Firmadyne: automated analysis of Linux embedded firmware

FIRMADYNE is an automated and scalable system for performing emulation and dynamic analysis of Linux-based embedded firmware. It includes the following components:

* modified kernels (MIPS: v2.6.32, ARM: v4.1, v3.10) for instrumentation of firmware execution;
* a userspace NVRAM library to emulate a hardware NVRAM peripheral;
* an extractor to extract a filesystem and kernel from downloaded firmware;
* a small console application to spawn an additional shell for debugging;
* and a scraper to download firmware from 42+ different vendors.

We have also written the following three basic automated analyses using the FIRMADYNE system.

* Accessible Webpages: This script iterates through each file within the filesystem of a firmware image that appears to be served by a webserver, and aggregates the results based on whether they appear to required authentication.
* SNMP Information: This script dumps the contents of the public and private SNMP v2c communities to disk using no credentials.
* Vulnerability Check: This script tests for the presence of 74 vulnerabilities using exploits from Metasploit and other sources.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s