BIO

Caleb Davis is a founding member of SolaSec, a cybersecurity consulting firm specializing in advanced penetration testing for embedded and connected systems. Based in Dallas/Fort Worth, he holds a degree in Electrical Engineering from the University of Texas at Tyler and is a patent-holding expert with vast experience in hardware and firmware security. Caleb leads deep technical assessments across a range of high-impact industries, including medical devices, automotive, industrial control systems, ATMs and financial terminals, aerospace components, and consumer electronics. His work focuses on secure design, trusted boot processes, cryptographic implementations, and threat modeling, helping organizations integrate security throughout the development lifecycle and align with industry and regulatory standards.

ABSTRACT

This talk presents a practical methodology for reverse engineering real-time embedded firmware built on ARM Cortex platforms. Using Ghidra as the primary analysis environment to facilitate collaboration. We will demonstrate how to reconstruct the core layers of an embedded system to gain deep insight into its operation. The Board Support Package (BSP) is mapped using the SVD loader plugin to associate memory-mapped registers with hardware peripherals. The Hardware Abstraction Layer (HAL) is analyzed through custom type recovery and function pattern matching to identify initialization routines and peripheral control logic. At the RTOS level, we apply Ghidra’s BSim plugin to detect task creation, scheduler logic, and inter-process communication constructs used in FreeRTOS and similar kernels. The session equips attendees with a structured approach to reversing embedded C/C++ applications, even when symbols are stripped and source code is unavailable. The goal is to enable firmware analysts, security researchers, and engineers to confidently dissect the layered architecture of constrained, real-time embedded systems.