View on GitHub

FACT - The Firmware Analysis and Comparison Tool

The Firmware Analysis and Comparison Tool (FACT) is intended to automate Firmware Security analysis (Router, IoT, UEFI, Webcams, Drones, …). Thereby it shall be easy to use (web GUI), extend (plug-in system) and integrate (REST API).

FACT Logo

Challenges

Firmware analysis is a tough challenge with a lot of tasks. Many of these tasks can be automated (either with new approaches or incorporation of existing tools) so that a security analyst can focus on his main task: Analyzing the firmware (and finding vulnerabilities). FACT implements this automation leading to more complete analysis as well as a massive speedup in vulnerability hunting (see picture blow).

FACT analysis speedup

Challenge: Firmware Unpacking

Unpacking of a firmware image can be very time consuming. At first you have to identify the container format. Afterwards you need to find an appropriate unpacker. If no unpacker is available you might try a file carver like binwalk to extract at least some of the firmware components. When you finished this task you must re-do these tasks for each layer multiple times. FACT automates the whole process.

Challenge: Initial Firmware Analysis

The next challenge is to find out as much about the firmware as possible to identify potential risks and vulnerabilities. A few of these challenges solved by FACT are listed below:

Challenge: Firmware Comparison

In many cases you might want to compare Firmware samples. For instance, you might want to know if and where a manufacturer fixed an issue in a new firmware version. Or you might want to know if the firmware on your device is the original firmware of provided by the manufacturer. If they differ, you want to know which parts are changed for further investigation. Again FACT is able to automate many of these challenges:

Challenge: Find other affected Firmware Images

If you find a new vulnerability or a new container format, you might want to know if other firmware images share your finding. Therefore, FACT stores all firmware files and analysis results in a searchable database. You can search for byte patterns on all unpacked files as well as any kind of analysis result.

Easy to Install! Easy to Use!

FACT provides an installation script for Ubuntu 16.04 that installs FACT as well as all dependencies automatically. Have a look at the README for more details.
Furthermore, there is a web GUI so that you can start right away without any further knowledge about FACT or the firmware you want to look at.

Easy to Extend! Easy to Integrate!

FACT is based on a plug-in concept. Unpackers are implemented as plug-ins, as well as analysis features and compare functionalities. More details can be found in the Developer’s Manual.
Integration is easy as well since we provide a REST API covering almost all of FACT’s features. More Details can be found in our REST API documentation.

Screenshots

firmware upload software detection malware scanner
binwalk plug-in compare firmware images search for arbitrary binary patterns on all unpacked files
statistics system health monitoring

Contribute

There are many ways to contribute to FACT. For instance, you can write an unpacking, compare or analysis plug-in. You can develop your plug-in in your own repository under your favorite license. It can be added to a local FACT installation as git submodule. Have a look at FACT’s Developer’s Manual for more details. If you developed a plug-in, we would love to hear about it. We are going to provide a list of all available plug-ins. You are welcome to improve the FACT_core as well. Please have a look at our Coding Guidelines before creating a pull request. No matter how you would like to contribute: If you have any question, do not hesitate to ask.

Latest News and Contact

Follow us on Twitter @FAndCTool to get the latest news about FACT.
If you have any further questions, write a mail.

Authors and Acknowledgment

FACT is developed by Fraunhofer FKIE. Development is partly financed by German Federal Office for Information Security (BSI) and others.

The FACT project and the Mallware Analysis and Storage Sytem (MASS) project form a code and plug-in sharing alliance.