The Firmware Analysis and Comparison Tool (formerly known as Fraunhofer's Firmware Analysis Framework (FAF)) is intended to automate most of the firmware analysis process.
It unpacks arbitrary firmware files and processes several analyses.
Additionally, it can compare several images or single files.
Furthermore, Unpacking, analysis and comparisons are based on plug-ins guaranteeing maximal flexibility and expandability.
More details and some screenshots can be found on our project page.
FACT is designed as a multiprocess application, the more Cores and RAM, the better.
Minimal | Recommended | Software |
---|---|---|
4 Cores 8GB RAM 10 GB disk space |
16 Cores 64GB RAM 10* GB disk space |
git python 3.8 - 3.11 OS see below |
~ 10 GB required to set up FACT code, container and binaries. Additional space is necessary for result storage. That can be on a separate partition or drive.
It is possible to install FACT on any Linux distribution, but the installer is limited to
- Ubuntu 20.04 (stable)
- Ubuntu 22.04 (stable)
- Debian 11 (stable)
- Kali (experimental)
❗ Caution: FACT is not intended to be used as public internet service. The GUI is not a hardened WEB-application and it may take your server at risk!
FACT can be installed and run via docker. See the FACT_docker repo for more.
The traditional installation is generally wrapped in a single script. Some features can be selected specifically though. See INSTALL.md for details.
You can start FACT by executing the start_all_installed_fact_components scripts. The script detects all installed components automatically.
$ ./start_all_installed_fact_components
Afterwards FACT can be accessed on http://localhost:5000 and https://localhost (nginx), respectively.
You can shut down the system by pressing Ctrl + c or by sending a SIGTERM to the start_all_installed_fact_components script.
🔥 We're currently working to improving our documentation, including installation, getting started and alike. Follow progress on our wiki pages. ✌️
FACT provides a REST API. More information can be found here.
FACT provides an optional basic authentication, role and user management. More information can be found here.
- Plug-ins
- REST
The script src/firmware_import_export.py
can be used to export unpacked files and analysis results and import them
into another FACT instance. The data is stored as a ZIP archive and this is also the format the scripts expects during
import. To export files and analysis data of analyzed firmware images simply run
python3 firmware_import_export.py export FW_UID [FW_UID_2 ...] [-o OUTPUT_DIR]
After this, you can import the exported files with
python3 firmware_import_export.py import FW.zip [FW_2.zip ...]
We provide monthly and ready-to-use vagrant boxes of our master branch. Vagrant is an easy and convenient way to get started with FACT without having to install it on your machine. Just setup vagrant and import our provided box into VirtualBox. Our boxes can be found here!
Check out on how to get started with FACT and vagrant in our tutorial.
Thanks to @botlabsDev, who initially provided a Vagrantfile that is now, however, deprecated.
The easiest way to contribute is writing your own plug-in. Our Developers Manual can be found here.
This project is partly financed by German Federal Office for Information Security (BSI) and others.
We've been happy to show FACT in a number of BlackHat Arsenal sessions.
Firmware Analysis and Comparison Tool (FACT)
Copyright (C) 2015-2024 Fraunhofer FKIE
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Some plug-ins may have different licenses. If so, a license file is provided in the plug-in's folder.