Open source fingerprinting¶
karta_identifier.py script identifies the existence of supported open source projects inside the given binary, and aims to fingerprint the exact version of each located library.
Once your binary was loaded to IDA, simply load the script
karta_identifier.py, and it will output the results to the output window and to an output file.
Here is an example output after running the script on an HP OfficeJet firmware:
Karta Identifier - printer_firmware.bin: ======================================== Identified Open Sources: ------------------------ libpng: 1.2.29 zlib: 1.2.3 OpenSSL: 1.0.1j gSOAP: 2.7 mDNSResponder: unknown Identified Closed Sources: -------------------------- Treck: unknown Missing Open Sources: --------------------- OpenSSH: Was not found net-snmp: Was not found libxml2: Was not found libtiff: Was not found MAC-Telnet: Was not found Final Note - Karta ------------------ If you encountered any bug, or wanted to add a new extension / feature, don't hesitate to contact us on GitHub: https://github.com/CheckPointSW/Karta
As can be seen, the output includes 3 parts:
- List of identified open source libraries, with their version if identified or “unknown” if failed to identify it
- List of identified closed source libraries
- List of missing open source libraries, so that you will know what libraries are supported by the identifier at the moment
Sometimes we would like to feed Karta with some knowledge we already acquired about the matched open source. When Karta locates a library, but fails to identify it’s exact version, we can manually tell it the version so the matcher could match it. For example, in the above example we could manually configure the version for the “mDNSResponder” library which we located, but failed to identify.
User defined library versions can be declared by running the
karta_manual_identifier.py in the command line, using the following arguments:
C:\Users\user\Documents\Karta\src>python karta_manual_identifier.py --help usage: karta_manual_identifier.py [-h] [-D] bin Enables the user to manually identify the versions of located but unknown libraries, later to be used by Karta's Matcher. positional arguments: bin path to the disassembler's database for the wanted binary optional arguments: -h, --help show this help message and exit -D, --debug set logging level to logging.DEBUG
The script will store the configurations in a
*_knowledge.json file near the disassembler’s database file.
Note: After we manually identify the version of a previously located but unknown library, future calls to the identifier plugin will use our supplied version automatically.