search

fkie-cad / FACT_core

Firmware Analysis and Comparison Tool
https://fkie-cad.github.io/FACT_core
GNU General Public License v3.0
1.22k stars 224 forks source link

VxWorks analysis shows two versions #1159

Closed paulrichardo closed 10 months ago

paulrichardo commented 11 months ago

The FACT version you are using

6cb9354d6ea5160bc56374485db42608ac1b4424

Your question

Hello, I'm analyzing this firmware: Schneider Electric BMX EthernetNet/IP Network Module - BMX NOC 0401 1.2

Can be downloaded from: https://www.se.com/ca/en/product/BMXNOC0401/network-module-modicon-m340-ethernet-ip-and-modbus-tcp-4-x-rj45/

Unfortunately, no direct link. Click "See all software & firmware" in the "Latest Firmware" section. -> "Show Previous Versions" Filename: NOC0401_v102.zip

When Analyzing this file it shows two versions of VxWorks ['6.4', '5.5']: image

File path: image

How come there are two versions?

dorpvom commented 11 months ago

Hi paulrichardo,

I found that VxWorks is prone to contain multiple references to conflicting versions. I'll have a look at your sample and see if I can find which one is correct. Rule of thumb though is that it's nearly always the more current version, and only some legacy code of an older version is also included.

dorpvom commented 11 months ago

Yea. The 5.5 comes from a string " Cmd: it is not possible to use pipe while the shell is configured to be VxWorks 5.5 compatible." So version 6.4 is the correct one. I'll look to find a way to remove such false positives in the future.

paulrichardo commented 10 months ago

Thank you.