Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging
Frankenstein provides a virtual environment to fuzz wireless firmwares Firmwares can be hooked during runtime to extract their current state (ie, xmitstate through InternalBlue) Then, they can be re-executed in a virtual environment for fuzzing To do so, the firmware image needs to be reassembled to an ELF file that can be executed with QEMU The firmware image reassembly