SensorLoader: Bridging the Gap in Cyber-Physical Reverse Engineering Across Embedded Peripheral Devices

Safety-critical cyber-physical systems, such as autonomous vehicles and medical devices, are often driven by notions of state provided by sensor information translated through embedded firmware. This sensor pipeline is often a fragmented supply chain across vendors, and analyzing the associated security properties entails semantic reverse engineering of third-party software, i.e., mapping low-level software representations to cyber-physical models without access to source code. This mapping is a manual, time-consuming, and error-prone process. This paper introduces SensorLoader, a tool designed to automate mapping sensor semantics across all layers of closed-source software representations. SensorLoader exploits open-source knowledge, potentially derived from structured vendor description files or unstructured vendor datasheets, to extract and infer sensor semantics. We leverage large language models to extract sensor semantics from unstructured sources and map the semantics to memory maps and structures used by the Ghidra reverse engineering framework. We formalize the limitations of this automatic extraction and demonstrate how our approach can streamline the reverse engineering process for embedded systems. Preliminary evaluations suggest that SensorLoader can effectively and scalably aid in identifying vulnerabilities and deviations from expected behaviors, offering a more efficient pathway to secure cyber-physical systems.