Binary Ninja

Trainings - Firmware Reverse Engineering

Looking to get the most out of Binary Ninja? Join one of our upcoming trainings or request a private class for your organization today!

Register Request a Private Training
 

Firmware Reverse Engineering

This course provides a comprehensive deep-dive into firmware reverse engineering using Binary Ninja and Firmware Ninja, designed for vulnerability researchers and reverse engineers targeting embedded systems. Through a series of hands-on modules and practical exercises, students will learn to navigate the unique challenges of firmware analysis.

Participants will learn how firmware interacts with hardware and develop expertise in static analysis of raw binaries and common real-time operating systems. The course emphasizes real-world problem solving and equips students to load and triage firmware consisting of unknown memory maps, unknown base addresses, and missing symbol information. Students will learn how to overcome these hurdles and implement tailored solutions to improve firmware decompilation. Additionally, students will explore powerful tooling like the Firmware Ninja plugin to accelerate analysis through entropy inspection, memory insights, board descriptions, and automated workflows.

The training also includes advanced topics such as automated analysis techniques using the Binary Ninja Python API, signature matching with WARP, and advanced program analysis concepts. By the end of the course, participants will be able to reverse common embedded real-time operating systems and custom microcontroller ROMs across numerous platforms with confidence and efficiency.

Prerequisites

Experience reverse engineering using Binary Ninja or other static analysis frameworks. Experience with ARM assembly is helpful. Familiarity with Python and C is helpful, but not required.

Key Learning Objectives

  • Automate identification of the load base address and build accurate memory maps for raw binaries
  • Create plugins to automate analysis of numerous firmware binaries in aggregate
  • Develop plugins for decompiling VLIW/DSP architectures with parallel pipelines
  • Handle extraction and analysis of firmware binaries contained within container formats
  • Improve your firmware analysis workflow with Firmware Ninja

Who Should Attend?

  • Firmware Reverse Engineers
  • Reverse Engineers
  • Vulnerability Researchers
  • Embedded Systems Security Researchers

Course Agenda

  • Overview of Binary Ninja
  • Migration from other tools
  • What firmware really is (and isn't)
  • Challenges of firmware static analysis
  • How embedded systems boot
  • Identifying the load base address manually and with BASE
  • Constructing memory maps for raw binaries
  • Identifying code and data regions in raw binaries
  • Understand the relationship between firmware and hardware
  • Handling interrupts and control flow redirection
  • Data Buses (SPI, I2C, UART, CANBUS, etc.)
  • Sensors and Analog-to-Digital Converters (ADCs)
  • Recognizing MMIO and static memory interactions
  • Using Binary Ninja's ILs to simplify complex code
  • Creating and extending custom BinaryViews
  • Using WARP to generate signatures and identify functions
  • Improve your workflow with Firmware Ninja
  • Writing scripts to automate analysis across firmware corpora
  • Integrating with Sidekick for AI-assisted RE
  • Develop a custom architecture plugin
  • RE common flavors of firmware:
  • Microcontroller / DSP ROMs
    • Vehicle Electronic Control Units (ECU)
    • Boot Firmware (U-Boot, UEFI, aboot)
    • Real-time Operating Systems (VxWorks)
    • Baseband

Hardware/Software Requirements

A laptop that can run Binary Ninja (Ubuntu 22.04/24.04 x64/arm64; Windows 10/11 x64; MacOSX 14+ x64/arm64).

(Optional) An x64 Linux VM to run class samples

Included Course Materials

  • A free non-commercial license of Binary Ninja including one year of updates (can convert to a license extension or used as a discount for a commercial upgrade upon request)
  • A one-week free trial of Sidekick redeemable within one month from the start of class
  • Slides, cheat-sheets, and tons of useful diagrams and reference resources
  • Example scripts and binaries
  • Full answers and solution scripts
  • Take-home problems at the end of class to practice what you learned and challenge you to go further!
  • (Upon request) Certificate of participation or completion usually redeemable for Class-A credit hours towards cert renewals; Check with your cert provider for additional requirements and how to redeem

Upcoming Classes