FACT is an automated firmware analysis and comparison tool that enables deep inspection, visualization, and vulnerability assessment of firmware components through a unified web interface and API.
Firmware Analysis and Comparison Tool
FACT is primarily used by security researchers, firmware analysts, and forensic investigators to identify functionality, components, and potential security weaknesses in black box firmware. It automates manual firmware analysis tasks, providing browsable, searchable, and comparable results to streamline vulnerability discovery and forensic investigations.
FACT is maintained as a research prototype but includes production-level features and thorough testing. It benefits greatly from multi-core and high-memory systems due to its multiprocess design. Users should allocate ample disk space for unpacked firmware and results. Installation is limited to recent stable Linux distributions, and older versions may not be supported.
Ensure system meets minimal requirements: 4 cores, 8 GB RAM, 10 GB disk space
Preferably use recommended specs: 16 cores, 64 GB RAM, 10+ GB disk space
Install on supported Linux distributions: Debian 12, Ubuntu 22.04/24.04, Linux Mint 21/22, Kali (experimental)
Clone the repository from GitHub
Run the provided installer script or follow the setup instructions in the documentation
Allocate sufficient disk space for unpacked files and analysis results, possibly on a separate partition
Start the FACT web interface locally or share it over the networkfact-cli analyze <firmware-file>
Analyze a firmware sample to generate unpacking and vulnerability reports
fact-cli serve
Start the FACT web interface server locally for interactive analysis
curl http://localhost:8080/api/swagger-ui/
Access the integrated SwaggerUI to explore and interact with the REST-like API