OFRAK (Open Firmware Reverse Analysis Konsole) is a binary analysis and modification platform that combines the ability to unpack, analyze, modify, and repack binaries.

OFRAK combines the ability to:

• Identify and Unpack many binary formats
• Analyze unpacked binaries with field-tested reverse engineering tools
• Modify and Repack binaries with powerful patching strategies

OFRAK supports a range of embedded firmware file formats beyond userspace executables, including:

• Compressed filesystems
• Compressed & checksummed firmware
• Bootloaders
• RTOS/OS kernels

OFRAK equips users with:

• A Graphical User Interface (GUI) for interactive exploration and visualization of binaries
• A Python API for readable and reproducible scripts that can be applied to entire classes of binaries, rather than just one specific binary
• Recursive identification, unpacking, and repacking of many file formats, from ELF executables, to filesystem archives, to compressed and checksummed firmware formats
• Built-in, extensible integration with powerful analysis backends (angr, Binary Ninja, Ghidra, IDA Pro)
• Extensibility by design via a common interface to easily write additional OFRAK components and add support for a new file format or binary patching operation

See ofrak.com for more details.

OFRAK
└───ofrak  <-- //YOU ARE HERE//
│   └───component   // Definitions for abstract Component classes (e.g. Analyzer)
│   └───core        // Definitions for standard OFRAK components (plus related tags, views, etc.)
│   └───model       // Definitions for core OFRAK data structures
│   └───service     // Definitions for core OFRAK services
│   
└───ofrak_type
└───ofrak_io
└───ofrak_patch_maker
└───ofrak_tutorial

This is the package containing the core of the OFRAK framework. Install this first to get started with OFRAK!

• Definitions for core OFRAK data structures and services, such as Resource, OFRAKContext, and DataService.
• Components to handle unpacking, modifying, and repacking common executable file formats:
  • ELF
  • PE Files
• Definitions for common software and reverse engineering abstractions like Instruction, File, and BasicBlock

OFRAK core includes support for many file formats:

Compression/Archive Formats:

• 7z
• bzip2
• CPIO
• gzip
• LZMA/XZ
• LZO
• RAR
• tar
• zip
• zlib
• zstd (Zstandard)

Filesystem Formats:

• ext2/3/4 (Linux Extended Filesystem)
• ISO 9660
• JFFS2 (Journalling Flash File System v2)
• squashfs
• UBI (Unsorted Block Images)
• UBIFS (Unsorted Block Image File System)

Firmware & Embedded Formats:

• DTB (Device Tree Blob)
• Flash images (with OOB data support)
• Intel HEX
• OpenWrt TRX
• UF2 (USB Flashing Format)
• UEFI (Unified Extensible Firmware Interface)
• UImage

Application Formats:

• APK (Android Package)
• Java Archives (JAR)

• MagicAnalyzer and Identifier components using python-libmagic to automatically tag OFRAK Resources
• Basic modifiers:
  • StringFindReplaceModifier and StringPatchingModifier for string modifications
  • BinaryInjectorModifier for binary patching
• Analysis tools:
  • Sha256Analyzer and Md5Analyzer for checksum calculation
  • StringsAnalyzer wrapping the strings utility
  • BinwalkAnalyzer wrapping binwalk
  • Shannon entropy calculation for binary data
• RunScriptModifier for running custom scripts on resources

This is only a representative sampling of the features in the core OFRAK. Consult the code reference docs for a complete manifest.

This package maintains 100% test coverage of functions.

The code in this repository comes with an OFRAK Community License, which is intended for educational uses, personal development, or just having fun.

Users interested in using OFRAK for commercial purposes can request the Pro or Enterprise License. See OFRAK Licensing for more information.

OFRAK has general documentation and API documentation, which can be viewed at https://ofrak.com/docs.