All Projects → pr0v3rbs → Firmae

pr0v3rbs / Firmae

Licence: mit
Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Firmae

FirmWire
FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares
Stars: ✭ 555 (+509.89%)
Mutual labels:  emulation, fuzzing
Samsung Trustzone Research
Reverse-engineering tools and exploits for Samsung's implementation of TrustZone
Stars: ✭ 85 (-6.59%)
Mutual labels:  emulation, fuzzing
smram parse
System Management RAM analysis tool
Stars: ✭ 50 (-45.05%)
Mutual labels:  analysis, firmware
Kafl
A fuzzer for full VM kernel/driver targets
Stars: ✭ 204 (+124.18%)
Mutual labels:  firmware, fuzzing
fuzzware
Fuzzware's main repository. Start here to install.
Stars: ✭ 132 (+45.05%)
Mutual labels:  firmware, fuzzing
Retroesp32
Retro ESP32 is a turbo charged Odroid Go Launcher, Emulator and ROM Manager
Stars: ✭ 313 (+243.96%)
Mutual labels:  firmware, emulation
Binee
Binee: binary emulation environment
Stars: ✭ 408 (+348.35%)
Mutual labels:  analysis, emulation
Php Malware Analysis
Deobfuscation and analysis of PHP malware captured by a WordPress honey pot
Stars: ✭ 82 (-9.89%)
Mutual labels:  analysis
Dpsmate
A wow 1.12.1 combat analyzation tool
Stars: ✭ 85 (-6.59%)
Mutual labels:  analysis
Fuzzan
FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
Stars: ✭ 81 (-10.99%)
Mutual labels:  fuzzing
Test Each
🤖 Repeat tests. Repeat tests. Repeat tests.
Stars: ✭ 89 (-2.2%)
Mutual labels:  fuzzing
Firmware
Armbian firmware
Stars: ✭ 85 (-6.59%)
Mutual labels:  firmware
Archeap
ArcHeap: Automatic Techniques to Systematically Discover New Heap Exploitation Primitives
Stars: ✭ 80 (-12.09%)
Mutual labels:  fuzzing
Op Build
Buildroot overlay for Open Power
Stars: ✭ 82 (-9.89%)
Mutual labels:  firmware
Skiboot
OPAL boot and runtime firmware for POWER
Stars: ✭ 85 (-6.59%)
Mutual labels:  firmware
Emane
Distributed wireless network emulation framework
Stars: ✭ 80 (-12.09%)
Mutual labels:  emulation
Br Hisicam
*WIP* Buildroot based sample firmware with embedded GoHisiCam for HiSilicon`s System-On-a-Chip ip cameras
Stars: ✭ 89 (-2.2%)
Mutual labels:  firmware
Ioskextdump
Dump Kext information from iOS kernel cache. Applicable to the kernel which dump from memory
Stars: ✭ 80 (-12.09%)
Mutual labels:  analysis
Stringlifier
Stringlifier is on Opensource ML Library for detecting random strings in raw text. It can be used in sanitising logs, detecting accidentally exposed credentials and as a pre-processing step in unsupervised ML-based analysis of application text data.
Stars: ✭ 85 (-6.59%)
Mutual labels:  analysis
Ble Security Attack Defence
✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
Stars: ✭ 88 (-3.3%)
Mutual labels:  fuzzing

FirmAE

FirmAE is a fully-automated framework that performs emulation and vulnerability analysis. FirmAE significantly increases the emulation success rate (From Firmadyne's 16.28% to 79.36%) with five arbitration techniques. We tested FirmAE on 1,124 wireless-router and IP-camera firmware images from top eight vendors.

We also developed a dynamic analysis tool for 0-day discovery, which infers web service information based on the filesystem and kernel logs of target firmware. By running our tool on the succesfully emulation firmware images, we discovered 12 new 0-days which affect 23 devices.

Installation

Note that we tested FirmAE on Ubuntu 18.04.

  1. Clone FirmAE
$ git clone --recursive https://github.com/pr0v3rbs/FirmAE
  1. Run download.sh script.
$ ./download.sh
  1. Run install.sh script.
$ ./install.sh

Usage

  1. Run init.sh script.
$ ./init.sh
  1. Prepare a firmware.
$ wget ftp://ftp.dlink.eu/Products/dir/dir-868l/driver_software/DIR-868L_fw_revB_2-05b02_eu_multi_20161117.zip
  1. Check emulation
$ sudo ./run.sh -c <brand> <firmware>
  1. Run analysis
$ sudo ./run.sh -a <brand> <firmware>

Debug

After a firmware image successfully emulated.

$ sudo ./run.sh -d <brand> <firmware>

Turn on/off arbitration

Check the five arbitrations environment variable in the firmae.config

$ head firmae.config
#!/bin/sh

FIRMAE_BOOT=true
FIRMAE_NETWORK=true
FIRMAE_NVRAM=true
FIRMAE_KERNEL=true
FIRMAE_ETC=true

if (${FIRMAE_ETC}); then
  TIMEOUT=240

Docker

First, prepare a docker image.

$ sudo ./docker-init.sh

Parallel mode

Then, run one of the below commands. -ec checks only the emulation, and -ea checks the emulation and analyzes vulnerabilities.

$ sudo ./docker-helper.py -ec <brand> <firmware>
$ sudo ./docker-helper.py -ea <brand> <firmware>

Debug mode

After a firmware image successfully emulated.

$ sudo ./docker-helper.py -ed <firmware>

Dataset

Google drive - download

CVEs

Authors

This research project has been conducted by SysSec Lab at KAIST.

Citation

We would appreciate if you consider citing our paper when using FirmAE.

@inproceedings{kim:2020:firmae,
  author = {Mingeun Kim and Dongkwan Kim and Eunsoo Kim and Suryeon Kim and Yeongjin Jang and Yongdae Kim},
  title = {{FirmAE}: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis},
  booktitle = {Annual Computer Security Applications Conference (ACSAC)},
  year = 2020,
  month = dec,
  address = {Online}
}
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].