With the advancement of Internet of Things (IoT) technology, its applications span various sectors such as public, industrial, private and military. In particular, the drone sector has gained significant attention for both commercial and military purposes. As a result, there has been a surge in research focused on vulnerability analysis of drones. However, most security research to mitigate threats to IoT devices has focused primarily on networks, firmware and mobile applications. Of these, the use of fuzzing to analyze the security of firmware requires emulation of the firmware. However, when it comes to drone firmware, the industry lacks emulation and automated fuzzing tools. This is largely due to challenges such as limited input interfaces, firmware encryption and signatures. While it may be tempting to assume that existing emulators and automated analyzers for IoT devices can be applied to drones, practical applications have proven otherwise. In this paper, we discuss the challenges of dynamically analyzing drone firmware and propose potential solutions. In addition, we demonstrate the effectiveness of our methodology by applying it to DJI drones, which have the largest market share.

翻译：随着物联网技术的进步，其应用已遍及公共、工业、私人和军事等多个领域。特别是无人机领域，在商业和军事用途上都获得了极大关注。因此，针对无人机漏洞分析的研究也大幅增加。然而，目前大多数旨在缓解物联网设备威胁的安全研究主要集中于网络、固件和移动应用程序。其中，使用模糊测试来分析固件安全性需要对固件进行仿真。然而，对于无人机固件，业界缺乏仿真和自动化模糊测试工具。这主要是由于输入接口有限、固件加密和签名等挑战所致。虽然人们可能倾向于认为现有的物联网设备仿真器和自动化分析工具可以应用于无人机，但实际应用证明并非如此。本文讨论了动态分析无人机固件所面临的挑战，并提出了潜在的解决方案。此外，我们通过将所提方法应用于市场份额最大的DJI无人机，验证了其有效性。