IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS...
Transcript of IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS...
![Page 1: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/1.jpg)
© Fraunhofer
IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT
Johannes vom Dorp
Seite 1
@FAandCTool
@jovomdorp
![Page 2: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/2.jpg)
© Fraunhofer
Seite 2
“Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs”
ZDNet; 2018-10-09
“Surveillance camera compromised in 98 seconds”
The Register; 2016-11-18
![Page 3: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/3.jpg)
© Fraunhofer
AGENDA
Seite 3
![Page 4: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/4.jpg)
© Fraunhofer
About SpeakerWho am I?
Graduated 2016 as M.Sc. in Computer Science
Currently research assistance at Fraunhofer FKIE in Bonn, Germany
Started doing hardware related work in 2015
Also in 2015 wrote first LOCs for FACT (formerly FAF)
Seite 4
![Page 5: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/5.jpg)
© Fraunhofer
MotivationWhy am I here?
For the french wine obviously
Spread the word
FACT was open sourced in 2017 after 2 years development
Tool presentations at hardwear.io in 2017, BlackHat Asia & Europe in 2018
Currently at 262 Stars on GitHub
Theres room to grow
Interact with community to get feedback / improve on use cases
Has someone used it?
What would you want to do with it?
Is it important to have a christmas theme to use in december?
Seite 5
![Page 6: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/6.jpg)
© Fraunhofer
About FACTWhy should you care?
Seite 6
I
Unpacking
Typical firmware analysis process
![Page 7: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/7.jpg)
© Fraunhofer
About FACTWhy should you care?
Seite 7
I
Unpacking
II
Tool-basedinformationgathering
Typical firmware analysis process
![Page 8: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/8.jpg)
© Fraunhofer
About FACTWhy should you care?
Seite 8
I
Unpacking
II
Tool-basedinformationgathering
III
Identifyingobvious
weaknesses
Typical firmware analysis process
![Page 9: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/9.jpg)
© Fraunhofer
About FACTWhy should you care?
Seite 9
I
Unpacking
II
Tool-basedinformationgathering
III
Identifyingobvious
weaknesses
IV
Reverse Engineering
Typical firmware analysis process
![Page 10: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/10.jpg)
© Fraunhofer
About FACTWhy should you care?
Seite 10
I
Unpacking
II
Tool-basedinformationgathering
III
Identifyingobvious
weaknesses
IV
Reverse Engineering
Firmware analysis process with FACT
![Page 11: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/11.jpg)
© Fraunhofer
About FACTWhy should you care?
Seite 11
Firmware Analysis and Comparison Tool
![Page 12: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/12.jpg)
© Fraunhofer
About FACTWhy should you care?
Idea (2015)
„Can we improve on binwalk?“
Automate as much of analysis process as possible
Make tool as extendable as possible
Where are we today?
Still using binwalk for a lot of stuff
FACT slots in right beside and covers different use cases
Seite 12
![Page 13: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/13.jpg)
© Fraunhofer
About FACTWhy should you care?
Whats unique about FACT
Combines various unpacking tools (sort of unique)
Runs analysis in automated and in parallel (sort of unique)
Visualize Results both as Summary for firmware and seperate / detailed for each part (prettyunique)
Easily extendable with simple plugin system (pretty unique)
Store analysis results for (super unique)
Comparison
Statistic generation
Seite 13
![Page 14: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/14.jpg)
© Fraunhofer
Live Case Study D-LinkWant an example?
Seite 14
![Page 15: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/15.jpg)
© Fraunhofer
FACT applicationHow can you benefit?
Seite 15
![Page 16: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/16.jpg)
© Fraunhofer
FACT applicationHow can you benefit?
Hacker, Security Professional
What‘s in my
Home router
Pentesting target
…
Seite 16
![Page 17: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/17.jpg)
© Fraunhofer
FACT applicationHow can you benefit?
Hardware / Firmware Engineer
What can I learn about
Third party hardware / code
Components of other departments
Reuse of code base
Seite 17
![Page 18: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/18.jpg)
© Fraunhofer
FACT applicationHow can you benefit?
Security Officer
What patchlevel do my assets have?
Is there vulnerable software in my assets?
Generate Statistics / Graphs for Management
Seite 18
![Page 19: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/19.jpg)
© Fraunhofer
FACT applicationHow can you benefit?
Researcher
Develop new analysis / algorithm as pluginto scale evaluation
Generate large information corpus andproduce statistics for it
Seite 19
![Page 20: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/20.jpg)
© Fraunhofer
FACT applicationHow can you benefit?
Seite 20
![Page 21: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/21.jpg)
© Fraunhofer
Thanks and Q & ADo you have questions?
Key Takeaways
Check [FACT] out, you might just improve some of your processes
Automated simple – and some advanced – repetative tasks
Gain a better understanding of Firmware through comparison and cross reference
Seite 21
Thanks for your attention !!Don‘t spare the hard hitting questions
@FAandCTool
@jovomdorp
![Page 22: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/22.jpg)
© Fraunhofer
About FACTWhy should you care?
FACT architecture
Multilayered automated extraction
Purpose-driven analysis scheduling
Storage for querying, visualization
Seite 22
![Page 23: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/23.jpg)
© Fraunhofer
About FACTWhy should you care?
Some useful analysis plugins
Linux-style FW
elf analysis (behavior tagging)
exploit mitigations (nx, canary, relro etc.)
cwe checker
source code analysis
Arbitrary FW
binwalk (yes, that binwalk)
crypto material
software components
(known vulnerabilities)
Seite 23
![Page 24: IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS … · IMPROVING YOUR FIRMWARE SECURITY ANALYSIS PROCESS WITH FACT Johannes vom Dorp Seite 1 @FAandCTool ... Pentesting target ...](https://reader033.fdocuments.us/reader033/viewer/2022053010/5f0d51077e708231d439bec4/html5/thumbnails/24.jpg)
© Fraunhofer
About FACTWhy should you care?
Interfacing
Web UI
(Mostly) intuitive click-and-see interface
Full functionality exposed
Use for analysis, monitoring, querying, statistics
REST API
Most functionality exposed
Use for automation, repetitive tasks, integration
Seite 24
https://localhost/about