Many resources state that Firmware image is an ELF file/format. I've checked that by executing file command using several firmware images (.bin), the outcome of this command doesn't mention anything related to ELF. Unlike when I executed the same command over ELF files, where I was receiving something like ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, not stripped.
The reason I'm asking about that, I want to test an approach for detecting malicious ELF files, I already have the ELF malicious files, but I don't have benign ELF files, therefore was thinking if I can use Firmware images as benign ELF files.
Asked
Active
Viewed 1,375 times
1
Mohannad
- 93
- 12
1 Answers
2
Most Firmware will be in a binary format, referred to as a bin file. So these bin files would not be useful for your test. Here is an answer discussing the difference between the two formats. https://stackoverflow.com/a/2427229/7275012
Community
- 1
- 1
Randy Leberknight
- 1,363
- 9
- 17