A mapper collection for firmware analysis
Project description
Pyrrha: A mapper collection for firmware analysis
Pyrrha is a filesystem cartography and correlation software focusing on visualization. It currently focuses on the relationship between executable files but aims at enabling anyone to map and visualize any relationship types. It uses the open-source code source explorer NumbatUI to provide users with an easy way to navigate through and search for path to function.
An example of the symbols and libraries imported by libgcc_s.so.1 and of the symbols which reference this library.
An example of the symlinks which point on busybox.
Installation
The installation is done in three parts:
- Install mapper external dependencies: IDA dissassembler (with the decompilation option for the
exe-decompmapper) andQuokkaIDA plugin. - Install
Pyrrhaitself. - Install
NumbatUI(orSourcetrail) to be able to visualize Pyrrha's results.
[!NOTE] A quick start installation is available on Pyrrha documentation.
Usage
The usage workflow is composed of two steps which allow you to separate DB creation and result visualization.
- Run Pyrrha to obtain NumbatUI compatible files (
*.srctrlprjfor the project file and*.srctrldbfor the DB file). With the python package, you can just launch the commandpyrrha. - Visualize your results with Sourcetrail/NumbatUI.
[!NOTE] The detailed documentation of each mapper is available in the documentation.
Publications
Pyrrha presentations, including live demos:
-
Pyrrha & Friends: Diving into Firmware Cartography, Eloïse Brocas & Robin Davis, SSTIC, Rennes, France, 2025. [slides] [video]
-
Pyrrha: navigate easily into your system binaries, Eloïse Brocas, Hack.lu, Luxembourg, 2023. [slides] [video]
-
Map your Firmware!, Eloïse Brocas, Pass The SALT, Lille, France, 2023. [slides] [video]
Theory behind implementations
- Streamlining Firmware Analysis with Inter-Image Call Graphs and Decompilation, Robin David, RE//verse.io, USA, 2025. [slides] [video]
Authors
- Eloïse Brocas (@ebrocas), Quarkslab
- Robin David (@RobinDavid), Quarkslab
Past Contributors
- Pascal Wu (@pwu42), during his internship at Quarkslab
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pyrrha_mapper-1.0.1.tar.gz.
File metadata
- Download URL: pyrrha_mapper-1.0.1.tar.gz
- Upload date:
- Size: 446.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ca46b6dea3e4083d102cc9d2a18414a3298d5a3486219af54b0bc762b6d0b6dc
|
|
| MD5 |
321479be3a26f27c4419505058b4ac86
|
|
| BLAKE2b-256 |
e6ae1b8d09611680473fc9d62b435cf6eb330e43c78b982277bb8542343ed8b0
|
File details
Details for the file pyrrha_mapper-1.0.1-py3-none-any.whl.
File metadata
- Download URL: pyrrha_mapper-1.0.1-py3-none-any.whl
- Upload date:
- Size: 46.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
afd90cee25e046ef544df5bdc3bb3f27a2826bd73724ab42f26d881851f7d220
|
|
| MD5 |
6cc2300c88b0aca8efbe07b742648c9e
|
|
| BLAKE2b-256 |
1b318c3386480d2b96ad823c324bbf88450dc7b973952595dfdf1655376badf1
|
