FirmTalks

Unpack, analyze, and discuss firmware security. Firmtalks detects malware in hierarchical firmware structures while fostering collaborative, topic-driven discussions to safeguard embedded systems

Comment

Inspiration

FirmTalks was created to bridge the gap between automated firmware security analysis and collaborative human expertise. With IoT vulnerabilities rising, we envisioned a unified platform that combines deep firmware inspection, AI-powered threat detection, and community-driven discussions to secure embedded systems.

What it does

  • Firmware Analysis: Unpacks firmware binaries into hierarchical directories using Binwalk (Python/Flask backend).
  • Malware Detection:
    • Scans files with VirusTotal API for known threats.
    • Uses a custom AI model to detect suspicious patterns (e.g., anomalous code behavior).
  • Discussion Platform: A MERN stack (MongoDB, Express, React, Node.js) forum with WebSocket-based real-time communication for instant collaboration and updates.

How we built it

  • Backend:
    • Python/Flask server for firmware upload, Binwalk unpacking, and directory structure generation.
    • Integrated VirusTotal API for signature-based malware detection.
    • Trained an AI model using Scikit-learn on firmware malware datasets for anomaly detection.
  • Frontend:
    • MERN stack for the discussion platform: React for dynamic UI, Node.js/Express for REST APIs, MongoDB for storing threads/comments.
    • Socket.io for real-time messaging, notifications, and live updates in discussions.
    • Unified dashboard to view analysis reports and participate in discussions.

Challenges we ran into

  • Syncing Python/Flask (firmware analysis) with MERN (discussions) into a seamless user experience.
  • Optimizing Binwalk for large firmware files without overwhelming the Flask server.
  • VirusTotal API rate limits delaying scan results during peak usage.
  • Implementing low-latency WebSocket communication for real-time discussions while handling high concurrent user loads.
  • Balancing the AI model’s accuracy (low false positives) with performance in real-time analysis.

Accomplishments that we're proud of

  • Successfully merged static analysis (Binwalk), cloud APIs (VirusTotal), and AI detection into a single pipeline.
  • Built a responsive MERN discussion platform with real-time WebSocket updates, Markdown Support, User Profile & Statistics, and secure authentication.

What we learned

  • Hybrid analysis (static + AI + crowdsourced insights) outperforms single-method approaches.
  • WebSocket integration requires careful state management to avoid UI/data sync issues.
  • Community engagement thrives when technical workflows (e.g., sharing analysis reports) are integrated into real-time discussions.

What's next for FirmTalks

  • Enhance the AI model with graph-based anomaly detection for firmware dependency graphs.
  • Add automated CVE matching for unpacked libraries/components.
  • Scale WebSocket infrastructure to support large-scale user interactions.
  • Implement live firmware emulation for dynamic analysis.
  • Expand the MERN platform with code snippet sharing and GitHub integration.
Share this project:

Updates