Versions Compared

Old Version 147

changes.mady.by.user Laura Mandolini

Saved on

compared with

New Version 148

changes.mady.by.user Laura Mandolini

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Firmware Reviewer provides in-depth firmware analysis (binaries, file systems, containers, virtual machines, IoT, UEFI, Appliances, Network Devices, Smart Meters, Surveillance devices, Drones, etc.), allowing to explore vulnerabilities at the same time to keeping the software securely in your own hands, at your premises. It can be used for a bunch of binary file formats, withNo need of related physical device.

...

  • REST API interface. Integration is easy as well since we provide a /wiki/spaces/KC/pages/1406631937 covering almost all features

  • Agent. Optionally used in encrypted firmwares and to gain access credentials. Our /wiki/spaces/KC/pages/1455980582 gives the user the ability to make changes to a firmware image without recompiling the firmware sources. It works by extracting the firmware bootloader parts, then extracting the file init system image, and rebuild the bootloader

  • Plugin Developer's toolkit. It provides a framework for Plugin Development. New Unpackers are implemented as plug-ins, as well as Analysis features and Compare functionalities

  • Alert System. You can send alert on: Analysis process started, Analysis process terminated, Vulnerability threshold, User’s access. Alert platforms: Slack, WebHooks.

...

Compliance

Firmware Reviewer provides reports compliant to:

...

The OWASP Firmware Security Testing Methodology is composed of nine stages tailored to enable security researchers, software developers, consultants, hobbyists, and Information Security professionals with conducting firmware security assessments. Firmware analysis is a tough challenge with a lot of tasks. Many of these tasks can be automated (either with new approaches or incorporation of existing tools) so that a security analyst can focus on its main task: Analyzing the firmware (and finding vulnerabilities). Firmware Reviewer implements this automation leading to more complete analysis as well as a massive speedup in vulnerability hunting and is able to assist you during all the nine stages:

...

Comparison between Versions

The File Compare check is a mechanism to compare a file from a previous run with the file from the current run. It provides more insights into file changes, since it allows comparing two versions of a file rather than comparing only a digest. Last, the Tree Check will produce an informational output listing new files, deleted files, and modified files. Firmware Reviewer can compare several images or single files. Furthermore, Unpacking, analysis and compares are based on plug-ins guaranteeing maximal flexibility and expandability.

...

In many cases you might want to compare Firmware samples. For instance, you might want to know if and where a manufacturer fixed an issue in a new firmware version. Or you might want to know if the firmware on your device the original firmware is of provided by the manufacturer. If they differ, you want to know which parts are changed for further investigation. Again, Firmware Reviewer is able to automate many of these challenges, like: Identify changed / equal files and Identify changed software versions.

...

DISCLAIMER: Firmware Reviewer never operates on physical devices.

COPYRIGHT (C) 2014-2021 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.