Reverse engineering and retrofitting robotic aerial vehicle control firmware using dispatch

Taegyu Kim, Aolin Ding, Sriharsha Etigowni, Pengfei Sun, Jizhou Chen, Luis Garcia, Saman Zonouz, Dongyan Xu, Dave Jing Tian

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Unmanned Aerial Vehicles as a service (UAVaaS) has increased the field deployment of Robotic Aerial Vehicles (RAVs) for different services such as transportation and terrain exploration. These RAVs are controlled by firmware, which is often closed-source, developed by vendors, and flashed into the ROM. While these binary blobs enable off-the-shelf management of RAVs, end users (individuals or organizations) have no idea if the control firmware is designed and implemented correctly, and can only rely on firmware updates from vendors when any vulnerability is discovered. This paper proposes DisPatch, the first reverse engineering and patching framework for understanding and improving controller design and implementation within RAV firmware. DisPatch first decompiles binary instructions and recovers controller functions and core controller variables by combining control theory with program analysis using symbolic execution and data flow analysis. End users can then write a patch in a domain-specific language (DSL), which will be translated and injected into the binary firmware by DisPatch automatically. We have applied DisPatch to two instances of commodity firmware from3DR IRIS+ and MantisQ RAVs and demonstrated 100% and 80.7% accuracy respectively in the controller decompilation. We have also shown the ability to prevent severe controller performance degradation by patching two real-world bugs with in the firmware and without breaking other functionality. Finally, we show that DisPatch introduces less than 0.53% of space overhead and 1.48% of runtime overhead without violating the soft real-time deadlines. DisPatch provides the first step towards an RAV binary firmware reverse engineering and patching system to customize controller design and implementation.

Original languageEnglish (US)
Title of host publicationMobiSys 2022 - Proceedings of the 2022 20th Annual International Conference on Mobile Systems, Applications and Services
PublisherAssociation for Computing Machinery, Inc
Pages69-83
Number of pages15
ISBN (Electronic)9781450391856
DOIs
StatePublished - Jun 27 2022
Event20th ACM International Conference on Mobile Systems, Applications and Services, MobiSys 2022 - Portland, United States
Duration: Jun 27 2022Jul 1 2022

Publication series

NameMobiSys 2022 - Proceedings of the 2022 20th Annual International Conference on Mobile Systems, Applications and Services

Conference

Conference20th ACM International Conference on Mobile Systems, Applications and Services, MobiSys 2022
Country/TerritoryUnited States
CityPortland
Period6/27/227/1/22

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'Reverse engineering and retrofitting robotic aerial vehicle control firmware using dispatch'. Together they form a unique fingerprint.

Cite this