Clear-text password in script

[alessandroZelli]

Both fat.py and reset.py require us to set a clear text password in the source code. Is there a workaround for that?

[extremecoders-re]

Ideally, this tool should be run in a Virtual Machine so that specifying the password is not an issue. If not you can use an older version which asks for the password every-time rather than automating it.

https://github.com/attify/firmware-analysis-toolkit/tree/dc64ccfeba8c549cd78c67c806472f956f221720

[alessandroZelli]

Ok, will do that. I'll try to come up with a secure way to run it on a main OS as soon as I have some time.

Is the required password a "sudoer" password or the proper root password? In the former case it should be possible to run the firmware analysis toolkit with a dedicated account.

[extremecoders-re]

The sudoers password.

However the reason for recommending a VM is not just this. During emulation the script will set up a TAP interface for the emulated firmware image. So it does happen sometime that due to some error or otherwise this interface is not removed after emulation is done. In that case you'll be left to manually cleanup and the networking of your main OS may be affected. Hence its better to use a VM.