Cutting through the complexity of reverse engineering embedded devices

Sam Thomas, Jan Van Den Herrewegen, Georgios Vasilakis, Zitai Chen, Mihai Ordean, Flavio Garcia

Research output: Contribution to journalArticlepeer-review

216 Downloads (Pure)


Performing security analysis of embedded devices is a challenging task. They present many difficulties not usually found when analyzing commodity systems: undocumented peripherals, esoteric instruction sets, and limited tool support. Thus, a significant amount of reverse engineering is almost always required to analyze such devices. In this paper, we present Incision, an architecture and operating-system agnostic reverse engineering framework. Incision tackles the problem of reducing the upfront effort to analyze complex end-user devices. It combines static and dynamic analyses in a feedback loop, enabling information from each to be used in tandem to improve our overall understanding of the firmware analyzed. We use Incision to analyze a variety of devices and firmware. Our evaluation spans firmware based on three RTOSes, an automotive ECU, and a 4G/LTE baseband. We demonstrate that Incision does not introduce significant complexity to the standard reverse engineering process and requires little manual effort to use. Moreover, its analyses produce correct results with high confidence and are robust across different OSes and ISAs.
Original languageEnglish
Pages (from-to)360-389
Number of pages30
JournalIACR Transactions on Cryptographic Hardware and Embedded Systems
Issue number3
Publication statusPublished - 9 Jul 2021


  • Embedded device firmware
  • Hardware-based execution tracing
  • Reverse engineering


Dive into the research topics of 'Cutting through the complexity of reverse engineering embedded devices'. Together they form a unique fingerprint.

Cite this