| Title | Return-Oriented Programming Gadget Catalog for the Xtensa Architecture |
| Publication Type | Conference Paper |
| Year of Publication | 2022 |
| Authors | Amatov, Batyi, Lehniger, Kai, Langendorfer, Peter |
| Conference Name | 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops) |
| Date Published | mar |
| Keywords | codes, composability, Computer architecture, Conferences, Esp32, gadget catalog, gadget chaining, human factors, performance evaluation, Pervasive computing, Programming, pubcrawl, Resiliency, return-oriented programming, rop attacks, Scalability, usability, window ABI, Xtensa |
| Abstract | This paper shows that the modern high customizable Xtensa architecture for embedded devices is exploitable by Return-Oriented Programming (ROP) attacks. We used a simple Hello-World application written with the RIOT OS as an almost minimal code basis for determining if the number of gadgets that can be found in this code base is sufficient to build a reasonably complex attack. We determined 859 found gadgets which are sufficient to create a gadget catalog for the Xtensa. Despite the code basis used being really small, the presented gadget catalog provides Turing completeness, which allows an arbitrary computation of any exploit program. |
| DOI | 10.1109/PerComWorkshops53856.2022.9767489 |
| Citation Key | amatov_return-oriented_2022 |
Return-Oriented Programming Gadget Catalog for the Xtensa Architecture