FACT_core v4.2

Changelog

• Features:
  • Web GUI:
    • System status page: per plugin progress
    • Revised advanced search page (better input, syntax check)
    • Clickable analysis tags (link to summary)
  • Plugins:
    • Users & passwords: improved password cracking wordlist
    • CVE lookup: switched to new CVE data source
    • CVE lookup: filter out busybox results for non-existing components
    • Info leaks: find credentials in URLs
  • Added support for Ubuntu 24.04 and Python 3.12
  • Retired support for Ubuntu 18.04 and Python 3.7
• Performance/Efficiency Improvements:
  • Optimized analysis/unpacking progress tracking
  • More efficient analysis runtime stats
  • Faster general stats
  • Faster analysis update
  • IPC analysis plugin: Ghidra optimizations
  • DB optimization for certain operations with indices
  • New analysis plugin base class
    • Migrated several plugins to the new base class (migrating all remaining plugins is an ongoing process)
  • Upload optimization (contributed by eclipsotic)
• Misc.:
  • Improved CLI logging
  • Improved configuration (switched to toml format)
  • Added file tree icon for linux kernel images
  • Updated several dependencies and fixed deprecation warnings
• Bug Fixes:
  • File download suffix fix
  • Unicode data sanitization fix
  • Extractor connection retry fix
  • Preview syntax highlighting fix
  • Stats search links fix
  • CWE checker memory limit fix
  • Backend ulimit fix
  • Several additional smaller fixes

FACT_core v4.1.1

This is a bug fix release.

Changelog

• Backport of several bug fixes from 4.2-dev
  • fixed several installation bugs
  • fixed extractor connection / retry bugs
  • fixed YARA rule metadata parsing bugs
  • fixed file download bug
  • fixed bugs in "software_components" plugin
• Backport of Debian 12 support, other OS updates and CI changes

FACT_core v4.1

Changelog

• Major Performance Improvements: 🎉
  • Significantly sped up unpacking.
    • Reduced unpacking overhead which should result in a speedup especially for small files.
    • Unpacking can be several times faster for large firmware containers including many small files.
  • Significantly improved scaling of analysis scheduling.
    • Depending on the core count of the system and the selected plugins, the analysis can be several times quicker.
  • Significantly sped up firmware deletion (also used in "redo analysis").
    • ⚠️ A database migration with alembic is necessary (see instructions when starting FACT for the first time after an update).
• Analysis Plugin Changes:
  • Added new plugin "ipc_analyzer" for IPC (inter-process communication) analysis on ELF files.
  • Improved "information_leaks" plugin (less false negatives, added detection for SVN artifacts and improved summary)
  • Improved password cracking of the "users_and_passwords" plugin.
  • Improved "architecture_detection" plugin with new and more precise detection methods.
  • Improved resolution of version format strings in the "software_components" plugin.
  • Removed the "malware_scanner" (OMS) plugin.
• Comparison Changes:
  • Better text file comparison (significantly faster and can be reloaded now).
  • Added a feature for finding changed configuration files to the "file_coverage" plugin.
• Web GUI Changes:
  • "Update analysis" now supports changing metadata.
  • Added summaries for included files (in addition to firmware containers).
  • Summaries now load on demand (for faster page loading and less stress on the database).
  • Added live runtime stats for analysis plugins to the plugin "cards" on the "system health" page.
  • Added indicator to signify that unpacking is halted to the "system health" page.
  • Improved "advanced search" (now "not equal" operator and more examples).
  • Added search feature to the file tree on the analysis page.
  • New icons for the file tree which support many more MIME types.
• Backend Changes:
  • Changed how the configuration is propagated through FACT and added validation
    • ⚠️ Config handling in external plugins may need to be adjusted accordingly.
  • Added new config option to adjust the default number of workers for each analysis plugin.
  • Log files for backend, frontend and database can now be configured individually.
  • Added optional authentication option for Redis.
• Improved the documentation and fixed many bugs.

FACT_core v4.0.2

This is a bug fix release.

Changelog

Backport of several bug fixes from 4.1-dev

• fixed several DB migration bugs
• fixed several version parsing bugs
• fixed a bug that might cause a crash in the "kernel_config" plugin
• flask-restx/flask-wtf compatibility bug fix
• analysis scheduler shutdown bug fix
• "manage_users" test bug fix

FACT_core v4.0.1

This is a bug fix release.

Changelog

• fixed an issue with the newest version of werkzeug
• fixed an issue when the maximum unpacking depth is reached
• reduced false negatives in the information leaks plugin
• fixed issues with FACT_docker

FACT_core v4.0

⚠️ This Release introduces breaking changes to your installation without running a migration script.
We switched the analysis and comparison result database from MongoDB to PostgreSQL. For information on how to migrate from old MongoDB installations, please refer to https://fkie-cad.github.io/FACT_core/migration.html

Additional Changelog

• New dropdown menu for selecting the number of results on the database page.
• Added and improved software and crypto signatures.
• Added support for Ubuntu 22.04 Jammy Jellyfish.
• Bug fixes.

FACT_core v3.3.1

This is a bug fix release.

Changelog

• RuboCop installation fix (Ruby linter used by source_code_analysis plugin)

FACT_core v3.3

Changelog

• New or Improved Analysis
  • New plugin for finding and checking Linux kernel configurations.
  • New plugin for finding device trees.
  • New plugin for matching known software from the circ.lu hash library.
  • New plugin for detecting unintentionally leaked information in firmware.
  • New plugin for gathering hardware information.
  • The results of the cve_lookup plugin are now sorted by severity.
  • Added support for additional ISAs to the architecture detection plugin.
  • Added ruby and php linters to the source code analysis plugin.
• Improved loading of analysis tags.
• Added support for searching firmware tags to the "basic search".
• New Swagger documentation for all REST endpoints.
• Added software signatures.
• Added new feature to force single analysis and whole firmware analysis update (will be removed when scheduling problems are fixed).
• Changed "update analysis" to skip the unpacking step ("re-do analysis" still unpacks).
• Improved system monitoring page with live updates.
• Improved dependency graph page.
• New page for monitoring FACT logs.
• New page for browsing previous "binary search" queries.
• New hex preview for binary files on the analysis page.
• New text file diffing feature.
• Added support for Python virtual environments.
• Improved CLI user management script.
• Updated the web framework Flask to version 2.0
  • If you use FACT with authentication, it is necessary to run the script src/migrate_database.py to convert the old user database to the new format
• Improved documentation.
• Bug fixes, stability improvements and better error reporting.

FACT_core v3.2

Changelog

• New or Improved Analysis
  • New plugin to highlight most relevant uris, such as cloud endpoints.
  • Extended exploit mitigation detection.
  • Improved script language detection for source code analysis.
  • Added detection of encrypted private keys.
  • Added support for mosquitto password style.
  • Improved cwe_checker integration.
• Added graph mapping of dependencies between binaries and libraries in a firmware.
• Added fedora support and prepared for RHEL and Cent support.
• Added Mint 20 support.
• Warning: Removed support for python 3.5 and Ubuntu 16.04 as planned.
• Integrated sphinx documentation for library-like helperFunctions module.
• Statistics page now largely uses pie charts instead of bars.
• Added rest endpoint for statistics.
• Currently analyzed firmware now listed with a progress bar on system page.
• Structural changes regarding the "virtual file path" (Warning: Changes in custom plugins may be necessary).
• Failed analyses are now listed on the /admin/missing_analyses view.
• Started adding tooltips to statistics page.
• Added feeback modal to UI - with links to multiple feedback options.
• Removed legacy changes to local environment.
• Added multiple configuration options for better customization.
• Optimized performance and data storage.
• Bug fixes.

FACT_core v3.1.3

This is a bug fix release.

Changelog

• removed deprecated Python version from installation