FACT_core v3.0 releases: Firmware Analysis and Comparison Tool
The Firmware Analysis and Comparison Tool (FACT)
Firmware analysis is a tough challenge with a lot of tasks. Many of these tasks can be automated (either with new approaches or incorporation of existing tools) so that a security analyst can focus on his main task: Analyzing the firmware (and finding vulnerabilities). FACT implements this automation leading to more complete analysis as well as a massive speedup in vulnerability hunting.
Unpacking of a firmware image can be very time-consuming. At first you have to identify the container format. Afterwards you need to find an appropriate unpacker. If no unpacker is available you might try a file carver like binwalk to extract at least some of the firmware components. When you finished this task you must re-do these tasks for each layer multiple times. FACT automates the whole process.
The next challenge is to find out as much about the firmware as possible to identify potential risks and vulnerabilities. A few of these challenges solved by FACT are listed below:
- Software identification
- Which OS is used?
- Which programs are present?
- Which versions are used?
- Which services are started on boot?
- Are there any well-known vulnerabilities in these?
- Find user credentials
- Crypto material detection
- private keys
- CPU architecture (needed for emulation and disassembling)
The Firmware Analysis and Comparison Tool (formerly known as Fraunhofer’s Firmware Analysis Framework (FAF)) is intended to automate most of the firmware analysis process. It unpacks arbitrary firmware files and processes several analysis. Additionally, it can compare several images or single files.
Thereby unpacking, analysis and compares are based on plug-ins guaranteeing maximal flexibility and expandability.
- New or Improved Analysis
- New “tlsh” analysis plugin for finding similar files accross the database
- Major refactoring of QEMU plugin (improved stability, more feedback)
- Added tlsh to file hashes plugin
- Moved unpacking to standalone project, integrated via docker
- See fact_extractor for added unpack plugins
- Added automatic PDF report generation (stable, template in alpha)
- Added REST endpoint for system monitoring
- Added button to start analysis plugins on single file or firmware objects
- Revised statistics page
- Bug fixes
Copyright (C) 2015-2019 Fraunhofer FKIE