A mapper collection for firmware analysis
Project description
Pyrrha: A mapper collection for firmware analysis
Pyrrha is a filesystem cartography and correlation software focusing on visualization. It currently focuses on the relationship between executable files but aims at enabling anyone to map and visualize any relationship types. It uses the open-source code source explorer Sourcetrail to provide users with an easy way to navigate through and search for path to function.
An example of the symbols and libraries imported by libgcc_s.so.1 and of the symbols which reference this library.
An example of the symlinks which point on busybox.
Installation
The installation is done in two parts:
- Installing
Pyrrhaas a Python module (pip install pyrrha-mapper) or using its Docker image. - Installing
Sourcetrailto be able to visualize Pyrrha's results. You can use its last release and its documentation.
Usage
The usage workflow is composed of two steps which allow you to separate DB creation and result visualization.
- Run Pyrrha to obtain Sourcetrail compatible files (
*.srctrlprjfor the project file and*.srctrldbfor the DB file). With the python package, you can just launch the command:
or with the Docker$ pyrrha Usage: pyrrha [OPTIONS] COMMAND [ARGS]... Mapper collection for firmware analysis. Options: -h, --help Show this message and exit. Commands: fs Map PE and ELF files of a filesystem into a sourcetrail-compatible db.$ docker run --rm -t -v $PWD:/tmp/pyrrha ghcr.io/quarkslab/pyrrha:latest [OPTIONS] COMMAND [ARGS]... - Visualize your results with Sourcetrail
$ sourcetrail PROJECT_NAME.srctrlprj
The detailed documentation of each mapper is available in the documentation.
Publications
Pyrrha has been presented at two conferences listed below. These talks include live demo of the fs parser which map links between libraries and executables files.
- [Pyrrha: navigate easily into your system binaries, Hack.lu'23. [slides] [video]
- Map your Firmware!, PTS'23. [slides] [video]
Authors
- Eloïse Brocas (@ebrocas), Quarkslab
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pyrrha-mapper-0.4.2.tar.gz.
File metadata
- Download URL: pyrrha-mapper-0.4.2.tar.gz
- Upload date:
- Size: 459.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0c0cd0250aebe079ae506b270215ae62cce983b2862e0b961d148e161e90e9f1 |
|
| MD5 | d368bcdb24ee42f21a9aa10c04178ae6 |
|
| BLAKE2b-256 | b203ec4161f7c5550dff33649ecf0d80ede1ccfd42998ceb676df9cd03527164 |
File details
Details for the file pyrrha_mapper-0.4.2-py3-none-any.whl.
File metadata
- Download URL: pyrrha_mapper-0.4.2-py3-none-any.whl
- Upload date:
- Size: 14.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | add206587080dcedb75ce3445417123794e27dc15809d50b09f2fb5fecd0dd77 |
|
| MD5 | 0514802da7e9a5a12b406edb5be2a4cc |
|
| BLAKE2b-256 | 2555e8c1bcc0f3786a6bd9aac78d219613deadc298e90ac827087e5f5af24756 |
