Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/quarkslab/pyrrha

A tool for firmware cartography
https://github.com/quarkslab/pyrrha

firmware-analysis firmware-tools security

Last synced: 7 days ago
JSON representation

A tool for firmware cartography

Host: GitHub
URL: https://github.com/quarkslab/pyrrha
Owner: quarkslab
License: apache-2.0
Created: 2023-06-26T11:44:03.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-03-06T13:06:32.000Z (8 months ago)
Last Synced: 2024-08-31T09:41:20.830Z (2 months ago)
Topics: firmware-analysis, firmware-tools, security
Language: Python
Homepage: https://quarkslab.github.io/pyrrha/
Size: 4.73 MB
Stars: 135
Watchers: 7
Forks: 10
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: docs/contributing/dev_mapper.md
- License: LICENSE

Awesome Lists containing this project

awesome-iot-security-resource - pyrrha

README

# Pyrrha: A mapper collection for firmware analysis

Pyrrha is a filesystem cartography and correlation software focusing on visualization. It currently focuses on the relationship between executable files but aims at enabling anyone to map and visualize any relationship types. It uses the open-source code source
explorer [Sourcetrail](https://github.com/CoatiSoftware/Sourcetrail) to provide users with an easy way to navigate through and search for
path to function.

![](img/imports.png)

An example of the symbols and libraries imported by libgcc_s.so.1 and of the symbols which reference this library.

![](img/symlinks.png)

An example of the symlinks which point on busybox.

## Installation
The installation is done in two parts:

- Installing `Pyrrha` as a Python module (`pip install pyrrha-mapper`) or using its Docker image.
- Installing `Sourcetrail` to be able to visualize Pyrrha's results. You can use [its last release](https://github.com/CoatiSoftware/Sourcetrail/releases/tag/2021.4.19) and its [documentation](https://github.com/CoatiSoftware/Sourcetrail/blob/master/DOCUMENTATION.md#installation).

## Usage
The usage workflow is composed of two steps which allow you to separate DB creation and result visualization.

1. Run Pyrrha to obtain Sourcetrail compatible files (`*.srctrlprj` for the project file and `*.srctrldb` for the DB file). With the python package, you can just launch the command:
```
$ pyrrha
Usage: pyrrha [OPTIONS] COMMAND [ARGS]...

Mapper collection for firmware analysis.

Options:
-h, --help Show this message and exit.

Commands:
fs Map PE and ELF files of a filesystem into a sourcetrail-compatible db.

```
or with the Docker
```
$ docker run --rm -t -v $PWD:/tmp/pyrrha ghcr.io/quarkslab/pyrrha:latest [OPTIONS] COMMAND [ARGS]...
```
2. Visualize your results with Sourcetrail
```
$ sourcetrail PROJECT_NAME.srctrlprj
```

The detailed documentation of each mapper is available in the [documentation](https://quarkslab.github.io/pyrrha/mappers/mappers/).

## Publications

Pyrrha has been presented at two conferences listed below. These talks include live demo of the `fs` parser which map links between libraries and executables files.

- [Pyrrha: navigate easily into your system binaries, *Hack.lu'23*. [[slides]](https://github.com/quarkslab/conf-presentations/blob/master/Confs/HackLu23/pyrrha.pdf) [[video]](https://www.youtube.com/watch?v=-dMl-SvQl4k)
- Map your Firmware!, *PTS'23*. [[slides]](https://github.com/quarkslab/conf-presentations/blob/master/Confs/PTS23/PTS2023-Talk-14-Pyrrha-map-your-firmware.pdf) [[video]](https://passthesalt.ubicast.tv/videos/2023-map-your-firmware/)

## Authors
- Eloïse Brocas (@ebrocas), Quarkslab