With the advancement of Internet of Things (IoT) technology, its applications span various sectors such as public, industrial, private and military. In particular, the drone sector has gained significant attention for both commercial and military purposes. As a result, there has been a surge in research focused on vulnerability analysis of drones. However, most security research to mitigate threats to IoT devices has focused primarily on networks, firmware and mobile applications. Of these, the use of fuzzing to analyse the security of firmware requires emulation of the firmware. However, when it comes to drone firmware, the industry lacks emulation and automated fuzzing tools. This is largely due to challenges such as limited input interfaces, firmware encryption and signatures. While it may be tempting to assume that existing emulators and automated analysers for IoT devices can be applied to drones, practical applications have proven otherwise. In this paper, we discuss the challenges of dynamically analysing drone firmware and propose potential solutions. In addition, we demonstrate the effectiveness of our methodology by applying it to DJI drones, which have the largest market share.

翻译：随着物联网技术的发展，其应用已涵盖公共、工业、私人及军事等多个领域。其中，无人机行业在商业和军事用途上备受关注。为此，针对无人机漏洞分析的研究激增。然而，大多数缓解物联网设备威胁的安全研究主要集中于网络、固件和移动应用。其中，利用模糊测试分析固件安全性需要对固件进行仿真。但就无人机固件而言，业界缺乏仿真和自动化模糊测试工具。这主要源于输入接口有限、固件加密及签名等挑战。尽管人们可能认为现有针对物联网设备的仿真器和自动化分析工具可应用于无人机，但实践证明并非如此。本文探讨了动态分析无人机固件的难点，并提出了潜在解决方案。此外，我们将该方法应用于市场占有率最大的大疆无人机，验证了其有效性。