Tuesday, November 4, 2008

MicaZ Code Injection

by Travis Goodspeed <travis at utk.edu>

Aurélien Francillon and Claude Castelluccia of France's INRIA recently demonstrated at CCS2008 a code-injection attack that reflashes Mica wireless sensors. This is more difficult than my TelosB attack because the MicaZ uses a Harvard-architecture CPU, one that is incapable of directly executing RAM. The authors use meta-gadgets, collections of executable code found already within the device, to copy the payload into executable flash memory. It's about damned time that someone authored a practical implementation for those things, and the paper is well worth reading.

If you quickly glance over the paper, you might miss the best part, which is not that the authors used meta-gadgets but exactly how they found the meta-gadgets. See the seventh page of their paper, the section entitled `Automating the meta-gadget implementation', for details of a modified CPU simulator that constructs meta-gadgets automatically from a given firmware image.

12 comments:

ExSp00k said...

Chances are good the signal shown to me was confusing your device. Instead of removing the cap try another with less capacity. On sharp rising the wave will sum and not be seen by the chip the same as shown on your scope.

Cheers!

Jim Rhodes said...

What code are you talking about? Check this https://essayclick.net/blog/buying-essays-online page and add some explanation there.

Unknown said...

Thanks a lot for sharing this article. It is safe to say that you are overpowered with assignments and understand focused? It is high time to buy paper reviews online. A great paper will be written at your request.

Qasim Khan said...

Thanks for sharing this beautiful post for the spring of watercolors. use in a different manner is really awesome. Biker Boyz Motorcycle Leather Jacket

Qasim Khan said...

Very good writings. Maybe someone know, where can I find top rated Assignment Paraphrasing Services Uk? This post wrote good professional, which knows own work. And I need help with my essay, something like this article.

shopify said...

With Penetration Testing Services we validate skill levels within the real-time.

Ramon John said...

The website is looking bit flashy and it catches the visitors eyes. Design is pretty simple and a good user friendly interface.UPHOLSTERY CLEANING Pageland

Unknown said...

La Société Epitex propose aujourd’hui, avec tous les services associés, une gamme très large de matériels dans des domaines variés comme matériels d’aspiration, de stockage, de décontamination mais également des décapants chimiques, des équipements de protection individuelle et consommables.
Aujourd’hui, le professionnalisme et la performance de la Société Epitex s’appuient sur les compétences de 20 collaborateurs formés pour aider au choix du matériel et des consommables adaptés aux résultats recherchés. Conscient de sa responsabilité en tant que majeur au marché du désamiantage et du descellement. Epitex France

شركة فرسان المدينة said...

شركة مكافحة حشرات بالمدينة المنورة
شركة تنظيف منازل بالمدينة المنورة
شركة تركيب طارد الحمام بالمدينة المنورة

Unknown said...

Overtræk med overdækkede sømme
Beskyttelsesovertræk i ikke-vævet SMS med ankler, ansigt, håndled og elastik i taljen for at justere størrelsen. Også med selvklæbende klap for bedre lukning forfra.
Type 5 & 6 med fuld overensstemmelse med klassificering i henhold til EN 14325
Materiale: SMS 100% polypropylen 50 g / m2
Størrelse: L-XL-XXL-XXXL
Farve: Blå, Rød, Hvid Asbestfjernelse Beskyttelsesbeklædning Hvid overall

Seo Expert said...

cetaphil price in pakistan cetaphil is a skin care range that delivers moisturizing, smooth and soft skin care to normal and sensitive skin types. The range provides a complete solution to daily skin care problems with the help of a single product.

Seo Expert said...

romega omega 3 romega omega 3 is a new product from the famous brand of omega-3 fish oil. It's convenient, easy-to-use, and fits perfectly with your diet.