Firmware Reviewer provides in-depth firmware analysis (binaries, file systems, containers, virtual machines, IoT, UEFI, Appliances, Network Devices, Smart Meters, Surveillance devices, Drones, etc.), allowing to explore vulnerabilities at the same time to keeping the software securely in your own hands, at your premises. It can be used for a bunch of binary file formats, withNo need of related physical device.
...
Main Topics
| Table of Contents |
|---|
...
Architecture
Firmware Reviewer, further to its own engine, makes use of other well-known platforms, like FACT (Firmware Analysis Comparison Tool), Intel ME Analyzer, RedBoot, FirmWalker, Firmware Modification Kit, angr, Radare, Firmware Analysis Tool, Firmadyne, ByteSweep,Karonte,FWAnalyzer,Ghidra,FIT, IoTSecFuzz, EXPLioT, CapStone Framework and Binwalk engines to analyze and compare different versions against vendor's databases, Karonte Dataset and Fraunhofer Institute database. Analysis are normalized and correlated, presenting a unique dashboard. This is possible through our Plugin Developer’s Toolkit.
...
...
Firmware Reviewer shares FACT (Firmware Analysis Comparison Tool) architecture, adding a lot of new features (Tasks Plan automation included). Respect than FACT, it requires a basic hardware configuration, while enhancing performances 12x.
...
The OWASP Firmware Security Testing Methodology is composed of nine stages tailored to enable security researchers, software developers, consultants, hobbyists, and Information Security professionals with conducting firmware security assessments. Firmware analysis is a tough challenge with a lot of tasks. Many of these tasks can be automated (either with new approaches or incorporation of existing tools) so that a security analyst can focus on its main task: Analyzing the firmware (and finding vulnerabilities). Firmware Reviewer implements this automation leading to more complete analysis as well as a massive speedup in vulnerability hunting and is able to assist you during all the nine stages:
...
Comparison between Versions
Firmware Reviewer can compare several images or single files. Furthermore, Unpacking, analysis and compares are based on plug-ins guaranteeing maximal flexibility and expandability.
...
In many cases you might want to compare Firmware samples. For instance, you might want to know if and where a manufacturer fixed an issue in a new firmware version. Or you might want to know if the firmware on your device the original firmware is of provided by the manufacturer. If they differ, you want to know which parts are changed for further investigation. Again, Firmware Reviewer is able to automate many of these challenges, like: Identify changed / equal files and Identify changed software versions.
...
DISCLAIMER: Firmware Reviewer never operates on physical devices.
COPYRIGHT (C) 2014-2020 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.