What is OFRAK?

OFRAK (Open Firmware Reverse Analysis Konsole) is a binary analysis and modification platform developed by Red Balloon Security. OFRAK combines the ability to:

• Identify and Unpack many binary formats
• Analyze unpacked binaries with field-tested reverse engineering tools
• Modify and Repack binaries with powerful patching strategies

OFRAK supports a range of embedded firmware file formats beyond userspace executables, including:

• Compressed filesystems
• Compressed & checksummed firmware
• Bootloaders
• RTOS/OS kernels

OFRAK equips users with:

• A Graphical User Interface (GUI) for interactive exploration and visualization of firmware images
• A Python API for readable and reproducible scripts that can be applied to entire classes of binaries, rather than just one specific binary
• Recursive identification, unpacking, and repacking of many file formats, from ELF executables, to filesystem archives, to compressed and checksummed data
• Built-in, extensible integration with powerful analysis backends (angr, Binary Ninja, Ghidra, IDA Pro)
• Extensibility by design via a common interface to easily write additional OFRAK components and add support for a new file format or binary patching operation

How to Use OFRAK

The source code for the community version of OFRAK is a available in our GitHub repository. This version comes with an OFRAK Community License and is intended for educational uses, personal development, or just having fun.

Users interested in using OFRAK for commercial purposes can request the Pro License. See our license page for more information.

News & Resources

Presentations

OFRAK was featured in a WIRED article here.

OFRAK was presented at SummerCon 2022. The presentation is available here.

Community

Connect with us on ofrak.slack.com!