Improve Firmadyne (https://github.com/firmadyne/firmadyne) and make it simpler to extract, emulate firmware for analysis.

1. docker and docker-compose
2. Firmware samples

1. Get firmware samples to analyze. mkdir samples samples-output Add firmware to samples folder
2. Edit the docker-compose.yml to include the desired "Manufacturer name" (can be anything) and path to samples.
   a. command section has "foo", "1.bin" ; this is the "Manufacturers Name" and file name.
   b. volumes section has path to firmware samples and mapping to local images.
3. Copy the relevant sections multiple times (given x samples).
   a. copy section from emulator-1 until next entry.
   b. manually increment the desired ip address.
4. Decide whether to pull our latest docker image; docker pull compsecdirect/autodyne:latest , or build one from scratch; make your choice
5. make build and make start
   6docker exec -it CONTAINERID bash
   7tmux ls
   8tmux a -t "ImageID X" Where X is the database id generated by firmadyne.
   a. This tmux session is the console session to the firmware sample.

• Project no longer maintained. Firmadyne extractor, root/non-root runs, binwalk, and security goals all lead to variance between projects that made this difficult to maintain.

0. main branch is ubuntu 18.04 / dev branch is ubuntu 20.04 base images.

1. If you did not get a tmux session; a failure occurred during the seven firmadyne steps. We keep a samples-out folder to collect and debug emulation efforts.
   bin-extractor-output
   bin-getArch-output
   bin-inferNetwork-output
   bin-makeImage-output

2. The standalone autodyne container launched does the db init on the postgres container. The autodyne-em1, autodyne-em2, etc, are the containers that are attempting to emulate samples.

3. Any problems with Makefile are usually tied to line feeds problems between operating systems. We use debian/kali is the test OS we use and recommend.

4. After running the script multiple times, the losetup will fail as it does not free loopback devices. Sometimes it easier to restart the system using autodyne for this purpose.

5. The samples referenced are https://www.downloads.netgear.com/files/GDC/WNAP320/WNAP320%20Firmware%20Version%202.0.3.zip and

6. binwalk moving to rust broke the extractor from firmadyne. Version 2.3.4 was last python version. Until someone redoes the extractor to work with binwalk without doing a python import, this version will not change.

7. The best way to load samples is reduce the amount of extractions. For example, if the firmware is zipped and has a tar; place the .at file inside samples and extract that by removing an extra step.

8. Firmadyne tried many things, but it does not decrypt many samples for you, nor does it work across every vendor. At best, it works 20% of the time and emulates even less of these the way you expect.

o Charles Boyd
o DJ Forbes

o Jonty16117