Dynamic analysis and especially fuzzing are challenging tasks for embedded firmware running on modern low-end Microcontroller Units (MCUs) due to performance overheads from instruction emulation, the difficulty of emulating the vast space of available peripherals, and low availability of open-source embedded firmware. Consequently, efficient security testing of MCU firmware has proved to be a resource- and engineering-heavy endeavor. EmbedFuzz introduces an efficient end-to-end fuzzing framework for MCU firmware. Our novel firmware transplantation technique converts binary MCU firmware to a functionally equivalent and fuzzing-enhanced version of the firmware which executes on a compatible high-end device at native performance. Besides the performance gains, our system enables advanced introspection capabilities based on tooling for typical Linux user space processes, thus simplifying analysis of crashes and bug triaging. In our evaluation against state-of-the-art MCU fuzzers, EmbedFuzz exhibits up to eight-fold fuzzing throughput while consuming at most a fourth of the energy thanks to its native execution.

翻译：动态分析，尤其是模糊测试，对于运行在现代低端微控制器单元（MCU）上的嵌入式固件而言，是具有挑战性的任务。这主要源于指令仿真带来的性能开销、仿真大量可用外设空间的困难，以及开源嵌入式固件的稀缺性。因此，对MCU固件进行高效的安全测试已被证明是一项资源密集且工程繁重的工作。EmbedFuzz提出了一种高效的端到端MCU固件模糊测试框架。我们新颖的固件移植技术将二进制MCU固件转换为功能等效且经过模糊测试增强的固件版本，该版本可在兼容的高性能设备上以原生性能执行。除了性能提升，我们的系统还基于典型的Linux用户空间进程工具，实现了高级的内省能力，从而简化了崩溃分析和漏洞分类。在与最先进的MCU模糊测试工具进行评估对比时，得益于其原生执行特性，EmbedFuzz展现出高达八倍的模糊测试吞吐量，同时最多仅消耗四分之一的能量。