End-to-end security analysis for embedded systems — from hardware-level firmware extraction and emulation to protocol fuzzing across the full embedded stack.
Embedded systems are everywhere — routers, IoT devices, medical equipment, industrial controllers, and automotive ECUs. Yet their security is often overlooked due to the difficulty of analysis at the hardware and firmware level.
Our research develops automated tools and methodologies for extracting, emulating, and fuzzing firmware — making embedded security analysis scalable and accessible to the broader security community.
We cover the full stack of embedded security — from physical hardware to network protocols.
Advanced hardware-level techniques for extracting firmware images: JTAG debugging, SPI/NOR flash dumping, UART shell access, and chip-off analysis. We develop automated toolchains for common embedded platforms.
Full-system and partial emulation of embedded firmware using QEMU and custom emulators. Our approach handles peripheral interaction, NVRAM simulation, and hardware abstraction for dynamic analysis without physical devices.
Automated grammar-guided fuzzing for IoT network protocols — including HTTP management interfaces, UPnP, MQTT, CoAP, and custom binary protocols. Stateful fuzzing with coverage feedback for deep bug discovery.
Systematic vulnerability discovery combining static analysis (taint tracking, pattern matching) with dynamic techniques (debugging, crash analysis) to identify command injection, buffer overflows, and authentication bypasses.
Security assessment methodologies for SCADA systems, PLCs, and industrial control networks. Protocol analysis for Modbus, OPC-UA, and proprietary industrial communication protocols.
Automated vulnerability report generation with proof-of-concept payloads, impact assessment, and remediation guidance. Integrates with CVE/CNVD submission workflows.
Our end-to-end methodology for embedded security assessment.
Identify target device, hardware components, debug interfaces, and communication protocols.
Extract firmware via hardware interfaces or OTA update channels. Unpack and analyze filesystem contents.
Set up full-system emulation. Apply protocol fuzzing and dynamic analysis to discover vulnerabilities.
Generate detailed vulnerability reports with PoC exploits and coordinate responsible disclosure.