{"id":19235609,"url":"https://github.com/vu1nt0tal/firmeye","last_synced_at":"2025-05-05T22:14:51.803Z","repository":{"id":38400800,"uuid":"327556481","full_name":"Vu1nT0tal/firmeye","owner":"Vu1nT0tal","description":"IoT固件漏洞挖掘工具","archived":false,"fork":false,"pushed_at":"2022-11-11T13:14:58.000Z","size":776,"stargazers_count":242,"open_issues_count":0,"forks_count":36,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-05-05T22:14:45.132Z","etag":null,"topics":["ida","iot","vulnerability"],"latest_commit_sha":null,"homepage":"https://vulntotal-team.github.io/firmeye/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Vu1nT0tal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-01-07T08:58:53.000Z","updated_at":"2025-05-03T07:28:44.000Z","dependencies_parsed_at":"2022-08-26T08:31:49.941Z","dependency_job_id":null,"html_url":"https://github.com/Vu1nT0tal/firmeye","commit_stats":null,"previous_names":["vu1nt0tal/firmeye","vulntotal-team/firmeye"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vu1nT0tal%2Ffirmeye","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vu1nT0tal%2Ffirmeye/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vu1nT0tal%2Ffirmeye/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vu1nT0tal%2Ffirmeye/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Vu1nT0tal","download_url":"https://codeload.github.com/Vu1nT0tal/firmeye/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252584332,"owners_count":21771945,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ida","iot","vulnerability"],"created_at":"2024-11-09T16:17:33.778Z","updated_at":"2025-05-05T22:14:51.782Z","avatar_url":"https://github.com/Vu1nT0tal.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# firmeye - IoT固件漏洞挖掘工具\n\nfirmeye 是一个 IDA 插件，基于敏感函数参数回溯来辅助漏洞挖掘。我们知道，在固件漏洞挖掘中，从敏感/危险函数出发，寻找其参数来源，是一种很有效的漏洞挖掘方法，但程序中调用敏感函数的地方非常多，人工分析耗时费力，通过该插件，可以帮助排除大部分的安全调用，从而提高效率。\n\n- 漏洞类型支持：缓冲区溢出、命令执行、格式化字符串\n- 架构支持：ARM\n\n分享：[slides](./firmeye.pdf)\n\n## 安装\n\n该插件运行环境要求 IDA Pro 7.5，Python3。\n\n1. 下载本项目：`https://github.com/firmianay/firmeye.git`。\n2. 安装依赖：`pip install -r requirements.txt`。\n3. 将 `firmeye` 和 `firmeye.py` 复制到 IDA Pro 插件目录下，例如 `C:\\Program Files\\IDA Pro 7.5\\plugins`。\n4. 打开 IDA Pro 并加载待分析固件程序。\n5. `Ctrl+F1` 查看插件使用帮助。热键：\n    - `Ctrl+Shift+s`：主菜单\n    - `Ctrl+Shift+d`：启动/禁用调试钩子\n    - `Ctrl+Shift+c`：扫描代码模式（TODO）\n    - `Ctrl+Shift+x`：逆向辅助工具\n    - `Ctrl+Shift+q`：功能测试\n\n## 使用方法\n\n### 静态分析功能\n\n敏感函数被分为 5 类：printf、strcpy、memcpy、scanf、system。分别对应各自的漏洞类型和检测规则。\n\n### 动态调试功能\n\n对静态分析得到的可疑地址下断点，并在调试时动态处理断点事件，获得参数、返回值等上下文信息。\n\n## 命令行工具\n\n利用 [idahunt](idahttps://github.com/nccgroup/idahunt) 可以让插件自动化批量运行，使用方法如下：\n\n```sh\n$ python3 idahunt.py --inputdir C:\\xxxx --analyse --filter \"names.py -a 32 -v\"                      # 生成IDB\n$ python3 idahunt.py --inputdir C:\\xxxx --cleanup                                                   # 清理临时文件\n$ python3 idahunt.py --inputdir C:\\xxxx --filter \"names.py -a 32 -v\" --scripts \"firmeye_cli.py\"     # 运行脚本\n```\n\n## 改进方向\n\n该插件目前还非常不完善，下面是一些改进方向，欢迎讨论和 PR。\n\n- 完善参数回溯逻辑，支持更复杂的指令语义识别\n- 支持函数间分析\n- 完善漏洞判断逻辑，降低误报率\n- 加入动态污点分析作为辅助\n- 支持更多体系架构，如 x86、MIPS 等\n\n## 关注我们\n\n[VulnTotal安全](https://github.com/VulnTotal-Team)致力于分享高质量原创文章和开源工具，包括物联网/汽车安全、移动安全、网络攻防等。\n\nGNU General Public License v3.0\n\n[![Stargazers over time](https://starchart.cc/VulnTotal-Team/firmeye.svg)](https://starchart.cc/VulnTotal-Team/firmeye)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvu1nt0tal%2Ffirmeye","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvu1nt0tal%2Ffirmeye","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvu1nt0tal%2Ffirmeye/lists"}