search

binarly-io / fwhunt-scan

Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules
GNU General Public License v3.0
212 stars 30 forks source link

Error : mapping values are not allowed here #54

Closed jackson-chang-twn closed 1 year ago

jackson-chang-twn commented 1 year ago

Hi everyone, in the output after execution, "mapping values ​​are not allowed here", how to solve these errors? This is the first time I use this software, did I overlook something? Please help, grateful!

> # python3 fwhunt_scan_analyzer.py scan --rule rules/BRLY-2021-043.yml test/fw.BIN
> 
> Error: ScannerError(None, None, 'mapping values are not allowed here', <yaml.error.Mark object at 0x7f32a7fa75b0>)
> Scanner result None (variant: default) FwHunt rule has been triggered and threat detected! (test/fw.BIN)
jackson-chang-twn commented 1 year ago

Found the answer: The yaml format is wrong, just fix it.

yeggor commented 1 year ago

Hi. The rule BRLY-2021-043 provided by Binarly has the correct yaml format. It works for me without issues. I assume you made changes before using this rule.

Also, it should be noted that you are not running fwhunt correctly. You are trying to analyze the firmware, and the rule is written to detect a separate SMM module from the firmware. Therefore, you should run with the scan-firmware command instead of scan.

Example:

$ python3 fwhunt_scan_analyzer.py scan-firmware --rule rules/BRLY-2021-043.yml test/1.bin

Scanner result BRLY-2021-043 (variant: default) No threat detected (UsbRt)