Shulou(Shulou.com)05/31 Report--

Editor to share with you what is the use of Firmware Slap, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Firmware Slap

Firmware Slap is a tool that can discover security vulnerabilities and similar features in target firmware through a combination of hybrid analysis and feature clustering. Firmware Slap is a collection of functional libraries, and security scan information can be directly exported to data in pickle or JSON format for integration with other tools.

Tool installation

Firmware Slap can be run directly in a virtual environment, and has been fully tested in Python 3.6.The majority of users can directly use the following commands to complete the installation of the tools:

Sudo apt install python3-virtualenvvirtualenv-p python3 fwslapsource fwslap/bin/activate

In other words, you can download, install, and build the project (configuration) of Firmware Slap using the following command:

Cd ~ mkdir .virtualenvspip install virtualenvwhich virtualenv # note path warningspip install virtualenvwrapperecho "export PATH=$PATH:~/.local/bin" > > ~ / .bashrcecho "export WORKON_HOME=~/.virtualenvs" > > ~ / .bashrcecho "source ~ / .local / bin/virtualenvwrapper.sh" > > ~ / .bashrc # usually best here to open new terminalmkvirtualenv fwslap-p / usr/bin/python3workon fwslap

Finally, run the following command to complete the installation using setup.py:

Python setup.py install

At this point, we also need to install rabbitmq, Docker, and Radare2 or Ghidra:

# Ubuntusudo apt install rabbitmq-server docker.io# OSXbrew install rabbitmq# Radare2git clone https://github.com/radare/radare2.gitsudo. / radare2/sys/install.sh# Ghidrawget https://ghidra-sre.org/ghidra_9.0.4_PUBLIC_20190516.zipunzip ghidra_9.0.4_PUBLIC_20190516.zip-d ghidraecho "export PATH=\ $PATH:$PWD/ghidra/ghidra_9.0.4/support" > > ~ / .bashrc

If you choose Ghidra, you also need to install JDK 11:

Sudo apt install default-jdkjava-version

If you want to use the Elastic search function, you also need to run the Elasticsearch_and_kibana.sh script.

Tool use

First, we need to make sure that rabbitmq-server is running:

# In a Separate terminal Run this in the top level "Firmware_Slap" directorycelery-A firmware_slap.celery_tasks worker-- loglevel=info# Basic buffer overflowDiscover_And_Dump.py examples/iwconfig-D iwconfig_resultsLoad_And_View_Results.py iwconfig_results.all.pickle# Click management on the left pane# Click Saved Objects# Click Import# Select 'elastic_export.json' under the elastic directory in firmware slap# Navigate to dashboards on left pane and select' Overview Dashboard'Load_And_View_Results.py iwconfig_results.all.pickle-s # Command injectiontar-xvf examples/Almond_libs.tar.gzVuln_Discover_Celery.py examples/upload.cgi-L Almond_Root/lib/

Next, use the following command to get a firmware sample for analysis:

# Get the firmware used for exampleswget https://firmware.securifi.com/AL3_64MB/AL3-R024-64MBbinwalk-Mre AL3-R024-64MB

Select the root directory of the project and open the Celery task:

# In a separate terminalcelery-A firmware_slap.celery_tasks worker-- loglevel=info

Open another new terminal window and run a vulnerability scanning task:

$Vuln_Discover_Celery.py Almond_Root/etc_ro/lighttpd/www/cgi-bin/upload_bootloader.cgi-L Almond_Root/lib/ [+] Getting argument functions [+] Analyzing 1 functions 0% | | | 0swap 1 [00:01 |

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.