Dive into VxWorks Based IoT Device: Debug the Undebugable Device presented at BlackHatAsia2019 2019

by Yu Zhou, Wenzhe Zhu, Jiashui Wang, Ruikai Liu,

Summary : VxWorks is the industry's leading real-time operating system. It has been widely used in various industry scenarios, which require real-time, deterministic performance and, in many cases, safety and security certifications. There has been a great deal of research on Linux based Router and camera, rarely seen research of VxWorks based device. Most of VxWorks based IoT devices on the market did't contain any built-in debugger like WDB(VxWorks WDB Debug Agent) or command line debugger. Without debugger it's almost impossible to analyze the root cause of a vulnerability or exploit vulnerabilities.Our talk introduces how to find vulnerabilities with memory fuzzing and debug VxWorks based IoT Device without built-in debugger.