FACT_core v3.2 releases: Firmware Analysis and Comparison Tool
The Firmware Analysis and Comparison Tool (FACT)
Firmware analysis is a tough challenge with a lot of tasks. Many of these tasks can be automated (either with new approaches or incorporation of existing tools) so that a security analyst can focus on his main task: Analyzing the firmware (and finding vulnerabilities). FACT implements this automation leading to more complete analysis as well as a massive speedup in vulnerability hunting.
Unpacking of a firmware image can be very time-consuming. At first, you have to identify the container format. Afterward, you need to find an appropriate unpacker. If no unpacker is available you might try a file carver like binwalk to extract at least some of the firmware components. When you finished this task you must re-do these tasks for each layer multiple times. FACT automates the whole process.
The next challenge is to find out as much about the firmware as possible to identify potential risks and vulnerabilities. A few of these challenges solved by FACT are listed below:
- Software identification
- Which OS is used?
- Which programs are present?
- Which versions are used?
- Which services are started on boot?
- Are there any well-known vulnerabilities in these?
- Find user credentials
- Crypto material detection
- private keys
- CPU architecture (needed for emulation and disassembling)
The Firmware Analysis and Comparison Tool (formerly known as Fraunhofer’s Firmware Analysis Framework (FAF)) is intended to automate most of the firmware analysis process. It unpacks arbitrary firmware files and processes several analysis. Additionally, it can compare several images or single files.
Thereby unpacking, analysis and compares are based on plug-ins guaranteeing maximal flexibility and expandability.
- New or Improved Analysis
- New plugin to highlight most relevant uris, such as cloud endpoints.
- Extended exploit mitigation detection.
- Improved script language detection for source code analysis.
- Added detection of encrypted private keys.
- Added support for mosquitto password style.
- Improved cwe_checker integration.
- Added graph mapping of dependencies between binaries and libraries in a firmware.
- Added fedora support and prepared for RHEL and Cent support.
- Added Mint 20 support.
- Warning: Removed support for python 3.5 and Ubuntu 16.04 as planned.
- Integrated sphinx documentation for library-like helperFunctions module.
- Statistics page now largely uses pie charts instead of bars.
- Added rest endpoint for statistics.
- Currently analyzed firmware now listed with a progress bar on system page.
- Structural changes regarding the “virtual file path” (Warning: Changes in custom plugins may be necessary).
- Failed analyses are now listed on the /admin/missing_analyses view.
- Started adding tooltips to statistics page.
- Added feeback modal to UI – with links to multiple feedback options.
- Removed legacy changes to local environment.
- Added multiple configuration options for better customization.
- Optimized performance and data storage.
- Bug fixes.
Copyright (C) 2015-2019 Fraunhofer FKIE