Skip to content

Releases: fkie-cad/FACT_core

FACT_core v4.2

04 Sep 13:21
Compare
Choose a tag to compare

Changelog

  • Features:
    • Web GUI:
      • System status page: per plugin progress
      • Revised advanced search page (better input, syntax check)
      • Clickable analysis tags (link to summary)
    • Plugins:
      • Users & passwords: improved password cracking wordlist
      • CVE lookup: switched to new CVE data source
      • CVE lookup: filter out busybox results for non-existing components
      • Info leaks: find credentials in URLs
    • Added support for Ubuntu 24.04 and Python 3.12
    • Retired support for Ubuntu 18.04 and Python 3.7
  • Performance/Efficiency Improvements:
    • Optimized analysis/unpacking progress tracking
    • More efficient analysis runtime stats
    • Faster general stats
    • Faster analysis update
    • IPC analysis plugin: Ghidra optimizations
    • DB optimization for certain operations with indices
    • New analysis plugin base class
      • Migrated several plugins to the new base class (migrating all remaining plugins is an ongoing process)
    • Upload optimization (contributed by eclipsotic)
  • Misc.:
    • Improved CLI logging
    • Improved configuration (switched to toml format)
    • Added file tree icon for linux kernel images
    • Updated several dependencies and fixed deprecation warnings
  • Bug Fixes:
    • File download suffix fix
    • Unicode data sanitization fix
    • Extractor connection retry fix
    • Preview syntax highlighting fix
    • Stats search links fix
    • CWE checker memory limit fix
    • Backend ulimit fix
    • Several additional smaller fixes

FACT_core v4.1.1

14 Aug 11:28
df8d726
Compare
Choose a tag to compare

This is a bug fix release.

Changelog

  • Backport of several bug fixes from 4.2-dev
    • fixed several installation bugs
    • fixed extractor connection / retry bugs
    • fixed YARA rule metadata parsing bugs
    • fixed file download bug
    • fixed bugs in "software_components" plugin
  • Backport of Debian 12 support, other OS updates and CI changes

FACT_core v4.1

05 Apr 12:20
fed9c9b
Compare
Choose a tag to compare

Changelog

  • Major Performance Improvements: 🎉
    • Significantly sped up unpacking.
      • Reduced unpacking overhead which should result in a speedup especially for small files.
      • Unpacking can be several times faster for large firmware containers including many small files.
    • Significantly improved scaling of analysis scheduling.
      • Depending on the core count of the system and the selected plugins, the analysis can be several times quicker.
    • Significantly sped up firmware deletion (also used in "redo analysis").
      • ⚠️ A database migration with alembic is necessary (see instructions when starting FACT for the first time after an update).
  • Analysis Plugin Changes:
    • Added new plugin "ipc_analyzer" for IPC (inter-process communication) analysis on ELF files.
    • Improved "information_leaks" plugin (less false negatives, added detection for SVN artifacts and improved summary)
    • Improved password cracking of the "users_and_passwords" plugin.
    • Improved "architecture_detection" plugin with new and more precise detection methods.
    • Improved resolution of version format strings in the "software_components" plugin.
    • Removed the "malware_scanner" (OMS) plugin.
  • Comparison Changes:
    • Better text file comparison (significantly faster and can be reloaded now).
    • Added a feature for finding changed configuration files to the "file_coverage" plugin.
  • Web GUI Changes:
    • "Update analysis" now supports changing metadata.
    • Added summaries for included files (in addition to firmware containers).
    • Summaries now load on demand (for faster page loading and less stress on the database).
    • Added live runtime stats for analysis plugins to the plugin "cards" on the "system health" page.
    • Added indicator to signify that unpacking is halted to the "system health" page.
    • Improved "advanced search" (now "not equal" operator and more examples).
    • Added search feature to the file tree on the analysis page.
    • New icons for the file tree which support many more MIME types.
  • Backend Changes:
    • Changed how the configuration is propagated through FACT and added validation
      • ⚠️ Config handling in external plugins may need to be adjusted accordingly.
    • Added new config option to adjust the default number of workers for each analysis plugin.
    • Log files for backend, frontend and database can now be configured individually.
    • Added optional authentication option for Redis.
  • Improved the documentation and fixed many bugs.

FACT_core v4.0.2

24 Jan 08:53
Compare
Choose a tag to compare

This is a bug fix release.

Changelog

Backport of several bug fixes from 4.1-dev

  • fixed several DB migration bugs
  • fixed several version parsing bugs
  • fixed a bug that might cause a crash in the "kernel_config" plugin
  • flask-restx/flask-wtf compatibility bug fix
  • analysis scheduler shutdown bug fix
  • "manage_users" test bug fix

FACT_core v4.0.1

09 Aug 14:00
Compare
Choose a tag to compare

This is a bug fix release.

Changelog

  • fixed an issue with the newest version of werkzeug
  • fixed an issue when the maximum unpacking depth is reached
  • reduced false negatives in the information leaks plugin
  • fixed issues with FACT_docker

FACT_core v4.0

21 Jul 13:50
907fe30
Compare
Choose a tag to compare

⚠️ This Release introduces breaking changes to your installation without running a migration script.
We switched the analysis and comparison result database from MongoDB to PostgreSQL. For information on how to migrate from old MongoDB installations, please refer to https://fkie-cad.github.io/FACT_core/migration.html

Additional Changelog

  • New dropdown menu for selecting the number of results on the database page.
  • Added and improved software and crypto signatures.
  • Added support for Ubuntu 22.04 Jammy Jellyfish.
  • Bug fixes.

FACT_core v3.3.1

11 May 15:08
9114f39
Compare
Choose a tag to compare

This is a bug fix release.

Changelog

  • RuboCop installation fix (Ruby linter used by source_code_analysis plugin)

FACT_core v3.3

06 May 12:52
47ed1c8
Compare
Choose a tag to compare

Changelog

  • New or Improved Analysis
    • New plugin for finding and checking Linux kernel configurations.
    • New plugin for finding device trees.
    • New plugin for matching known software from the circ.lu hash library.
    • New plugin for detecting unintentionally leaked information in firmware.
    • New plugin for gathering hardware information.
    • The results of the cve_lookup plugin are now sorted by severity.
    • Added support for additional ISAs to the architecture detection plugin.
    • Added ruby and php linters to the source code analysis plugin.
  • Improved loading of analysis tags.
  • Added support for searching firmware tags to the "basic search".
  • New Swagger documentation for all REST endpoints.
  • Added software signatures.
  • Added new feature to force single analysis and whole firmware analysis update (will be removed when scheduling problems are fixed).
  • Changed "update analysis" to skip the unpacking step ("re-do analysis" still unpacks).
  • Improved system monitoring page with live updates.
  • Improved dependency graph page.
  • New page for monitoring FACT logs.
  • New page for browsing previous "binary search" queries.
  • New hex preview for binary files on the analysis page.
  • New text file diffing feature.
  • Added support for Python virtual environments.
  • Improved CLI user management script.
  • Updated the web framework Flask to version 2.0
    • If you use FACT with authentication, it is necessary to run the script src/migrate_database.py to convert the old user database to the new format
  • Improved documentation.
  • Bug fixes, stability improvements and better error reporting.

FACT_core v3.2

21 May 14:19
11b242e
Compare
Choose a tag to compare

Changelog

  • New or Improved Analysis
    • New plugin to highlight most relevant uris, such as cloud endpoints.
    • Extended exploit mitigation detection.
    • Improved script language detection for source code analysis.
    • Added detection of encrypted private keys.
    • Added support for mosquitto password style.
    • Improved cwe_checker integration.
  • Added graph mapping of dependencies between binaries and libraries in a firmware.
  • Added fedora support and prepared for RHEL and Cent support.
  • Added Mint 20 support.
  • Warning: Removed support for python 3.5 and Ubuntu 16.04 as planned.
  • Integrated sphinx documentation for library-like helperFunctions module.
  • Statistics page now largely uses pie charts instead of bars.
  • Added rest endpoint for statistics.
  • Currently analyzed firmware now listed with a progress bar on system page.
  • Structural changes regarding the "virtual file path" (Warning: Changes in custom plugins may be necessary).
  • Failed analyses are now listed on the /admin/missing_analyses view.
  • Started adding tooltips to statistics page.
  • Added feeback modal to UI - with links to multiple feedback options.
  • Removed legacy changes to local environment.
  • Added multiple configuration options for better customization.
  • Optimized performance and data storage.
  • Bug fixes.

FACT_core v3.1.3

18 Feb 10:39
Compare
Choose a tag to compare

This is a bug fix release.

Changelog

  • removed deprecated Python version from installation