How can I find out if my firmware analysis is completed?
The easiest way to find out if an analysis is complete, is to look at the progress bars on the System Health page (Info -> System). There you can find the Currently analyzed firmware (only visible if there are running analyses).
The current analyses data as json is included in the endpoint /rest/status.
To query a FACT instance running locally you can e.g. run
curl "http://localhost:5000/rest/status" -X GET
ℹ️ Improved readability of the json output can be achieved by appending
| python3 -m json.toolto the command.
In the output you can find the currently running analyses under system_status.backend.analysis.current_analyses.
An example output could look like this:
"system_status": {
"backend": {
"_id": "backend",
"analysis": {
"analysis_main_scheduler": 0,
"current_analyses": {
"3569fb8f7f21876848af4c0414f84a7783a6fc74b74ddfd4438bd3f1fbc72c56_62699664": {
"analyzed_count": 1352,
"start_time": 1598521807.641655,
"total_count": 4007,
"unpacked_count": 1355
}
},
The current analyses data has a dictionary structure with the firmware UID as keys. It contains the following data fields:
-
start_time: The analysis start time (as UNIX timestamp) -
total_count: The total number of files in the firmware (will probably change as more and more parts of the firmware get unpacked recursively) -
unpacked_count: The number of files that finished running through the unpacking process -
analyzed_count: The number of files that finished running through the analysis process
The current unpacking process can therefore be computed as unpacked_count / total_count and the analysis progress as analyzed_count / total_count.
When the analysis is complete, it will be moved from system_status.backend.analysis.current_analyses to system_status.backend.analysis.recently_finished_analyses where it will be available for one minute (if not configured otherwise).
