FACT_core v4.1.1 releases: Firmware Analysis and Comparison Tool
The Firmware Analysis and Comparison Tool (FACT)
Firmware analysis is a tough challenge with a lot of tasks. Many of these tasks can be automated (either with new approaches or incorporation of existing tools) so that a security analyst can focus on his main task: Analyzing the firmware (and finding vulnerabilities). FACT implements this automation leading to more complete analysis as well as a massive speedup in vulnerability hunting.
Unpacking of a firmware image can be very time-consuming. At first, you have to identify the container format. Afterward, you need to find an appropriate unpacker. If no unpacker is available you might try a file carver like binwalk to extract at least some of the firmware components. When you finished this task you must re-do these tasks for each layer multiple times. FACT automates the whole process.
The next challenge is to find out as much about the firmware as possible to identify potential risks and vulnerabilities. A few of these challenges solved by FACT are listed below:
- Software identification
- Which OS is used?
- Which programs are present?
- Which versions are used?
- Which services are started on boot?
- Are there any well-known vulnerabilities in these?
- Find user credentials
- Crypto material detection
- private keys
- CPU architecture (needed for emulation and disassembling)
The Firmware Analysis and Comparison Tool (formerly known as Fraunhofer’s Firmware Analysis Framework (FAF)) is intended to automate most of the firmware analysis process. It unpacks arbitrary firmware files and processes several analysis. Additionally, it can compare several images or single files.
Thereby unpacking, analysis and compares are based on plug-ins guaranteeing maximal flexibility and expandability.
- Backport of several bug fixes from 4.2-dev
- fixed several installation bugs
- fixed extractor connection / retry bugs
- fixed YARA rule metadata parsing bugs
- fixed file download bug
- fixed bugs in “software_components” plugin
- Backport of Debian 12 support, other OS updates and CI changes
Copyright (C) 2015-2019 Fraunhofer FKIE