tool: Subzero

Teddy Reed, author of UEFI Firmware Parser, and UEFI Spider, also has a related project called Subzero. Excerpting the readme:

The project includes both a web interface and a set of importing and map/reduction scripts used for vulnerability analysis on Firmware Updates (specifically those parsed by uefi-firmware-parser.) The import of firmware is complimented with the descriptions and metadata mined from uefi-spider in JSON form. This web interface will eventually include a submission form used to detect/match unknown updates against the corpus of imported data.

Requirements:
* RethinkDB (python rethinkdb)
* ssdeep (pydeep)
* python-magic
* Ruby/Rails (and the associated gems)
* uefi-spider
* uefi-firmware-parser.

Firmware import: The importing process uses 4 steps, and assumes you have downloaded or crawled firmware update either from vendors or an enterprise: (1) Importing metadata about the updates; (2) Parsing and importing a hierarchy of components within a single firmware update; (3) Comparing product updates and vendor statistics; (4) Scheduling map/reductions to generate statistics on the firmware corpus. Step 2 is quite involved and uses multiple scripts specific to each vendor supported by Subzero. Since each vendor distributes their firmware uniquely, these scripts must preprocess and extract firmware components such as flash descriptors, UEFI Volumes, or other non-monolithic blobs for import. Once this data is isolated Subzero can use specifications and standards (and a lot of python) to parse each subcomponent and store the binary content and hierarchy of relations (a tree).

Features:
* WebUI display of UEFI, Flash, and other firmware formats.
* Graph-views of vendor update frequency, metadata, and firmware changes.
* Vulnerability analysis through a variety of techniques.
* Export and download of firmware components.

Supported Vendors: ASRock, Dell, Gigabyte, Intel, Lenovo, HP, MSI, VMware

https://github.com/theopolis/subzero

https://firmwaresecurity.com/2015/07/15/tool-review-uefi-spider-and-firmware_vault/
https://firmwaresecurity.com/2015/06/25/tool-mini-review-uefi-firmware-parser/

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s