FirmAE

Automated framework for firmware emulation and vulnerability analysis. Improves emulation success rate from 16.28% to 79.36% compared to Firmadyne using five arbitration techniques.

Setup

N/ABASH
git clone https://github.com/pr0v3rbs/FirmAE.git
cd FirmAE
./download.sh
./install.sh
reboot
./docker-init.sh
sudo apt install python3-coloredlogs -y

PostgreSQL via Docker

N/ABASH
service postgresql stop
docker pull postgres
docker run -itd -e POSTGRES_USER=firmadyne -e POSTGRES_PASSWORD=firmadyne \
  -e POSTGRES_DB=firmware -p 5432:5432 \
  -v /data:/var/lib/postgresql/data --name postgresql postgres
PGPASSWORD=firmadyne psql -h localhost -p 5432 -U firmadyne -d firmware < ./database/schema

Emulation

N/ABASH
# Emulation check (~5-6 min)
./docker-helper.py -ec tplink ./firmwares/[firmware_file].zip
 
# Debug mode
./docker-helper.py -ed firmwares/[firmware_file].zip

Web Interface Access

N/ABASH
socat TCP-LISTEN:8080,reuseaddr,fork \
  'EXEC:docker exec -i [container_name] "socat STDIO TCP-CONNECT:192.168.1.1:80"' &
 
curl http://localhost:8080
Disclaimer

All content published on exploit.se is intended strictly for educational and informational purposes. Research is conducted responsibly under coordinated disclosure principles.

Techniques, tools, and writeups shared on this site are meant to advance the security community's understanding of vulnerabilities and defences. They are not intended to encourage or enable unauthorised access to any system.

The author bears no responsibility for any misuse of information presented here.

Cookie Settings

This site does not use cookies, analytics, or any third-party tracking technologies.

No personal data is collected. No fingerprinting. No ads. You are not the product.


 ██╗ ██████╗ ███████╗██╗███████╗███╗   ██╗██████╗
 ██║██╔═══██╗██╔════╝██║██╔════╝████╗  ██║██╔══██╗
 ██║██║   ██║█████╗  ██║█████╗  ██╔██╗ ██║██║  ██║
 ██║██║   ██║██╔══╝  ██║██╔══╝  ██║╚██╗██║██║  ██║
 ██║╚██████╔╝██║     ██║███████╗██║ ╚████║██████╔╝
 ╚═╝ ╚═════╝ ╚═╝     ╚═╝╚══════╝╚═╝  ╚═══╝╚═════╝
You found me.
↑↑↓↓←→←→ B A  ·  click to close