Update on Overleaf.

2025-12-07 13:18:00 +00:00 · 2025-06-14 09:18:25 +00:00
parent a530e35137
commit 89e50d0c8d
1 changed files with 19 additions and 1 deletions
--- a/Chapters/Evaluation.tex
+++ b/Chapters/Evaluation.tex
@@ -20,10 +20,28 @@


 % findings
-% during the development of the tracer, we noticed that some esim used different aids to select the isd-r when intercepting the traffic
+
+% different isd-r aids
+% during the intital setup process of the tracer when running the tracer between some esim and their corresponding lpa
+% we noticed that some esim used different aids to select the isd-r when intercepting the traffic
 % xesim, 5ber and esim.me use different aids
 % esim.me offers both their custom aid and the common aid to select the isd-r

+% estk.me fwupd
+% estk.me offers an esim firmware update utility on their website
+% this tool can be run on some host machine and comes with the newest firmware image of the esim
+% the firmware image seems to be encrypted when looking at the shannon entropy (run this through shannon entropy tool and add actual entropy)
+% the firmware update tool is a binary
+% analysation with ghidra -> rev engeneering
+% looking at dissassembled code -> trying to guess functions based on their implementation
+
+
+% TODO: explain fwupd mechanism here
+
+% we could reimplement the code in python -> see implementation
+% with the reimplementation we could analyze the traffic further and apply similar mutations as used in the apdu fuzzing section (cref)
+% when applying these mutations to every firmware section blob the esim would immediatly reject the section 
+% based on this behaviour we assume that there is some signing of the blocks involved or some checksum or hash implementeted in each section to prevent transmission errors and subsequently writing a faulty firmware image, which in the worst case could corrupt the fwupd mechanism and prevent further fixing of the image
 %