☆ Star us on GitHub

Unpack

Analyze

Modify

Repack

OFRAK is a binary analysis and modification platform that combines the ability to unpack, analyze, modify, and repack binaries.

Explore in the GUI, then automate with the API.

Get Started Read Docs

First-class Support for Embedded Firmware

OFRAK (Open Firmware Reverse Analysis Konsole) supports a wide variety of binaries, including: userspace executables, embedded filesystems, compressed and checksummed firmware, bootloaders, RTOS/OS kernels, and everything in between.

With OFRAK, you can automatically recognize and unpack an ELF buried within an GZIP-compressed CPIO filesystem inside of an ISO, modify the ELF, and then repack the entire tree.

OFRAK GUI Resouce Tree

Python API

Write readable and reproducible scripts that analyze and modify entire classes of binaries, rather than just one specific binary. 

# Identify & Unpack
from ofrak import OFRAK
from ofrak_components.elf.model import Elf

ofrak = OFRAK()
context = await ofrak.create_ofrak_context()
resource = await context.create_root_resource_from_file("hello_world")
await resource.identify()
assert resource.has_tag(Elf)
await resource.unpack()

Binary Visualizations

Zoom in on details from a bird's eye view with the OFRAK Graphical User Interface (GUI).

OFRAK GUI Screenshot

Powerful Analysis Backends

Write your business logic once, and use it with any of the supported backends.

angr logo Ghidra logo Binary Ninja logo Captsone logo IDA logo 
              import ofrak_binary_ninja
import ofrak_ghidra

# Swap backends easily!
ofrak.discover(ofrak_ghidra)
# ofrak.discover(ofrak_binary_ninja)

# [ ... ]

main_function = await program.get_function_complex_block("main")

Extensibility by Design

Use common component interfaces to easily add support for a new file format or binary patching operation. 

              class SquashfsUnpacker(Unpacker[None]):
    """Unpack a SquashFS filesystem."""
  ​
    targets = (SquashfsFilesystem,)
    children = (File, Folder, SpecialFileType)
  ​
    async def unpack(self, resource: ResourceInterface, config=None):
        with tempfile.NamedTemporaryFile() as temp_file:
            resource_data = await resource.get_data()
            temp_file.write(resource_data)
            temp_file.flush()

            with tempfile.TemporaryDirectory() as temp_flush_dir:
                command = [
                    "unsquashfs",
                    "-no-exit-code",  # Don't return failure status code on warnings
                    "-force",  # Overwrite files that already exist
                    "-dest",
                    temp_flush_dir,
                    temp_file.name,
                ]
                await unpack_with_command(command)

                squashfs_view = await resource.view_as(SquashfsFilesystem)
                await squashfs_view.initialize_from_disk(temp_flush_dir)

Start using OFRAK today

Get Started Join Mailing List Join the Slack