The functions of an embedded device are largely dictated by the software that it runs. To assess security problems in the firmware, reverse engineering is a useful approach. There are two reasons for this:

• The embedded software, the firmware, may not be available as source code for security review. Ownership may for instance lie with a third party that is not willing to provide access.
• Although not the most efficient evaluation method, not having the source code can be useful to test the product with the "same state of mind" as an attacker. An attacker often also needs to work from the embedded firmware.

Riscure uses different techniques to perform reverse engineering of firmware and PC software code.

Static analysis techniques 

For static analysis the tool of choice is IDA Pro. Using this interactive disassembler we perform static analysis. As IDA Pro is extensible we develop specific plug-ins to aid reverse engineering of less popular instruction sets. Adapting IDA Pro to obfuscation techniques has also proven useful.

Dynamic analysis techniques

Static analysis techniques are often not sufficient when obfuscation and protective measures have been implemented in the firmware. Therefore we also employ dynamic analysis techniques using simulators and emulators. For this we build on top of open source developments such as gxemul and skyeye. These tools allow us to execute (parts) of the firmware to analyze unpacking and decryption routines. These techniques can sometimes be supplemented with on-chip debugging techniques such as with JTAG. This allows us to take into account on-chip security features when used in firmware.