> For the complete documentation index, see [llms.txt](https://wokough.gitbook.io/iot-firmware-aio/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://wokough.gitbook.io/iot-firmware-aio/appendix/fu-lu-1-xin-xi-shou-ji.md).

# 附录1：信息收集

### 一、与固件相关如下基础信息

* 基于的CPU架构
* 操作系统平台
* 引导程序配置
* 硬件原理图
* 数据表
* 代码行估计
* 源代码存储库位置
* 第三方组建
* 开源许可证（GPL）
* 变更日志
* FCC ID
* 设计和数据流程图
* 威胁建模
* 渗透测试报告
* 一些测试平台的测试（Jira、错误赏金平台 bugcrowd 或 hackerone ）

### 二、搜集方法

利用开发团队及其内部产品线获取准确和最新的数据，及其项目设计原理和应用的安全设置，进而判断出与安全风险有关的信息和某些特定功能点。开源情报（ `OSINT：Open source intelligence` ）技术手段来获取数据。**在搜集信息中遇到开源软件**，可下载开源软件存储库，并根据代码库执行手动和自动静态分析。

开源软件有其自身的静态分析工具 ，Example：[Coverity](https://scan.coverity.com/) 对 [Das U-Boot](http://www.denx.de/wiki/U-Boot/WebHome)进行的分析。

![](/files/qttvt3yiU7s3GgKOJnP8)

![](/files/44bjTRjD1Hn9d2cKHW3M)

semmle的[LGTM](https://lgtm.com/#explore)对Dropbear的分析：

![](/files/iecqGSociL7aZ51i8FWs)

![](/files/tKzPPmEvWBRqMZONMyv7)

获取如上信息后便可进行粗略的威胁建模：标识出可攻击功能点和影响范围，方便测试时进行漏洞点的贯穿使用。

来源： [***OWASP固件安全性测试指南***](https://scriptingxss.gitbook.io/firmware-security-testing-methodology/v/zhong-wen-fstm/#0x01-xin-xi-sou-ji)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://wokough.gitbook.io/iot-firmware-aio/appendix/fu-lu-1-xin-xi-shou-ji.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
