Firmware Security Village
The firmware security village is a more in-depth spin-off of the *Enter FACT* Workshop held at hardwear.io 2019.
The village format allows spending more time on the offered challenges as well as more direct interaction with the speakers, for an even better understanding of the capabilities of the used tools and a better understanding of important analysis targets.
The village will offer multiple challenges, targeting different use cases of firmware analysis, including but not limited to
To allow both broad and deep insights into analyzing firmware, we have designed a number of CTF challenges that can be done on site using a local setup of the FACT firmware analysis tool and live devices that will be on site and accessible through network infrastructure provided at the village.
Using an analysis demonstration instead of a classic slide-based presentation offers extensive insight into the firmware analysis workflow so that newbies can get an introduction to the topic.
Thus, a participant can observe the application of FACT first hand. More experienced participants can jump directly into the challenges. Assistance is provided throughout the duration of the village.
Some technical contents of the challenges are
Most of the analysis steps are automated by FACT, so that the focus for the challenges is more towards learning how to find information than generating it.This allows for a better understanding of how to reproduce a given analysis in another environment than e.g. an isolated manual analysis. That said, some steps, including pattern matching and cross-referencing are done manually to also provide an understanding on what manual steps during a firmware analysis can be automated to allow for quicker results.
Another focus of the Village will be on different ways of finding and aggregating information. The accumulation of a firmware database offers a number of possibilities for research purposes, auditing and other firmware related tasks. Besides aggregating data over simple keys like vendor or device class, we show how to cluster firmware, based on analysis results such as included software or known vulnerabilities (e.g. Heartbleed). We also show how a newly discovered design flaw or vulnerability can quickly be rediscovered in other firmware by applying pattern matching on the database.
If participants are interested in customizing their analysis setup, it will also be possible to integrate simple analysis features into FACT on site and observe the resulting automation of the new analysis.
Christopher Krah is researcher at Fraunhofer FKIE and part of the software and firmware security group of Fraunhofer FKIE. His research focus includes vulnerability hunting and firmware security.
He has contributed to FACT since being a student assistant in 2017.
Johannes vom Dorp is researcher at Fraunhofer FKIE and currently head of the software and firmware security group of Fraunhofer FKIE. He works on security analysis, focusing on firmware and hardware security. Since its inception in 2015 he is core developer of FACT.