LAUSR

In recent years, code-reuse attacks have been used to exploit software vulnerabilities and gain control of numerous software programs and embedded devices. Several measures have been put in place to prevent this type of attack, such as Control-Flow Integrity (CFI) systems, and some of these systems have already been integrated into hardware. Nevertheless, Function-Oriented Programming (FOP) attacks, a form of code-reuse that chains functions to carry out malicious actions, continue to persist. In this work, we present the first analysis of the implications and feasibility of FOP attacks on microcontrollers, focusing on ARM Cortex-M processors that support PACBTI, that is, a hardware feature designed for CFI system implementation. During this process, we identified multiple dispatch gadgets in two common Real-time Operating System (RTOS). Since these gadgets reside within core OS functionalities, they are inherently included in a broad range of embedded operating systems. Furthermore, we also present CortexMFopper - a tool specially built to identify FOP gadgets in embedded devices and to raise awareness of this technique.