The patch-hunter Docker container ingests two subject firmware files (.bins) and performs automated patch analysis on them. This suite of tools generates extracted firmware images and allows analysts to quickly identify file modifications, additions, and deletions between two versions.
- Build the Docker image after cloning it from this repo:
cd patch-hunter
docker build -t patch-hunter .-
Place the target binaries into the patch-hunter/bins/ folder.
-
Run the container, which will automatically analyze the diff files:
docker run -it \
-v $(pwd)/bins:/bins \
-v $(pwd)/outputs:/outputs \
-e OLD_FW=file01.bin \
-e NEW_FW=file02.bin \
patch-hunter
- All output files are stored in the /patch-hunter/outputs directory.
- extractions/file01.bin/ - directory containin the file01 extracted firmware
- extractions/file02.bin/ - directory containin the file02 extracted firmware
- firmware_diff_flat.json - JSON containing full file paths
- firmware_diff_tree.json - JSON containing a tree structure of file paths
In addition to providing the extracted firmware samples, patch-hunter produces easily parsable JSON files to show any file modifications, additions, and deletions. You can find sample .json files in the examples directory of this repo.
- Flat JSON representation of the firmware diff between old and new firmware.
- Tree JSON representation of the firmware diff between old and new firmware.
Two firmware files have been included in the bins directory. These files are two versions of an open-source WiFi router firmware, and can be used to test the installation and configuration of patch-hunter.