“…The results of both are consistent in terms of the number of 'BL' instructions and the corresponding addresses. With the addresses obtained of all 'BL' instructions, combined with professional reverse engineering tools (e.g., IDA Pro or Ghidra [14] ), it is convenient to reverse engineer all the library functions invoked within the firmware. By doing so, attackers can more quickly locate the related function instructions or critical data that can be exploited for attacks.…”