Open Firmware Reverse Analysis Konsole v2.2.1 releases: binary analysis and modification platform

OFRAK

OFRAK (Open Firmware Reverse Analysis Konsole) is a binary analysis and modification platform. OFRAK combines the ability to:

• Identify and Unpack many binary formats
• Analyze unpacked binaries with field-tested reverse engineering tools
• Modify and Repack binaries with powerful patching strategies

OFRAK supports a range of embedded firmware file formats beyond userspace executables, including:

• Compressed filesystems
• Compressed & checksummed firmware
• Bootloaders
• RTOS/OS kernels

OFRAK equips users with:

• A Graphical User Interface (GUI) for interactive exploration and visualization of binaries
• A Python API for readable and reproducible scripts that can be applied to entire classes of binaries, rather than just one specific binary
• Recursive identification, unpacking, and repacking of many file formats, from ELF executables, to filesystem archives, to compressed and checksummed firmware formats
• Built-in, extensible integration with powerful analysis backends (angr, Binary Ninja, Ghidra, IDA Pro)
• Extensibility by design via a common interface to easily write additional OFRAK components and add support for a new file format or binary patching operation

GUI Frontend

The web-based GUI view provides a navigable resource tree. For the selected resource, it also provides metadata, hex or text navigation, and a mini-map sidebar for quickly navigating by entropy, byteclass, or magnitude. The GUI also allows for actions normally available through the Python API like commenting, unpacking, analyzing, modifying, and packing resources.

Changelog v2.2.1

Added

• Add GUI features
  • Keyboard shortcuts (#210)
  • Button to add a tag to a resource (#215)
  • Browser tab title contains current resource caption (#230)
• Add a way to sort and filter by data length or offset (#220)
• Add caption to ElfProgramHeader (#223)
• Add baseline support for running pip-installing ofrak on Windows (#228, #239, #242, #246)

Changed

• Updates to Flash components: (#195)
  • Flash components now support more than one occurrence of the same field type in FlashAttributes.
  • FlashOobResourceUnpacker continues to unpack even if blocks do not perfectly align at end of the FlashOobResource (this is useful for real-world flash dumps).
• Tweak how errors are raised when auto-running components, so the actual root cause is not buried (#219)
• Show mapped resource captions on hover in the hex view (#221)
• Change how resources are stored to making deleting (and thus packing) much faster (#201)
• Use non-blocking asyncio.create_subprocess_exec calls in components (#53)

Fixed

• Fix bug where initially loaded GUI resource has collapsed children (#209)
• Fix bug in GUI where “jump to offset” feature in hex view rounded up instead of down (#243)
• Support more OpenWRT TRX files by making fewer assumptions about the partitions (#216)
• Fix some OS-specific problems (libmagic install, log file path) preventing OFRAK install on Windows (#239)

Install & Use