With the advancement of Internet of Things (IoT) technology, its applications span various sectors such as public, industrial, private and military. In particular, the drone sector has gained significant attention for both commercial and military purposes. As a result, there has been a surge in research focused on vulnerability analysis of drones. However, most security research to mitigate threats to IoT devices has focused primarily on networks, firmware and mobile applications. Of these, the use of fuzzing to analyse the security of firmware requires emulation of the firmware. However, when it comes to drone firmware, the industry lacks emulation and automated fuzzing tools. This is largely due to challenges such as limited input interfaces, firmware encryption and signatures. While it may be tempting to assume that existing emulators and automated analysers for IoT devices can be applied to drones, practical applications have proven otherwise. In this paper, we discuss the challenges of dynamically analysing drone firmware and propose potential solutions. In addition, we demonstrate the effectiveness of our methodology by applying it to DJI drones, which have the largest market share.

翻译：随着物联网技术的进步，其应用已遍及公共、工业、私人与军事等多个领域。其中，无人机领域因兼具商业与军事用途而备受关注，针对无人机的漏洞分析研究也随之激增。然而，当前多数旨在减轻物联网设备安全威胁的研究主要聚焦于网络、固件与移动应用。在这些研究中，利用模糊测试分析固件安全性需要对固件进行仿真。但针对无人机固件，业界尚缺乏仿真与自动化模糊测试工具，这主要源于输入接口有限、固件加密及签名验证等挑战。尽管人们可能倾向于认为现有的物联网设备仿真器与自动化分析工具可直接应用于无人机，但实际应用结果却表明并非如此。本文探讨了无人机固件动态分析中的难点，并提出了可行的解决方案。此外，我们通过将方法论应用于市场占有率最高的大疆无人机，验证了其有效性。