Calls: Send in your ideas. Deadline June 1st, 2021.

Last update: 2014-04-01

Deep Firmware

[Deep Firmware Inspection Tool (Binary Analysis Tool) — concluded in 2017]

Understanding firmware is very difficult without the proper tools. The project builds an advanced prototype for scanning of security aspects of firmware based on the open source Binary Analysis Tool.

Electronic devices typically derive their functionality because of embedded software, often referred to as firmware. Firmware suffers from all the normal weaknesses of software, but has the additional handicap that the interface to the device is often very limited. It is therefore often hard to adequately grasp the risk of devices being compromised.

Deep Firmware Inspection is an R&D project that add security capabilities to the open source firmware scanning tool Binary Analysis Tool. The result is a tool with a number of unique features, such as scanning of password databases, matching of security information from vulnerability disclosure with a corpus of firmware, version identification of software components and much more.

BAT uses symbol and string table comparisons to read binary code in firmware formats and compare it with source code without undertaking any reverse engineering. This approach has proven extremely effective in discovering real-world issues. Advanced users can also build a customized knowledgebase containing information about upstream suppliers, chip-sets, offsets, file systems and application strings to improve the fidelity of scans.

Download BAT v.27 (final version): Github.com | NLnet.nl

Or check out the fine manual

If you are interested in supporting future work similar to Deep Firmware, contact Michiel Leenaars (director of strategy at NLnet).

The project is led by Armijn Hemel.

Deep Firmware was co-funded by NCTV through the programme "veilig door innovatie" and NLnet.

Navigate projects

Please check out NLnet's theme funds, such as NGI Assure, NGI0 Discovery (which is focussed on search, discovery and discoverability) and the Internet Hardening Fund.

Want to help but no money to spend? Help us by protecting open source and its users.

.