FACT_core v4.3.1

This is a bug fix release.

Changelog

• Backport of several bug fixes from 4.4-dev
  • most notably a fix for the installation problems caused be the deprecation of the pkg_resources module

Full Changelog: 4.3...v4.3.1

FACT_core v4.3

Changelog

• Features:
  • Web GUI:
    • Analysis page:
      • Added option to view the raw JSON analysis result
      • Permissions are shown in the file tree (where available)
      • Improved comment feature
      • Single file analyses will be shown directly when completed
      • Show a link to the actual file (if available) for symlinks
      • Added option to hide symlinks in the file tree
      • Added forward/back buttons to hex preview
    • Comparison:
      • Changed text files are shown as tree
      • Improved browsing page
    • Binary search: show matching strings
    • Advanced search: improved support for $contains operator
    • GraphQL search: search the database using GraphQL
    • Improved upload page
    • Added dark mode
    • Added option to cancel analyses
    • Improved system and plugin status page
    • New loading animation
  • Plugins:
    • known vulnerabilities:
      • Added check for vulnerable xz version
    • filesystem metadata:
      • added support for YAFFS filesystems
      • Show permissions (where possible)
    • software components:
      • Improved signatures of OpenSSH, dropbear and lighttpd
    • CVE lookup:
      • Added support for CVSS 4.0+ metrics
    • IP and URI finder:
      • Merged with "interesting URIs" plugin
      • Improved template
    • printable strings:
      • merged with string evaluator plugin
      • improved result visualization
    • users and passwords:
      • improved password cracking wordlist
  • Other:
    • Firmware import/export: analyses (extracted files and results) can now be exported and imported using the script firmware_import_export.py
    • Added delete endpoint to REST API
    • Extractor docker image can now be set in the configuration
• Performance/Efficiency Improvements:
  • Improved docker container mount efficiency of multiple analysis plugins
  • Improved code highlighting speed on analysis page
  • Optimized RAM usage of cve lookup plugin setup
  • Greatly improved firmware comparison performance
• Misc:
  • Removed search redirect in case of one result
  • Install nodejs dependencies in nodeenv
  • Updated installed PostgreSQL version to 17
  • Documentation fixes and improvements
  • Removed support for EoL distros Debian 11 and Ubuntu 20.04
  • Added support for Debian 13 and Python 13
  • Removed TLSH and "hardware analysis" plugins
  • Converted remaining analysis plugins to new base class and removed the old base class
  • Code refactoring
• Bug Fixes:
  • Fix for exception in CVE lookup result sorting
  • YARA installation fixes
  • Fix for redirect loop in case of user without roles
  • Text file preview fix for JSON/JS
  • Multiple fixes regarding error handling in analysis plugins
  • Several additional bug fixes

Full Changelog: 4.2...4.3

FACT_core v4.2

Changelog

• Features:
  • Web GUI:
    • System status page: per plugin progress
    • Revised advanced search page (better input, syntax check)
    • Clickable analysis tags (link to summary)
  • Plugins:
    • Users & passwords: improved password cracking wordlist
    • CVE lookup: switched to new CVE data source
    • CVE lookup: filter out busybox results for non-existing components
    • Info leaks: find credentials in URLs
  • Added support for Ubuntu 24.04 and Python 3.12
  • Retired support for Ubuntu 18.04 and Python 3.7
• Performance/Efficiency Improvements:
  • Optimized analysis/unpacking progress tracking
  • More efficient analysis runtime stats
  • Faster general stats
  • Faster analysis update
  • IPC analysis plugin: Ghidra optimizations
  • DB optimization for certain operations with indices
  • New analysis plugin base class
    • Migrated several plugins to the new base class (migrating all remaining plugins is an ongoing process)
  • Upload optimization (contributed by eclipsotic)
• Misc.:
  • Improved CLI logging
  • Improved configuration (switched to toml format)
  • Added file tree icon for linux kernel images
  • Updated several dependencies and fixed deprecation warnings
• Bug Fixes:
  • File download suffix fix
  • Unicode data sanitization fix
  • Extractor connection retry fix
  • Preview syntax highlighting fix
  • Stats search links fix
  • CWE checker memory limit fix
  • Backend ulimit fix
  • Several additional smaller fixes

FACT_core v4.1.1

This is a bug fix release.

Changelog

• Backport of several bug fixes from 4.2-dev
  • fixed several installation bugs
  • fixed extractor connection / retry bugs
  • fixed YARA rule metadata parsing bugs
  • fixed file download bug
  • fixed bugs in "software_components" plugin
• Backport of Debian 12 support, other OS updates and CI changes

FACT_core v4.1

Changelog

• Major Performance Improvements: 🎉
  • Significantly sped up unpacking.
    • Reduced unpacking overhead which should result in a speedup especially for small files.
    • Unpacking can be several times faster for large firmware containers including many small files.
  • Significantly improved scaling of analysis scheduling.
    • Depending on the core count of the system and the selected plugins, the analysis can be several times quicker.
  • Significantly sped up firmware deletion (also used in "redo analysis").
    • ⚠️ A database migration with alembic is necessary (see instructions when starting FACT for the first time after an update).
• Analysis Plugin Changes:
  • Added new plugin "ipc_analyzer" for IPC (inter-process communication) analysis on ELF files.
  • Improved "information_leaks" plugin (less false negatives, added detection for SVN artifacts and improved summary)
  • Improved password cracking of the "users_and_passwords" plugin.
  • Improved "architecture_detection" plugin with new and more precise detection methods.
  • Improved resolution of version format strings in the "software_components" plugin.
  • Removed the "malware_scanner" (OMS) plugin.
• Comparison Changes:
  • Better text file comparison (significantly faster and can be reloaded now).
  • Added a feature for finding changed configuration files to the "file_coverage" plugin.
• Web GUI Changes:
  • "Update analysis" now supports changing metadata.
  • Added summaries for included files (in addition to firmware containers).
  • Summaries now load on demand (for faster page loading and less stress on the database).
  • Added live runtime stats for analysis plugins to the plugin "cards" on the "system health" page.
  • Added indicator to signify that unpacking is halted to the "system health" page.
  • Improved "advanced search" (now "not equal" operator and more examples).
  • Added search feature to the file tree on the analysis page.
  • New icons for the file tree which support many more MIME types.
• Backend Changes:
  • Changed how the configuration is propagated through FACT and added validation
    • ⚠️ Config handling in external plugins may need to be adjusted accordingly.
  • Added new config option to adjust the default number of workers for each analysis plugin.
  • Log files for backend, frontend and database can now be configured individually.
  • Added optional authentication option for Redis.
• Improved the documentation and fixed many bugs.

FACT_core v4.0.2

This is a bug fix release.

Changelog

Backport of several bug fixes from 4.1-dev

• fixed several DB migration bugs
• fixed several version parsing bugs
• fixed a bug that might cause a crash in the "kernel_config" plugin
• flask-restx/flask-wtf compatibility bug fix
• analysis scheduler shutdown bug fix
• "manage_users" test bug fix

FACT_core v4.0.1

This is a bug fix release.

Changelog

• fixed an issue with the newest version of werkzeug
• fixed an issue when the maximum unpacking depth is reached
• reduced false negatives in the information leaks plugin
• fixed issues with FACT_docker

FACT_core v4.0

⚠️ This Release introduces breaking changes to your installation without running a migration script.
We switched the analysis and comparison result database from MongoDB to PostgreSQL. For information on how to migrate from old MongoDB installations, please refer to https://fkie-cad.github.io/FACT_core/migration.html

Additional Changelog

• New dropdown menu for selecting the number of results on the database page.
• Added and improved software and crypto signatures.
• Added support for Ubuntu 22.04 Jammy Jellyfish.
• Bug fixes.

FACT_core v3.3.1

This is a bug fix release.

Changelog

• RuboCop installation fix (Ruby linter used by source_code_analysis plugin)

FACT_core v3.3

Changelog

• New or Improved Analysis
  • New plugin for finding and checking Linux kernel configurations.
  • New plugin for finding device trees.
  • New plugin for matching known software from the circ.lu hash library.
  • New plugin for detecting unintentionally leaked information in firmware.
  • New plugin for gathering hardware information.
  • The results of the cve_lookup plugin are now sorted by severity.
  • Added support for additional ISAs to the architecture detection plugin.
  • Added ruby and php linters to the source code analysis plugin.
• Improved loading of analysis tags.
• Added support for searching firmware tags to the "basic search".
• New Swagger documentation for all REST endpoints.
• Added software signatures.
• Added new feature to force single analysis and whole firmware analysis update (will be removed when scheduling problems are fixed).
• Changed "update analysis" to skip the unpacking step ("re-do analysis" still unpacks).
• Improved system monitoring page with live updates.
• Improved dependency graph page.
• New page for monitoring FACT logs.
• New page for browsing previous "binary search" queries.
• New hex preview for binary files on the analysis page.
• New text file diffing feature.
• Added support for Python virtual environments.
• Improved CLI user management script.
• Updated the web framework Flask to version 2.0
  • If you use FACT with authentication, it is necessary to run the script src/migrate_database.py to convert the old user database to the new format
• Improved documentation.
• Bug fixes, stability improvements and better error reporting.