Extracting the firmware

The Extractor is the central tool for unpacking the firmware. Among other things, it extracts the file system, the kernel and the boot loader and thus creates the basis for all further analyses, such as finding CVEs or creating an SBOM (Software Bill of Materials).

At the beginning of the project, Binwalk was used to extract firmware images. As the project progressed, however, it became apparent that Binwalk was unable to successfully extract many of the firmware images. This included, for example, numerous images from AVM, which made further analysis impossible. After evaluating and testing various alternative solutions, the decision was finally made in favour of the FACT-Extractor from the Fraunhofer Institute. Using the FACT-Extractor, almost all images can be successfully unpacked, with a few exceptions.

As several calls of the FACT-Extractor are usually required to successfully unpack all components, a corresponding wrapper script was developed, it is called recurse_extract.py. The script remembers the files that have already been unpacked and attempts to unpack new files after each execution of FACT-Extractor. As soon as no more new files are found, the script terminates, and the firmware is considered successfully unpacked.

For more information, please visit the FACT-Extractor on GitHub.