{"award-number":["61632008"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61532013"],"award-info":[{"award-number":["61532013"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004608","name":"Jiangsu Provincial Natural Science Foundation for Excellent Young Scholars","doi-asserted-by":"publisher","award":["BK20190060"],"award-info":[{"award-number":["BK20190060"]}],"id":[{"id":"10.13039\/501100004608","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Jiangsu Provincial Key Laboratory of Network and Information Security","award":["BM2003201"],"award-info":[{"award-number":["BM2003201"]}]},{"DOI":"10.13039\/501100011151","name":"Key Laboratory of Computer Network and Information Integration of Ministry of Education of China","doi-asserted-by":"publisher","award":["93K-9"],"award-info":[{"award-number":["93K-9"]}],"id":[{"id":"10.13039\/501100011151","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Collaborative Innovation Center of Novel Software Technology and Industrialization"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Internet Things J."],"published-print":{"date-parts":[[2021,4,15]]},"DOI":"10.1109\/jiot.2020.3036232","type":"journal-article","created":{"date-parts":[[2020,11,5]],"date-time":"2020-11-05T20:35:57Z","timestamp":1604608557000},"page":"6815-6827","source":"Crossref","is-referenced-by-count":37,"title":["On Manually Reverse Engineering Communication Protocols of Linux-Based IoT Systems"],"prefix":"10.1109","volume":"8","author":[{"given":"Kaizheng","family":"Liu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ming","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhen","family":"Ling","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Huaiyu","family":"Yan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yue","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinwen","family":"Fu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wei","family":"Zhao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref73","first-page":"18","article-title":"Avatar 2: A multi-target orchestration platform","author":"muench","year":"2018","journal-title":"Proc 1st Workshop Binary Anal Res NDSS Symp (BAR)"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"ref71","first-page":"1237","article-title":"P²IM: Scalable and hardware-independent firmware testing via automatic peripheral interface modeling","author":"feng","year":"2020","journal-title":"Proc 29th USENIX Security Symp (USENIX Security)"},{"key":"ref70","first-page":"135","article-title":"Toward the analysis of embedded firmware through automated re-hosting","author":"gustafson","year":"2019","journal-title":"Proc 22nd Int Symp Res Attacks Intrusions Defenses (RAID)"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2015.7417621"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.5220\/0006393704700477"},{"key":"ref74","first-page":"309","article-title":"Inception: System-wide security testing of real-world embedded systems software","author":"corteggiani","year":"2018","journal-title":"Proc 27th USENIX Security Symp (USENIX Security)"},{"key":"ref39","year":"2020","journal-title":"Android Debug Bridge (Adb)"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-014-0250-0"},{"key":"ref38","year":"2008","journal-title":"IDA Pro Disassembler"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/JCSSE.2018.8457340"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2019.00034"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24177-7_15"},{"key":"ref32","year":"2020","journal-title":"Obfuscation or Cryptography"},{"key":"ref31","author":"heffner","year":"2010","journal-title":"Binwalk firmware analysis tool"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2693"},{"key":"ref37","year":"2017","journal-title":"Android Studio"},{"key":"ref36","year":"2019","journal-title":"Smali2java"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.40"},{"key":"ref34","doi-asserted-by":"crossref","first-page":"359","DOI":"10.1007\/978-3-319-26362-5_17","article-title":"AppSpear: Bytecode decrypting and dex reassembling for packed android malware","author":"yang","year":"2015","journal-title":"Proc 18th Int Symp Res Attacks Intrusions Defenses (RAID)"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23089"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60033-8_39"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2643"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2013.05.008"},{"key":"ref28","author":"connor","year":"2020","journal-title":"Apktool"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2006.55"},{"key":"ref27","year":"2020","journal-title":"How Can I Trust Cacert’s Root Certificate?"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/IWCMC.2014.6906344"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/2594368.2594390"},{"key":"ref29","year":"2018","journal-title":"Signapk—Onboard APK Signing Script for Android Devices"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2016.7906947"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23205"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23415"},{"key":"ref2","first-page":"1687","article-title":"Sensitive information tracking in commodity IoT","author":"celik","year":"2018","journal-title":"Proc 27th USENIX Security Symp (USENIX Security)"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.13"},{"key":"ref20","first-page":"177","article-title":"Reverse engineering iOS mobile applications","author":"erfani","year":"2012","journal-title":"Proc Working Conf Reverse Eng (WCRE)"},{"key":"ref22","year":"2020","journal-title":"Bus Pirate Homepage"},{"key":"ref21","doi-asserted-by":"crossref","DOI":"10.4271\/2007-01-3523","article-title":"Firmware update over the air (FOTA) for automotive industry","author":"shavit","year":"2007"},{"key":"ref24","year":"2018","journal-title":"StarProg-F Engineering Programmer"},{"key":"ref23","first-page":"1","article-title":"Reverse engineering flash memory for fun and benefit","author":"oh","year":"2014","journal-title":"Proc 17th Black Hat"},{"key":"ref26","author":"cortesi","year":"2010","journal-title":"Mitmproxy A Free and Open Source Interactive HTTPS Proxy Version 5 3"},{"key":"ref25","author":"malinen","year":"2020","journal-title":"Hostapd IEEE 802 11 AP IEEE 802 1X\/WPA\/WPA2\/EAP\/RADIUS Authenticator"},{"key":"ref50","doi-asserted-by":"crossref","first-page":"4451","DOI":"10.3390\/s18124451","article-title":"On the security and data integrity of low-cost sensor networks for air quality monitoring","volume":"18","author":"luo","year":"2018","journal-title":"SENSORS"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/ICII.2019.00045"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23287"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2699026.2699132"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2018.2875240"},{"key":"ref56","first-page":"1","article-title":"IoT hacking—A primer","volume":"11","author":"papp","year":"2019","journal-title":"Infocommun J"},{"key":"ref55","doi-asserted-by":"crossref","first-page":"423","DOI":"10.1007\/978-3-540-70545-1_40","article-title":"Jakstab: A static analysis platform for binaries","author":"kinder","year":"2008","journal-title":"Proc 20th Comput -Aided Verification (CAV)"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3173162.3177157"},{"key":"ref53","first-page":"95","article-title":"A large-scale analysis of the security of embedded firmwares","author":"costin","year":"2014","journal-title":"Proc 23rd USENIX Security Symp (USENIX Security)"},{"key":"ref52","author":"tumbleson","year":"2019","journal-title":"FDex2"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134624"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2015.05.013"},{"key":"ref40","year":"2019","journal-title":"Xposed module repository"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2016.7860484"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2017.8254011"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2707465"},{"key":"ref15","year":"2018","journal-title":"IoT Developer Survey Results"},{"key":"ref16","first-page":"638","article-title":"Identifying privilege separation vulnerabilities in IoT firmware with symbolic execution","author":"yao","year":"2019","journal-title":"Proc 24th Eur Symp Res Comput Security (ESORICS)"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/MASS.2018.00018"},{"key":"ref18","first-page":"177","article-title":"PiOS: Detecting privacy leaks in iOS applications","author":"egele","year":"2011","journal-title":"Proc Network and Distributed System Security Symp (NDSS)"},{"key":"ref19","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1145\/2994459.2994473","article-title":"CRiOS: Toward large-scale iOS application analysis","author":"orikogbo","year":"2016","journal-title":"Proc 6th Workshop Security Privacy Smartphones Mobile Devices (SPSM)"},{"key":"ref4","first-page":"1","article-title":"Data security privacy in the IoT","author":"bertino","year":"2016","journal-title":"Proc Int Conf on Extending Database Technology (EDBT)"},{"key":"ref3","first-page":"1133","article-title":"Discovering and understanding the security hazards in the interactions between IoT devices, mobile apps, and clouds on smart home platforms","author":"zhou","year":"2019","journal-title":"Proc 28th USENIX Security Symp (USENIX Security)"},{"key":"ref6","year":"2014","journal-title":"Hacking the D-Link DSP-W215 Smart Plug"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00051"},{"key":"ref8","author":"zach","year":"2013","journal-title":"Dlink DIR-815 UPnP Command Injection"},{"key":"ref7","author":"chirgwin","year":"2016","journal-title":"Get PWNED Web CCTV Cams Can Be Hijacked by Single HTTP Request"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.17487\/rfc1994"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"ref46","article-title":"Static data flow analysis for android applications","author":"arzt","year":"2017"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23146"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6062"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2104"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"ref41","year":"2020","journal-title":"Dynamic instrumentation toolkit for developers reverse-engineers and security researchers"},{"key":"ref44","article-title":"Debugging with GDB","author":"stallman","year":"2002"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/ISPASS.2010.5452024"}],"container-title":["IEEE Internet of Things Journal"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/6488907\/9398162\/9249434-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6488907\/9398162\/09249434.pdf?arnumber=9249434","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T14:53:42Z","timestamp":1652194422000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9249434\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,15]]},"references-count":79,"journal-issue":{"issue":"8"},"URL":"https:\/\/doi.org\/10.1109\/jiot.2020.3036232","relation":{},"ISSN":["2327-4662","2372-2541"],"issn-type":[{"value":"2327-4662","type":"electronic"},{"value":"2372-2541","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4,15]]}}}