News

Bob Goudriaan successor of Marc Gauw 2017/10/12

NLnet Labs' Jaap Akkerhuis inducted in Internet Hall of Fame 2017/09/19

NLnet and Gartner to write vision for EC's Next Generation Internet initiative 2017/04/12

Dutch Ministry of Economic Affairs donates 0.5 million to "Internet Hardening Fund" 2016/12/16

Vietsch Foundation and NLnet cooperate in internet R&D for research and education 2016/09/28

 

Deep Firmware

[Deep Firmware Inspection Tool (Binary Analysis Tool) -- concluded on 2017/01]

Understanding firmware is very difficult without the proper tools. The project builds an advanced prototype for scanning of security aspects of firmware based on the open source Binary Analysis Tool.

Electronic devices typically derive their functionality because of embedded software, often referred to as firmware. Firmware suffers from all the normal weaknesses of software, but has the additional handicap that the interface to the device is often very limited. It is therefore often hard to adequately grasp the risk of devices being compromised.

Deep Firmware Inspection is an R&D project that add security capabilities to the open source firmware scanning tool Binary Analysis Tool. The result is a tool with a number of unique features, such as scanning of password databases, matching of security information from vulnerability disclosure with a corpus of firmware, version identification of software components and much more.

BAT uses symbol and string table comparisons to read binary code in firmware formats and compare it with source code without undertaking any reverse engineering. This approach has proven extremely effective in discovering real-world issues. Advanced users can also build a customized knowledgebase containing information about upstream suppliers, chip-sets, offsets, file systems and application strings to improve the fidelity of scans.

Download BAT v.27 (final version): Github.com | NLnet.nl

Or check out the fine manual

If you are interested in supporting future work similar to Deep Firmware, contact Michiel Leenaars (director of strategy at NLnet).

The project is led by Armijn Hemel.

Deep Firmware was co-funded by NCTV through the programme "veilig door innovatie" and NLnet.

Calls

Send in your ideas.
Deadline December 1st, 2017.

   
Last update: 2014/04/01