# OFRAK Tutorial

The Open Firmware Reverse Analysis Konsole (OFRAK) is a modular framework that allows users to programmatically analyze, reverse engineer, and modify binaries.

## Tutorial overview

The goal of this tutorial is to help you understand how OFRAK works and how to use it, while interactively showcasing some of its main features.

No prior knowledge of OFRAK is required. Basic Python and reverse-engineering knowledge will help.

This tutorial is organized in a number of lessons. It's recommended to go through them in order, as lessons gradually build on top of each other, from the simplest examples to advanced capabilities of OFRAK.

From any lesson, you can navigate to the next one using the "Next page" link at the bottom of the page.

You don't need to change any code for the examples to work, but you do need to run all Python cells in order to see their outputs.

Below are the objectives for each lesson. The OFRAK-specific vocabulary will be introduced as needed.

- [Lesson 1: Simple string modification](1_simple_string_modification.ipynb) âˆ’ manipulate the data of a resource; run a modifier; flush a modified resource to disk
- [Lesson 2: A closer look into OFRAK unpacking and the resource tree](2_ofrak_internals.ipynb) âˆ’ unpack a resource; learn about OFRAK components; learn about auto-analysis, tags, and the resource tree; filter the resource tree
- [Lesson 3: Binary format modification](3_binary_format_modification.ipynb) âˆ’ learn about resource views; find specific children in a resource tree and modify them; manipulate ELF program headers
- [Lesson 4: In-place instruction rewriting](4_simple_code_modification.ipynb) âˆ’ use OFRAK's Ghidra backend; use more filtering capabilities to find specific complex blocks and instructions; assemble an instruction using Keystone; rewrite an instruction in-place
- [Lesson 5: Filesystem modification](5_filesystem_modification.ipynb) âˆ’ learn about OFRAK's filesystem unpacking and modification capabilities; modify a binary from within a filesystem and the filesystem itself
- [Lesson 6: Code extension by adding a new segment in the ELF](6_code_insertion_with_extension.ipynb) âˆ’ add a new segment in an ELF; use the OFRAK PatchMaker to convert a C patch into a binary patch, including a linking step

## Setup

For this tutorial, we need a binary. Let's create one here from a simple C program:

In [1]:
import os

os.chdir("/tmp")

c_program = r"""
#include <stdio.h>
int main() {
   printf("Hello, World!\n");
   return 0;
}
"""

with open("hello_world.c", "w") as f:
    f.write(c_program)

In [2]:
%%bash

gcc -no-pie -o hello_world hello_world.c

./hello_world

Hello, World!


We're ready for analysis and modification now!

We begin to use OFRAK by importing it and initializing the object that will load our binary.

In [3]:
import logging
from ofrak import OFRAK

ofrak = OFRAK()


Using OFRAK Community License.



Now that all of the components are loaded, we can create an OFRAK context. The OFRAK context is what lets different OFRAK scripts use the same database of analyzed data. The context is also what we will use to load in the initial firmware binary.

Note that we use the `await` python keyword when creating the context. OFRAK includes many asynchronous functions that take advantage of the [Python event loop](https://docs.python.org/3/library/asyncio-eventloop.html).

In [4]:
basic_context = await ofrak.create_ofrak_context()

It is now time to load our root resource. Resources are the core unit on which OFRAK operates. Resources can have children. For example, a resource representing a directory would have one child for each file in the directory. This parent-child relationship forms a structure informally referred to as the resource tree.

A root resource is the parent resource of all other resources in the tree. Usually it is loaded as a file from disk.

In [5]:
root_resource = await basic_context.create_root_resource_from_file("hello_world")

Before we go into into the details of the resource tree and OFRAK's unpacking capabilities, we can already perform our first task: let's replace "Hello, World!" with something a bit more fun and furry ðŸ˜¼. Meow!

[Next page](1_simple_string_modification.ipynb)