1. Security Reviewer Knowledge Center
  2. Security Reviewer Suite
  3. Firmware Reviewer

Plugin Developer's toolkit

Created by Laura Mandolini
Last updated Dec 18, 2020

It is based on a plug-in concept. New Unpackers are implemented in Python programming language as plug-ins, as well as Analysis features and Compare functionalities.

  • Unpackers are focused on decompress/decrypt new file systems and archive formats.

  • Analysis plug-ins are focused on adding new features to Static and Dynamic Analyses.

  • Compare functionalities are focused on enhancement of comparison between versions.

New features can be also implemented as Containers:

Firmware Reviewer shares the same plug-ins architecture of  FACT (Firmware Analysis Comparison Tool) project. The following is the list of plugin-ins developed and enhanced by Firmware Reviewer:

Task

Plugin

Firmware Analysis

Firmware Reviewer Core

File System Extraction

Firmware Extractor

Credential Stored in Code

Security Reviewer Static Analysis Module plugin

Visible Conf Files

Firmware Reviewer Core

WiFi Configurations

Firmware Reviewer Core

Legacy Network Services

Firmware Reviewer Core

Embedded Web Server

Firmware Reviewer Core

Web Server Files

Firmware Reviewer Core

Endpoint API

Security Reviewer Static Analysis Module plugin

Remote Code Execution

Security Reviewer Static Analysis Module plugin

Information Disclosure

Enhanced version of Firmwalker

Command Injection

Firmware Reviewer Core, Security Reviewer Static Analysis Module plugin

Static Analysis

Security Reviewer Static Analysis Module plugin

Malware Analysis

Dynamic Malware Analysis and Backdoor discovery

Vulnerable Components and Libraries

Security Reviewer Software Composition Analysis

Firmware Partial Emulation

Firmware Reviewer Emulation Framework

Firmware Complete Emulation

Firmware Reviewer Emulation Framework

Default Credentials

Firmware Reviewer Core

Password Policy

Firmware Reviewer Core

Password Expiration

Firmware Reviewer Core

Password Recovery

Firmware Reviewer Core

Account Lockout

Firmware Reviewer Core

Role Separation

Firmware Reviewer Core

Role Hardening

Firmware Reviewer Core

Check Authentication

Firmware Reviewer Core

Upgrade Feature

Firmware Reviewer Core

Encrypted Upgrade Protocol

Firmware Reviewer Core

Upgrade Validation

Firmware Reviewer Core

Upgrade Rollback

Firmware Reviewer Core

Upgrade Security Alerting

Firmware Reviewer Core

Sensitive Data Security

Firmware Reviewer Core

Anonymized Personal Data

Firmware Reviewer Core

Data Collecting

Firmware Reviewer Core

Unencrypted Protocols

Firmware Reviewer Core

Traffic Anomalies

Firmware Reviewer Core

Local Firewall

Firmware Reviewer Core

Security Event Logging

Firmware Reviewer Core

Security Event Alerting

Firmware Reviewer Core

Network Fuzzing Analysis

Firmware Reviewer Core

Debug and Troubleshooting Pages

Firmware Reviewer Core

Directory Traversal and Discovery

Firmware Reviewer Core

Wrong Input Validation

Security Reviewer Static Analysis Module plugin

Wrong Error Handling

Firmware Reviewer Core

Bootloader Analysis

Bootloader Agent

Firmware Integrity Testing

Firmware Reviewer Core

COPYRIGHT (C) 2014-2021 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.