Depth Analysis Method For Undocumented Instructions In Embedded Processors

With the advancement of information technology and the development of large-scale integrated circuit technology,embedded processors are widely used in fields such as communication,military,and industrial applications.However,they also constantly expose various security issues.Digital Signal Processors(DSPs),which are specialized embedded processors designed for digital signal processing operations,are not immune to security vulnerabilities.However,the research on DSP processor security is still in its nascent stage,lacking efficient and comprehensive tools for studying DSP processor security.Hence,thesis focuses on investigating key technologies for rapidly discovering and performing in-depth analysis of undocumented instructions in DSP processors,taking into account the unique hardware architecture features of DSP processors.The main work of thesis is as follows:(1)Build a disassembly tool based on the TMS320C674 x instruction systemIn the process of mining processor undocumented instructions,it is necessary to distinguish between undefined instructions and public instructions in the instruction space.Thesis builds a DSP processor instructions disassembly database according to the TMS320C674 x DSP processor instruction set manual,and develops a binary instruction disassembly tool for the C674 x processor,which can accurately disassemble a 32-bit instruction or a 16-bit binary instruction into an easy-to-understand Assembly instruction.(2)A method for automatic mining of undocumented instructions for DSP processors is proposedBased on the binary instruction disassembly tool of DSP processor,an undocumented instructions automatic mining method for DSP processor is proposed.Firstly,the instruction to be tested is generated according to the distribution rule of the operation code in the binary instruction of the DSP processor.Then the instruction to be tested is disassembled and analyzed,and the public instructions are eliminated,which greatly compresses the search space for undocumented instructions.According to the exception handling mechanism of the DSP processor,the automatic mining of undocumented instructions in the DSP processor is realized.The undocumented instructions mining of a DSP processor can be completed within a few minutes,which greatly improves the mining efficiency.Finally,through experimental verification,several undocumented instructions were excavated on three DSP processors.(3)A method for analyzing the undocumented instructions functionality of DSP processors is researchedAiming at the undocumented instructions mined in DSP processor,a function analysis method of undocumented instructions is researched.This method first validates the functionality analysis approach by testing the effects of publicly available instructions.Based on the structural characteristics of these instructions,the machine code format of undocumented instruction is analyzed.By considering information such as the instruction execution units,a comprehensive analysis of the functionality of undocumented instruction is conducted,and undocumented instructions are classified based on their functionality.Finally,based on the functionality of undocumented instruction,concealed utilization scenarios for DSP processors are designed and implemented.