Firmware Boot Camp (Project Group)

Embedded devices are widely used in our daily life and there will be many more in the future. However, it is quite easy to manipulate these devices in many cases causing major threats for users and the entire Internet. E.g.: The Mirai Botnet infected millions of home routers and other devices. It used these devices to launch the biggest DDoS attack ever measured (until than) against a undefinedpopular security blog.

The Firmware Bootcamp teaches the analysis and exploitation of Firmware. It consists of two phases:

  1. Crash Course: In a one week crash course, the students get to know general principles of firmware analysis and exploitation. This includes many "hand ons" and real life examples.
  2. Lab Project: Afterwards the students each get a practical task such as implementing new plug-ins or improve existing plug-ins of the undefinedFirmware Analysis and Comparison Tool (FACT). The resulting work is intended to be published on GitHub as open source software that can be used by firmware security analysts all over the world.

FACT is an open source project intended to automate and simplify firmware analysis such that much more researchers can contribute to a higher security standard for embedded devices. It is part of Fraunhofer FKIE's research efforts and an actively maintained project.

Required Skills

Skills in Python3 and basic knowledge of the Linux command line are mandatory.

Organizational Stuff

The Firmware Boot Camp is a block course during the winter vacation. It is held at Fraunhofer FKIE, undefinedZanderstraße 5, 53177 Bonn.


If you have any questions on this course, please contact