It is not that easy to reverse engineer closed source firmware and edit the right places on the binary to prevent runtime investigation/detection and reflashing.
If you don’t care about almost undetectable persistence, then yeah you won’t need to bother with LLMs to find the perfect hook point.
I don’t have particular experience with firmware hacking but how would you achieve persistence with just a simple malloc/bad malloc replacement? What if user decides to reflash the ROM during runtime? I imagine persistence would require emulating the entire firmware update process.
In order to emulate the firmware update process, you would need to reverse engineer a large portion of the binary, right? This is where LLMs would be helpful.
> how would you achieve persistence with just a simple malloc/bad malloc replacement
How would you achieve it with the LLM? I’m totally confused what persistent malware had to do with LLMs, unless you’re just saying “LLMs are smart and are a way to automatically do hard things”
That is exactly what I’m saying, a specialised LLM can reverse engineer and analyse the entire firmware / firmware update process faster than a human and thus automatically implement malware for all kinds of devices without access to source code.
Not to be a dick, but I don’t believe you. Show me, if you can.
Edit: if you mean that theoretically this may one day be possible for a LLM to automatically hook functions and introduce persistent malware, then, not being a future teller myself, I would likely agree with you. But that’s not interesting because you can say that about essentially anything.
If you don’t care about almost undetectable persistence, then yeah you won’t need to bother with LLMs to find the perfect hook point.