The Firmware Analysis and Comparison Tool (FACT)
The Firmware Analysis and Comparison Tool (formerly known as Fraunhofer's Firmware Analysis Framework (FAF)) is intended to automate most of the firmware analysis process.
It unpacks arbitrary firmware files and processes several analyses.
Additionally, it can compare several images or single files.
Furthermore, Unpacking, analysis and comparisons are based on plug-ins guaranteeing maximal flexibility and expandability.
More details and some screenshots can be found on our project page.
Requirements
FACT is designed as a multiprocess application, the more Cores and RAM, the better.
| Minimal | Recommended | Software |
|---|---|---|
| 4 Cores 8GB RAM 10 GB disk space |
16 Cores 64GB RAM 10* GB disk space |
git python 3.8 - 3.11 OS see below |
~ 10 GB required to set up FACT code, container and binaries. Additional space is necessary for result storage. That can be on a separate partition or drive.
It is possible to install FACT on any Linux distribution, but the installer is limited to
- Ubuntu 20.04 (stable)
- Ubuntu 22.04 (stable)
- Debian 11 (stable)
- Kali (experimental)
Installation
FACT can be installed and run via docker. See the FACT_docker repo for more.
The traditional installation is generally wrapped in a single script. Some features can be selected specifically though. See INSTALL.md for details.
Usage
You can start FACT by executing the start_all_installed_fact_components scripts. The script detects all installed components automatically.
$ ./start_all_installed_fact_componentsAfterwards FACT can be accessed on http://localhost:5000 and https://localhost (nginx), respectively.
You can shut down the system by pressing Ctrl + c or by sending a SIGTERM to the start_all_installed_fact_components script.
Advanced Usage
REST API
FACT provides a REST API. More information can be found here.
User Management
FACT provides an optional basic authentication, role and user management. More information can be found here.
List of available community plug-ins and REST scripts
- Plug-ins
- REST
Vagrant
We provide monthly and ready-to-use vagrant boxes of our master branch. Vagrant is an easy and convenient way to get started with FACT without having to install it on your machine. Just setup vagrant and import our provided box into VirtualBox. Our boxes can be found here!
Check out on how to get started with FACT and vagrant in our tutorial.
Thanks to @botlabsDev, who initially provided a Vagrantfile that is now, however, deprecated.
Contribute
The easiest way to contribute is writing your own plug-in. Our Developers Manual can be found here.
Acknowledgments
This project is partly financed by German Federal Office for Information Security (BSI) and others.
Publications / Presentations
BlackHat Arsenal
We've been happy to show FACT in a number of BlackHat Arsenal sessions.
Other
Social
License
Firmware Analysis and Comparison Tool (FACT)
Copyright (C) 2015-2023 Fraunhofer FKIE
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Some plug-ins may have different licenses. If so, a license file is provided in the plug-in's folder.