TUM Logo

Automated Analysis of Android Applications: Reverse Engineering the Firmware Update Process of SmartHome Devices

Automated Analysis of Android Applications: Reverse Engineering the Firmware Update Process of SmartHome Devices

Supervisor(s): Fabian Franzen
Status: finished
Topic: Others
Author: Nico Nußer
Submission: 2023-04-17
Type of Thesis: Masterthesis


SmartHome devices are becoming more and more popular in private homes. Since these devices often handle personal and sensitive data,

it is especially important to analyze their firmware for vulnerabilities and to check for abnormal behavior. There are multiple existing binary

analysis approaches, that can be performed on a device’s firmware. As not all manufacturers offer their firmware binaries for public download,

researchers need to obtain the firmware binaries through alternative means. One possible source can be companion apps for smartphones, that

are often used to perform firmware updates on SmartHome devices.

In this thesis, we introduce FirmwareFinder. A toolkit that is designed to help researchers to reverse engineer firmware update processes, in order to

obtain firmware binaries. Using static code analysis, it is able to extract firmware binaries and REST API endpoint definitions from APK files. Further,

it enables researchers to dynamically analyze applica- tions, by logging and manipulating Bluetooth and Network interactions. The evaluation showed

that FirmwareFinder is able to extract complete definitions of REST API end- points. Using FirmwareFinder’s dynamic analysis features, the successful

manipulation of a Bluetooth interaction during a firmware update was demonstrated. Additionally to this, the firmware update binary was intercepted

and extracted at the same time. Lastly, the firmware update processes of 100 randomly selected, SmartHome related, apps were deconstructed and

analyzed. The Update mechanisms were categorized and 484 firmware binaries from 16 Apps were obtained.

We concluded that FirmwareFinder can assist researchers in the process of reverse engineering Android applications. It facilitates the process of extracting

firmware binaries and can also be used in other fields of application. While the evaluation confirmed the overall functionality of FirmwareFinder, it also revealed

that certain features can still be improved.