Skip to content

Check the results

Once an analysis is completed, you can enter Analysis view and check the results. To do so, click on a firmware name in the Latest uploads section of your dashboard.

Select firmware

Here you can check:

Info

The results displayed in Analysis view are only for the selected firmware. If you want to see the analysis results for all your uploaded firmware, see Global results.

Analysis overview

The default landing page is Analysis Overview, which displays the analysis results and ranks the security risks from informational to critical.

Analysis Overview

Select a severity category to view all issues/CVEs in it.

CVEs

Common Vulnerabilities and Exposures (CVEs) are publicly disclosed security vulnerabilities. You can check our findings in your firmware on the CVEs page.

Click on a CVE for more details:

CVE details

Use the links in the References section to learn more about an exploit.

Info

The ONEKEY platform uses automated impact assessment and can decide whether a CVE is relevant for a specific firmware or not. To use this feature, make sure the Show only confirmed matching CVEs checkbox is selected. To view all CVE findings, deselect this checkbox. See CVE matching to learn more.

The CVE identifiers are assigned according to the NIST NVD (National Vulnerability Database).

Issues

On the Issues page, you can check the found security issues categorized by type and severity. Next to each category, you can see the number of identified security risks.

Security issues

Click on a category to view all issues in it. Each issue has:

  • a severity score,
  • a confidence score,
  • a short description,
  • and the corresponding file path.

Click on an issue for more details, such as fingerprints or the specific line where the issue was found:

Analysis view – Issue details

Use the Previous and Next buttons to quickly switch between issues.

Note

The details shown vary depending on the issue type. Other issue types display different information, such as the source code.

To learn more about issue types, see Security issues.

Components

See the software and 3rd party open-source components that make up your firmware.

Select a component to open the Component details popup. Here you can see,

  • some basic information about the component (Overview tab),
  • the files it contains (Files tab),
  • the CVEs found (CVEs tab),
  • and a list of items that indicate the methods and sources used in identifying the selected component (Evidences tab).

Components tab

Info

Regardless of whether an SBOM file is included with your firmware image, ONEKEY will extract the components. The resulting list is a combination of the SBOM contents and the analysis results.

You can jump directly to the files for a specific component by clicking Go to files.

For more information about the Components page, for example component editing, see SBOM management

Files

On the Files page, you can browse the file system of the selected firmware. Click on a folder to expand it. Click on a file to display its properties and content:

Analysis view – File details

In the left sidebar of the popup, you can see menus for context-specific information that only applies to the selected file. Click on a menu item to see more details. For ELF files, for example, you will see the ELF info menu. Click here to see details such as Compile Time Mitigation or Symbols:

Analysis view – File details - Elf details

If a file contains artifacts such as certificates or passwords, click on Artifacts to find out more. If we have found issues or CVEs in the file, these too will be listed in the corresponding menu items.

You can view a visualization of the directory structure by selecting the Folder structure tab.

Tip

In the File details popup, you can download a file by clicking Download file at the bottom of the Overview page.

In table view, click on to download a file.

Folders cannot be downloaded.

Folder structure visualization

This function provides an overview of the folder structure with the ability to zoom in the interesting parts and highlight detected software components.

Click on a folder (a turquoise rectangle in the visualization) to see its content.

Click on a file (a dark blue rectangle) to open the File details popup.

To go back to a previous folder click the folder's name at the top.

Folder structure visualization

Colors and their meaning

Dark blue: files
Turquoise: folders

You can filter the results based on components and files using the dropdown or the search bar under it:

Folder structure visualization filter

Folder structure visualization component

Colors and their meaning

Orange: the item/component you filtered for.
Brown: folders the selected item is located in. As a guideline, the closer a folder is to the item the darker the color gets.
Black: folders/files not related to the search.
Light gray: folders not containing the selected component/file.

To find Folder structure visualization:

  1. Select a firmware to enter Analysis view.
  2. Go to the Files page.
  3. Select the Folder structure tab.

Binary code visualization

See the symbols, chunks, and unknown blocks that make up an executable file.

Click on a code block to see its content and learn more.

For unknown blocks, the redder the code block, the higher the entropy.

Binary code visualization

List of terms
  • Offset: position of the symbol in a binary.
  • Function: contains a named executable code fragment.
  • Variable: contains data, for example text.
  • Exported: other binaries can use this symbol.
  • Imported: the block uses symbols of other binaries.
  • Static: not dependent on an external runtime.

To find Binary code visualization:

  1. Open the File details popup (click on a file in Analysis view --> Files for example).
  2. Select the Content tab.

Extraction

Check the blobs (Binary Large Objects) extracted from your firmware. Click on a Parent file to learn more about a blob:

Blob details

You can view a visualization of the firmware structure by selecting the Firmware structure tab.

Artifacts

Under the Artifacts page dropdown, you can verify the following elements of your firmware:

  • Certificates: X509 certificates included in the firmware image.
  • Private keys: cryptographic keys used to ensure the security and integrity of the firmware.
  • Passwords: used to control access to various functions and features of the firmware.
  • Management protocols: see protocols used for maintaining, configuring, and updating devices.
  • Images: .png, .jpg etc. files found in your firmware.
  • Binary Hardening: techniques used to enhance the security of binaries to make them more resistant to attacks.

Firmware info

On this page you can find information about the selected firmware, such as the date it was uploaded, the number of files it contains, or whether it is currently being monitored or not. You can also rerun the analysis here by clicking on Analyze again.

Success

ONEKEY and its data sources are constantly evolving, so a new analysis could uncover new vulnerabilities.

History

Here you can access the following pages:

  • Analysis History: All analyses performed on the selected firmware.
  • Product History: All the different versions/firmware images of the same product. Here you can track how issues/CVEs have changed over time.
  • Compliance Bundle History: A list of all compliance bundles for the selected firmware. You can generate a bundle on the Compliance page, or with the Compliance Wizard.
  • Audit Trail: List of all status changes and added comments for the selected firmware.

See History pages to learn more.

Download Analysis result

You can download the analysis results in .xlsx format.

To download the latest analysis of a firmware, go to Analysis view and click the Download XLSX button.

Download XLSX

To download a past analysis, open the Analysis History page from Analysis view and click on Download xlsx summary of analysis under the relevant entry.

Export data tables

Many tables can be exported in either .csv or .json formats.

To export a data table, click the Export ... button (for example 'Export components') usually found near the top-right corner of a table, and select a file format.

Note

You can export the data tables for specific firmware in Analysis view or export global results from one of the global pages.

Global results

Firmwares tab

As you upload more and more firmware, your dashboard might fill up and not all uploads will be displayed. To see all your firmware images, click on the Firmwares tab:

Firmwares tab

Here you can perform several actions, for example compare two firmware analyses, generate a report, or delete unwanted firmware.

Issues tab

To see all issues found in each uploaded firmware, select the Issues tab:

Issues tab

Click on an issue to learn more:

Issue details global

Use the Previous and Next buttons to quickly switch between issues.

Tip

In table view, click on the button to see the issue history.

Select a page under Search in to view all found:

  • files & strings,
  • components,
  • CVEs,
  • or artifacts.

Issue details global

See Global search to learn more.

Partial or no result

If an analysis returns partial or no result, it means that the uploaded firmware contains unsupported components and not all of ONEKEY's checks could run properly. When this happens, you can ask our team for an expert review. To do so,

  1. Select the firmware with the faulty analysis on your dashboard.
  2. Click Request on the popup (you can enter additional information in the message field, but the firmware metadata is automatically captured and sent to ONEKEY).

Common reasons for a failed analysis result

  • Firmware encryption
  • Obfuscation
  • Proprietary compression methods
  • Proprietary operating systems

In the case of a partial result, enter Analysis view and click on the Partial Result button to find out more about the problem:

Partial result

In the case of no result, enter Analysis view and click on What went wrong