FACT_core v3.1 releases: Firmware Analysis and Comparison Tool
The Firmware Analysis and Comparison Tool (FACT)
Firmware analysis is a tough challenge with a lot of tasks. Many of these tasks can be automated (either with new approaches or incorporation of existing tools) so that a security analyst can focus on his main task: Analyzing the firmware (and finding vulnerabilities). FACT implements this automation leading to more complete analysis as well as a massive speedup in vulnerability hunting.
Unpacking of a firmware image can be very time-consuming. At first you have to identify the container format. Afterwards you need to find an appropriate unpacker. If no unpacker is available you might try a file carver like binwalk to extract at least some of the firmware components. When you finished this task you must re-do these tasks for each layer multiple times. FACT automates the whole process.
The next challenge is to find out as much about the firmware as possible to identify potential risks and vulnerabilities. A few of these challenges solved by FACT are listed below:
- Software identification
- Which OS is used?
- Which programs are present?
- Which versions are used?
- Which services are started on boot?
- Are there any well-known vulnerabilities in these?
- Find user credentials
- Crypto material detection
- private keys
- CPU architecture (needed for emulation and disassembling)
The Firmware Analysis and Comparison Tool (formerly known as Fraunhofer’s Firmware Analysis Framework (FAF)) is intended to automate most of the firmware analysis process. It unpacks arbitrary firmware files and processes several analysis. Additionally, it can compare several images or single files.
Thereby unpacking, analysis and compares are based on plug-ins guaranteeing maximal flexibility and expandability.
- New or Improved Analysis
- New CVE lookup plug-in to match software to known vulnerabilities
- New plug-in to identify input vectors for executables (e.g. file, network, environment, stdin)
- New software signatures added
- Crypto hints plug-in added
- Warning: Removed Base64 plug-in
- Ubuntu 20.04 (Focal Fossa) support
- Major refactoring of WebUI (Moved from bs3 to bs4)
- Dynamic generation of analysis summary
- Navigation bar restructured
- Added experimental support for multiple Debian and Kali releases as well as Ubuntu 19.04
- Warning: Hex view was removed as planned
- Binary search now supports directly listing parent firmware of matches
- Added endpoint to search for incomplete analyses
- Backend statistics now lists running processes
- Various smaller improvements
- Bug fixes
Copyright (C) 2015-2019 Fraunhofer FKIE