Pyrrha & Friends: Diving into Firmware Cartography — Eloïse Brocas, Robin David
Date : 04 juin 2025 à 16:30 — 15 min.
Firmware are complex and structured files containing one or multiple OSes for the various sub-components of a device. Analyzing them implies digging into thousands of files, various hardware and software components interacting with each other where one can easily get lost in the amount of data. From a security perspective, understanding the system and identifying flaws is truly like finding a needle in the haystack. Except proprietary solution very few tooling aim at doing cartography and simplifying such analyses.
This talk will introduce how we have combined, extended and created open-source solutions to solve this issue and help reversers in their daily tasks. The main tool of the resulting ecosystem, Pyrrha, allows users to visualize the different binaries and libraries of a firmware, their interactions and their internal structure in the form of several dependency graph databases. These latter can easily be visualized, explored and queried.
Pyrrha proposes three mappers, ie. three cartography analyses, which correspond to three detail levels. The first one enables visualizing binary files import/exports relationships to understand the global links between these files. Then, the second mapper computes the global call graph of the firmware by connecting every binaries call graphs. Finally, we provide a last mapper which displays the decompiled code of a binary and maps its call graph on top.