Johannes vom Dorp
Security Researcher at Fraunhofer FKIE
Automated Unpacking, Analysis and Comparision of Arbitrary Firmware
Images: The Firmware Analysis and Compare Tool (FACT)
We introduce "The Firmware Analysis and Compare Tool" (FACT) a plug-in-based open source solution for automated unpacking, analysis and comparison of arbitrary firmware samples. In contrast to other solutions, FACT is not limited to Linux based firmware or embedded device firmware, but supports UEFI as well as HDD firmware. To be more precise, FACT can handle arbitrary firmware as long as an appropriate unpacking plug-in is available. Thereby, unpacker, analysis capabilities and comparison features can be added with low effort, because of FACT's plug-in concept. Furthermore, it is easy to use, due to its Web-GUI and can be integrated easily by providing a REST-API. Our workshop will focus on the typical problems associated with firmware analysis and how FACT can be used to mitigate some of them.
Topics include analysis of firmware container formats and some advances in automated analysis techniques. A series of analysis results and live analysis will be shown to demonstrate the capabilities of FACT. To support the notion of easy extensibility, some code snippets will be shown to give an idea how a simple unpack plug-in can be integrated into FACT.
Johannes vom Dorp is a computer security researcher in the area of firmware security at Fraunhofer FKIE. He graduated in Computer Science at the University of Bonn in 2016. After already working there as a student he joined Fraunhofer FKIE as a research assistant after the completion of his master thesis.