{"id":13699202,"url":"https://github.com/attify/firmware-analysis-toolkit","last_synced_at":"2025-05-15T16:09:03.968Z","repository":{"id":38711522,"uuid":"71746038","full_name":"attify/firmware-analysis-toolkit","owner":"attify","description":"Toolkit to emulate firmware and analyse it for security vulnerabilities ","archived":false,"fork":false,"pushed_at":"2024-09-16T17:58:06.000Z","size":46,"stargazers_count":1417,"open_issues_count":50,"forks_count":270,"subscribers_count":54,"default_branch":"master","last_synced_at":"2025-04-11T23:05:45.743Z","etag":null,"topics":["binary-analysis","firmware","firmware-analysis","firmware-security","firmware-tools","iot","iot-security","iot-security-tools","reverse-engineering","security","vulnerability-scanner"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/attify.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-10-24T02:50:15.000Z","updated_at":"2025-04-09T05:16:02.000Z","dependencies_parsed_at":"2024-10-01T01:41:17.899Z","dependency_job_id":null,"html_url":"https://github.com/attify/firmware-analysis-toolkit","commit_stats":{"total_commits":47,"total_committers":7,"mean_commits":6.714285714285714,"dds":"0.36170212765957444","last_synced_commit":"b6288b8f1183ef16b743d46247eff14733ee2105"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/attify%2Ffirmware-analysis-toolkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/attify%2Ffirmware-analysis-toolkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/attify%2Ffirmware-analysis-toolkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/attify%2Ffirmware-analysis-toolkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/attify","download_url":"https://codeload.github.com/attify/firmware-analysis-toolkit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254374483,"owners_count":22060612,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-analysis","firmware","firmware-analysis","firmware-security","firmware-tools","iot","iot-security","iot-security-tools","reverse-engineering","security","vulnerability-scanner"],"created_at":"2024-08-02T20:00:19.891Z","updated_at":"2025-05-15T16:09:03.927Z","avatar_url":"https://github.com/attify.png","language":"Python","funding_links":[],"categories":["Python","Firmware Tools, Libraries, and Frameworks","Python (1887)","Tools","Software Tools"],"sub_categories":["Hardware Tools","Firmware Malware Analysis"],"readme":"# Firmware Analysis Toolkit \n\nFAT is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware. This is also used in the \"*[Offensive IoT Exploitation](https://www.attify-store.com/collections/training/products/offensive-iot-exploitation)*\" training conducted by [Attify](https://attify.com). \n\n[![](https://i.ibb.co/zP9htYK/offensive-iot-exploitation-attify-embedded-hacking.png)](https://www.attify-store.com/collections/training/products/offensive-iot-exploitation)\n\n**Note:**\n\n+ As of now, it is simply a script to automate **[Firmadyne](https://github.com/firmadyne/firmadyne)** which is a tool used for firmware emulation. In case of any issues with the actual emulation, please post your issues in the [firmadyne issues](https://github.com/firmadyne/firmadyne/issues).  \n\n+ In case you are facing issues, you can try [AttifyOS](https://github.com/adi0x90/attifyos) which has Firmware analysis toolkit and other tools pre-installed and ready to use.\n\n---\n\nFirmware Analysis Toolkit (FAT henceforth) is based on Firmadyne with some changes. Firmadyne uses a PostgreSQL database to store information about the emulated images. However just for the core functionality i.e. emulating firmware, PostgreSQL is not really needed. Hence FAT doesn't use it.\n\n## Setup instructions \n\nFAT is developed in Python 3. However you need to have both Python 3 and Python 2 installed since parts of Firmadyne and its dependencies use Python 2. It's highly recommended to install FAT inside a Virtual Machine.\n\nTo install just clone the repository and run the script `./setup.sh`.\n\n```\ngit clone https://github.com/attify/firmware-analysis-toolkit\ncd firmware-analysis-toolkit\n./setup.sh\n```\n\nAfter installation is completed, edit the file `fat.config` and provide the sudo password as shown below. Firmadyne requires sudo privileges for some of its operations. The sudo password is provided to automate the process.\n\n```\n[DEFAULT]\nsudo_password=attify123\nfirmadyne_path=/home/attify/firmadyne\n```\n\n## Running FAT \n\n```\n$ ./fat.py \u003cfirmware file\u003e\n```\n\n+ Provide the firmware filename as an argument to the script.\n\n+ The script would display the IP addresses assigned to the created network interfaces. Note it down.\n\n+ Finally, it will say that running the firmware. Hit ENTER and wait until the firmware boots up. Ping the IP which was shown in the previous step, or open in the browser. \n\n***Congrats! The firmware is finally emulated.***\n\nTo remove all analyzed firmware images, run\n\n```\n$ ./reset.py\n```\n\n## Example 1\n\n```\n$ ./fat.py DIR-601_REVB_FIRMWARE_2.01.BIN \n\n                               __           _   \n                              / _|         | |  \n                             | |_    __ _  | |_ \n                             |  _|  / _` | | __|\n                             | |   | (_| | | |_ \n                             |_|    \\__,_|  \\__|                    \n                    \n                Welcome to the Firmware Analysis Toolkit - v0.3\n    Offensive IoT Exploitation Training http://bit.do/offensiveiotexploitation\n                  By Attify - https://attify.com  | @attifyme\n    \n[+] Firmware: DIR-601_REVB_FIRMWARE_2.01.BIN\n[+] Extracting the firmware...\n[+] Image ID: 1\n[+] Identifying architecture...\n[+] Architecture: mipseb\n[+] Building QEMU disk image...\n[+] Setting up the network connection, please standby...\n[+] Network interfaces: [('br0', '192.168.0.1')]\n[+] All set! Press ENTER to run the firmware...\n[+] When running, press Ctrl + A X to terminate qemu\n```\n\n**Asciicast**\n\n[![asciicast](https://asciinema.org/a/5VryIC2ec1j9SEIfGQ0qAWjoH.svg)](https://asciinema.org/a/5VryIC2ec1j9SEIfGQ0qAWjoH)\n\n## Example 2\n\n```\n$ ./fat.py DIR890A1_FW103b07.bin --qemu 2.5.0\n\n                               __           _\n                              / _|         | |\n                             | |_    __ _  | |_\n                             |  _|  / _` | | __|\n                             | |   | (_| | | |_\n                             |_|    \\__,_|  \\__|\n\n                Welcome to the Firmware Analysis Toolkit - v0.3\n    Offensive IoT Exploitation Training http://bit.do/offensiveiotexploitation\n                  By Attify - https://attify.com  | @attifyme\n\n[+] Firmware: DIR890A1_FW103b07.bin\n[+] Extracting the firmware...\n[+] Image ID: 2\n[+] Identifying architecture...\n[+] Architecture: armel\n[+] Building QEMU disk image...\n[+] Setting up the network connection, please standby...\n[+] Network interfaces: [('br0', '192.168.0.1'), ('br1', '192.168.7.1')]\n[+] Using qemu-system-arm from /home/attify/firmware-analysis-toolkit/qemu-builds/2.5.0\n[+] All set! Press ENTER to run the firmware...\n[+] When running, press Ctrl + A X to terminate qemu\n\n```\n## Additional Notes\n\n- As of now, the [ARM firmadyne kernel](https://github.com/firmadyne/kernel-v4.1) doesn't work with the latest version of Qemu (2.11.1) available on the Ubuntu 18.04 official repository. However, Qemu (2.5.0) on Ubuntu 16.04 does work. Alternatively you can also use the bundled Qemu (2.5.0) provided with firmadyne as shown in example 2.\n\n- If no network interfaces are detected, try increasing the timeout value from 60 in `scripts/inferNetwork.sh` as shown below\n    ```\n    echo \"Running firmware ${IID}: terminating after 60 secs...\"\n    timeout --preserve-status --signal SIGINT 60 \"${SCRIPT_DIR}/run.${ARCH}.sh\" \"${IID}\"\n    ```\n\n## Known Issues\n\n- ~~FAT does not work on Ubuntu 20.04. The main reason behind this is some dependencies of Firmadyne (especially binwalk) require Python 2. Unless this is fixed upstream, stick to Ubuntu 18.04 or lower.~~ \nUbuntu 20.04 **is now supported**. The current version of FAT patches the binwalk installation script to workaround the issue.\n\n## Building static Qemu\n\nThe repository already includes a static builds of qemu 2.0.0, 2.5.0 \u0026 3.0.0 (in releases) but if you want to build your own follow the steps below.\n\nOn a clean **Ubuntu 16.04** VM run. (It's important to use 16.04, later versions have issues with static compilation).\n\n### Qemu 2.0.0\n\n```sh\nsudo apt update \u0026\u0026 sudo apt build-dep qemu -y\nwget https://download.qemu.org/qemu-2.0.0.tar.bz2\ntar xf qemu-2.0.0.tar.bz2\nmkdir qemu-2.0.0-build\ncd qemu-2.0.0\n./configure --prefix=$(realpath ../qemu-2.0.0-build) --static --target-list=arm-softmmu,mips-softmmu,mipsel-softmmu --disable-smartcard-nss --disable-spice --disable-libusb --disable-usb-redir\nmake\nmake install\n```\nThe compiled binaries can be found in `qemu-2.0.0-build` directory.\n\n### Qemu 2.5.0\n\n```sh\nsudo apt update \u0026\u0026 sudo apt build-dep qemu -y\nwget https://download.qemu.org/qemu-2.5.0.tar.bz2\ntar xf qemu-2.5.0.tar.bz2\nmkdir qemu-2.5.0-build\ncd qemu-2.5.0\n./configure --prefix=$(realpath ../qemu-2.5.0-build) --static --target-list=arm-softmmu,mips-softmmu,mipsel-softmmu --disable-smartcard --disable-libusb --disable-usb-redir\nmake \nmake install\n```\nThe compiled binaries can be found in `qemu-2.5.0-build` directory.\n\n### Qemu 3.0.0\n\n```sh\nsudo apt update \u0026\u0026 sudo apt build-dep qemu -y\nwget https://download.qemu.org/qemu-3.0.0.tar.bz2\ntar xf qemu-3.0.0.tar.bz2\nmkdir qemu-3.0.0-build\ncd qemu-3.0.0\n./configure --prefix=$(realpath ../qemu-3.0.0-build) --static --target-list=arm-softmmu,mips-softmmu,mipsel-softmmu --disable-smartcard --disable-libusb --disable-usb-redir\nmake \nmake install\n```\nThe compiled binaries can be found in `qemu-3.0.0-build` directory.\n\n\nNote: It should also be possible to compile qemu statically on an alpine system but this hasn't been tested. In general compiling on alpine is preferred to Ubuntu as the former comes with musl libc which is better at static linkage than glibc on Ubuntu.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fattify%2Ffirmware-analysis-toolkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fattify%2Ffirmware-analysis-toolkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fattify%2Ffirmware-analysis-toolkit/lists"}