Workshop Title:

Enter FACT: Boost your firmware security analysis with automation, visualization, and cross referencing

Abstract:

Firmware analysis involves multiple tedious, repetitive and time consuming tasks that can be automated. FACT combines these automations into an easy to use, accessible tool. The analysis results are presented in a comprehensible fashion. Thus the analysis is usable by beginners, senior analysts, and executive level personal.

This workshop gives an introduction to FACT by live demonstrating its analysis capabilities. We explain the typical workflow in a couple of case studies. After this introduction, we host a small CTF-like Easter egg hunt. This will allow attendees to use FACT for hands-on firmware analysis. During these exercises, additional in-depth information regarding the different analysis options will be provided as necessary.

• extraction of arbitrary firmware images
• detection of utilized software components and libraries
• detection of weak implementations (CWEs)
• feed & signature based detection of vulnerabilities
• basic static behavioral analysis
• comparison (diff) of different firmware versions
• multiple other things

** To participate in the exercises: bring your laptop or tablet. FACT will be provided through Wi-Fi. **

Speaker Bio:

Johannes vom Dorp is researcher at Fraunhofer FKIE and part of the applied system security group. He works on security analysis focusing on firmware and hardware security. Since 2015 he is core developer of FACT as well.

Peter Weidenbach is a computer security researcher and currently head of the applied system security group of Fraunhofer FKIE. He graduated in Computer Science at the University of Bonn in 2013. Since then, he works for Fraunhofer FKIE as security researcher. In 2015 he created FACT and has since been core developer.