Tools and techniques are described to create a controller wiring board. A user, using a user interface associated with a controller, can determine which devices will be attached to a controller. The features of the devices may be already known by the controller. The controller can change wiring terminal types depending on the requirements of the devices wired to the controllers. In some embodiments, a device is wired to a module associated with the controller. The controller can signal to the module to modify its wiring terminal to match the needs of the device to be wired to that location.

A file vulnerability detection method includes: translating a binary file into an intermediate file; analyzing the intermediate file to obtain multiple functions to be tested; establishing function characteristic data of each of the functions to be tested; and comparing correlations between the function characteristic data of each of the functions to be tested and at least one pair of characteristic data with vulnerability of at least one vulnerability function and characteristic data without vulnerability of the at least one vulnerability function in a vulnerability database based on a characteristic model to determine whether each of the functions to be tested corresponding to each function characteristic data has a vulnerability, wherein the characteristic model has information representing multiple back-end binary files generated by multiple back-end platforms, wherein the characteristic data with vulnerability has the vulnerability, and the characteristic data without vulnerability does not have the vulnerability.

An execution trace of an application program comprises a sequence of ordered programming instructions generated during execution of the application program indicating an execution flow of the application program. The sequence of ordered programming instructions is partitioned into a plurality of linked code segments comprising first and second code segments. The first code segment comprises a terminating programming instruction that terminates the first code segment and links the first code segment to an initial programming instruction of the second code segment. A directed graph representing the execution flow of the application program between the plurality of linked code segments is generated. The directed graph comprises a plurality of linked nodes representing the plurality of linked code segments. The directed graph is output to a graphical user interface (GUI) for display.

Embodiments presented herein describe techniques to track and correct indirect function calls in disassembled object code. Assembly language source code is generated from a binary executable object. The assembly language source code may include indirect function calls. Memory addresses associated with the function calls are identified. A central processing unit (CPU) interrupt instruction is inserted in the disassembled source code at each indirect function call. The disassembled source code is executed. When the interrupt at each indirect function call is triggered, the function name of a function referenced by a register may be determined.

A method includes receiving a subject-matter expert (SME) interpretable model. The method further includes converting, by a processing device, the SME interpretable model into a functional mockup unit (FMU). The method further includes integrating the FMU into a control software project (CSP). The method further includes compiling the CSP into binary code.

A method includes receiving a subject-matter expert (SME) interpretable model. The method further includes converting, by a processing device, the SME interpretable model into a functional mockup unit (FMU). The method further includes integrating the FMU into a control software project (CSP). The method further includes compiling the CSP into binary code.

An application code obfuscating apparatus includes a secret code divider, a secret code caller, a code converter and an obfuscating part. The secret code divider is configured to divide an application code having a first type into a secret code and a normal code. The secret code caller generating part is configured to generate a secret code caller to call the secret code. The code converter is configured to convert the secret code having the first type to a second type. The obfuscating part is configured to generate a first table and a second table. The first table includes an obfuscated signature of the secret code and a first random vector. The second table includes an offset of the secret code which corresponds to the obfuscated signature of the secret code and a second random vector which is liked with the first random vector.

Aspects of the present disclosure relate to threat detection of executable files. A plurality of static data points may be extracted from an executable file without decrypting or unpacking the executable file. The executable file may then be analyzed without decrypting or unpacking the executable file. Analysis of the executable file may comprise applying a classifier to the plurality of extracted static data points. The classifier may be trained from data comprising known malicious executable files, known benign executable files and known unwanted executable files. Based upon analysis of the executable file, a determination can be made as to whether the executable file is harmful.

Methods, systems, apparatuses, and computer-readable storage mediums are described for identifying an origin of a device firmware component. A firmware disassembler is configured to disassemble firmware code obtained from a device, such as a portable electronics device, to generate assembly code. A decompiler is configured to decompile the assembly code to generate source code based on the device firmware. A code neutralizer generates a first neutralized code from the source code. A firmware identifier compares at least a portion of the neutralized code to a code repository to identify an origin of the firmware code. Based at least on the identified origin of the firmware code, a vulnerability determiner determines whether the firmware code contains a vulnerability, such as a security vulnerability that may be exploited.

Methods, systems, apparatuses, and computer-readable storage mediums are described for identifying an origin of a device firmware component. A firmware disassembler is configured to disassemble firmware code obtained from a device, such as a portable electronics device, to generate assembly code. A decompiler is configured to decompile the assembly code to generate source code based on the device firmware. A code neutralizer generates a first neutralized code from the source code. A firmware identifier compares at least a portion of the neutralized code to a code repository to identify an origin of the firmware code. Based at least on the identified origin of the firmware code, a vulnerability determiner determines whether the firmware code contains a vulnerability, such as a security vulnerability that may be exploited.