Black-Box Unpacking
Our product uses an unpack engine with normalization for black-box unpacking of uploaded binaries. It is based off an open-source extraction tool that can identify and extract files from a wide range of binary formats without prior knowledge of their structure, automatically detecting known container types and unpacking their contents recursively. The supported formats are grouped into categories, including:- Archives: AR, ARC, ARJ, CAB, CPIO, DMG, RAR, 7ZIP, StuffIt, TAR, ZIP
- Compression: bzip2, UNIX compress (
.Z), gzip, LZ4, LZH, LZIP, LZMA, LZO, XZ, Zlib, Zstd - File Systems: Android sparse images, CRAMFS, Ext (ext2/3/4) file systems, FAT, ISO9660, JFFS2, NTFS, RomFS, SquashFS (v3 & v4, including big-endian variant), UBI, UBIFS, YAFFS (v1 & v2)
- Vendor-Specific Formats: Proprietary firmware or backup package formats from specific vendors, including HP (BDL, IPKG), Instar (HD, BNEG), QNAP NAS archives, D-Link (SHRS and other encrypted images), Engeniustech firmware, Netgear (TRX, CHK), and Xiaomi (HDR)
Static Binary Analysis
In addition to unpacking, the product provides static binary analysis with symbolic execution capabilities. This means it can inspect the internals of binary files, examining aspects such as file headers, embedded metadata, and structural patterns. After extraction, the static analysis engine can analyze the code and data within the binaries to derive useful insights about the file. The analysis engine is able to analyze the following components:- Architectures
- Firmware
- Embedded Linux
- Cryptographic Material
- Secrets
- Secure by Design
Processor architectures we support for static binary analysis:
- X86
- ARM32/64 (and variants)
- XTensa