Hackers of India

Firmware Analysis Toolkit (FAT)

 Aditya Gupta 

2016/11/04

Abstract

There exists a number of tools in today’s security industry which offers static and dynamic analysis of software binaries and mobile applications. However, there is no such toolkit, which helps an embedded or IoT security researcher to analyse firmwares in an in-depth level. FAT or Firmware Analysis Toolkit is a scriptable toolkit suite is a part of Attify’s internal pentesting suite which has helped us reduce a significant number of man hours put into firmware analysis in our IoT and smart devices pentest engagements. It comes with an easy to use API which can then be used in additional analysis, as well as for research purposes. It is a toolkit suite which performs static and dynamic analysis of firmwares, also enabling the user to emulate the firmware and having a live firmware device as if a real physical device was sitting on the network. This has been done by taking advantage of Qemu emulation and static vulnerability identification techniques. Below are some of the capabilities of the toolkit : Full emulation of the firmware along with networking Dynamic traffic analysis Static vulnerability identification Integration with tools such as nmap and metasploit for additional assessment and exploitation

By Black Hat EU, there might be more features added to the list which I will later on send once they are in a more concrete stage. FAT has been made possible because of the following open source tools listed below, which FAT leverages at various stages:

Binwalk Firmware Modification Kit
Firmadyne
MITMProxy
Nmap
Metasploit
Snmpwalk
Radare2