Releases: e-m-b-a/emba
EMBA v1.5.1 - Rise from the dead or Binwalk is back in town
Let's travel back in time ... In EMBA version 1.2.3 we started removing the old, rusty and unmaintained binwalk (v2) as main extractor from EMBA. See here. Big thanks to the great folks of unblob for jumping in with the most powerful extraction engine that is currently available.
And now fast forward to September 2024 ... Check this bomb
Great news! The new binwalk was not just a quick update, it was a complete rewritten version in rust! As usual we are trying to implement cool projects quite early to get hands on experience ... especially if these are the projects from our own IoT hacking beginnings years ago ;)
Fast forward to Dezember 2024 ...
As the new binwalk is damn fast, EMBA got it as initial extractor into the extraction pipeline! Check it out and let us and Craig know how it performs and how you like it. In this place it is also quite easy to see where binwalk is failing and Unblob is jumping in. Btw. this does not mean that Binwalk is better compared to Unblob! In most of our testcases it was faster but from the success rate Unblob is currently the most powerful extraction engine which automatically jumps in as 2nd extraction engine and is also used for our deep-extraction mode.
The best extraction frameworks together in EMBA ... this must be true love :-D
Beside this big update we have a bunch of other little and big things for you:
- The SBOM engine which was introduced in version 1.5.0 got updates everywhere (new json engine, dependencies are now handled, untracked files can be included, improved package manager integration, optimised static version detection ...)
- EMBA is getting more and more powerful and faster, faster, faster
- Our huge code refactoring part 1 of X is finished
- Regular docker base image update (new capa version, new Ghidra version, ...)
- Kali Linux 2024.4 supported
Beside the technical updates, we were at BlackHat MEA with an Arsenal demo of EMBA. We talked to a lot of interested and interesting people and got some cool ideas for EMBA. You can check our Arsenal slides here and some pictures here
Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
Check it out here and start being an essential part of the future of EMBA
It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:
- @0xr3act0r made their first contribution in #1376
How can you reach us and stay up to date? Just take one of these channels:
Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:
└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba
└─$ sudo ./installer.sh -d
This will install all pre-requisites, including the docker base image and the CVE database, which will need some bandwith, harddrive space and time.
Afterwards, you are ready to analyse your first firmware with EMBA:
└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba
For updating your oudated EMBA installation, please check the update section in our wiki.
What's Changed
- Windows exe improvements by @m-1-k-3 in #1354
- Extend JSON SBOM by @m-1-k-3 in #1353
- SBOM - Duplicates / package files / dependencies by @m-1-k-3 in #1361
- SBOM - Add Poetry files by @m-1-k-3 in #1363
- Further SBOM updates (python pip, rpm, dependency tree) by @m-1-k-3 in #1368
- Json SBOM improvements by @m-1-k-3 in #1374
- Speedup find comands with exec threading / confidence level by @m-1-k-3 in #1375
- Added "apt install linux-modules-extra" package for proper installation of ubi and nandsim modules by @0xr3act0r in #1376
- exit on pre-checking selection by @m-1-k-3 in #1382
- Refactoring, enable threading by @m-1-k-3 in #1383
- Rename scan-profiles by @m-1-k-3 in #1395
- F50 refactoring by @m-1-k-3 in #1396
- helpers var refactor by @m-1-k-3 in #1397
- binwalk v3, refactoring, bugs, S09 speedup by @m-1-k-3 in #1398
- Unhandled files in SBOM by @m-1-k-3 in #1404
- Little fixes (csv, s25, s06, l25), s26 speedup by @m-1-k-3 in #1405
- Improve entropy pic integration by @m-1-k-3 in #1410
- bump version - v1.5.1 by @m-1-k-3 in #1412
New Contributors
- @0xr3act0r made their first contribution in #1376
Full Changelog: v1.5.0-SBOMdorado...v1.5.1-rise-from-the-dead
EMBA v1.5.0 - SBOMdorado
The main goal of EMBA was always to get an accurate real life overview of the threats of a firmware image. While a few years ago the target audience were only pentesters, in today’s EMBA world also software developers, product owners and product security teams are using her to achieve different goals.
Over the time EMBA is grown and today she is not only a firmware analyzer anymore. Nowadays, EMBA is used to test every little piece of unknown binary. While the main interest stays on analyzing Linux based firmware, we have seen that EMBA is also used for UEFI, Windows binaries, Linux binaries, different Scripts, Android APKs and a lot of other stuff. Beside the high fragmentation of the targets under test, we have seen a growing demand for SBOM generation. EMBA includes some kind of basic SBOM support for ages, but as most of our analyzed binaries do not rely on some kind of package managers, we have not seen the demand for supporting them on a broad base - until today.
We have now adjusted our approach to support a broad range of package managers, packet types and further sources for getting an accurate SBOM out of every testing candidate.
Beside our binary analysis mechanism as the only source of truth, EMBA is now able to extract further details from the following sources:
- Binaries and libraries
- Linux Kernel
- Kernel modules
- Linux distribution identification
- RPM package management system
- Debian package management system
- OpenWRT Package management system
- Python PIP package management system
- Python requirements files
- RPM packages
- DEB packages
- FreeBSD pkg packages
- Java archives
- Alpine APK
- Python poetry
- Python wheel
- Rust (cargo.lock)
- Ruby (gem)
- JavaScript - npm
- Windows binary exif data
- Windows binary extraction and analysis
Further details can be found in our wiki
Additionally, we did something more:
- FLOSS interview - check it out here
- Ubuntu 24.04 LTS support
- Switching from
docker-compose
todocker compose
- Bug fixing
- Refactoring
- Docker base image updates
Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
A big kudos goes to to offchain-audit for his sponsoring and to n0x08 for his ongoing support.
Check it out here and start being an essential part of the future of EMBA
It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:
- @gluesmith2021 made their first contribution in #1150
- @Grezzo made their first contribution in #1222
Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:
└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba
└─$ sudo ./installer.sh -d
This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.
Afterwards, you are ready to analyse your first firmware with EMBA:
└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba
What's Changed
- #1073 by @m-1-k-3 in #1076
- restart EMBA functionality by @m-1-k-3 in #1078
- make the quick mode quick by @m-1-k-3 in #1081
- Make the updater work again by @m-1-k-3 in #1082
- fix hardening log for s16 by @m-1-k-3 in #1084
- Quick version identifier update by @github-actions in #1089
- Metasploit database update by @github-actions in #1087
- CISA known exploited database update by @github-actions in #1088
- Snyk database update by @github-actions in #1090
- Packetstorm database update by @github-actions in #1091
- fix day cnt by @m-1-k-3 in #1085
- fix for Spurious linux_kernel CVEs, cpe string handling by @m-1-k-3 in #1086
- Metasploit database update by @github-actions in #1094
- full names and working tagging for packetstorm script by @HoxhaEndri in #1061
- add md5sum to binaries by @m-1-k-3 in #1096
- installer srecord by @m-1-k-3 in #1097
- Firmware/binary handling again by @m-1-k-3 in #1099
- little fixes by @m-1-k-3 in #1102
- Quick version identifier update by @github-actions in #1105
- CISA known exploited database update by @github-actions in #1104
- Metasploit database update by @github-actions in #1103
- Packetstorm database update by @github-actions in #1107
- Snyk database update by @github-actions in #1106
- Packetstorm database update by @github-actions in #1113
- CISA known exploited database update by @github-actions in #1111
- Metasploit database update by @github-actions in #1110
- Snyk database update by @github-actions in #1112
- xz backdoor detection - CVE-2024-3094 by @m-1-k-3 in #1114
- FIRST EPSS (Exploit Prediction Scoring System) integration by @m-1-k-3 in #1109
- Workflow docker builder updates by @m-1-k-3 in #1115
- Remove Arachni / refactoring by @m-1-k-3 in #1117
- Packetstorm database update by @github-actions in #1122
- CISA known exploited database update by @github-actions in #1120
- csv issues #1116 by @m-1-k-3 in #1118
- Metasploit database update by @github-actions in #1119
- Snyk database update by @github-actions in #1121
- csv issues #1116 by @m-1-k-3 in #1123
- f10 csv fix by @m-1-k-3 in #1124
- Vars check by @m-1-k-3 in #1126
- Metasploit database update by @github-actions in #1128
- CISA known exploited database update by @github-actions in #1129
- Packetstorm database update by @github-actions in #1131
- Snyk database update by @github-actions in #1130
- further vars cleanup, kev in f20 by @m-1-k-3 in #1127
- var cleanup, status_bar fix by @m-1-k-3 in #1132
- S36 updates, l10 fixes by @m-1-k-3 in #1133
- CISA known exploited database update by @github-actions in #1135
- Packetstorm database update by @github-actions in #1137
- Metasploit database update by @github-actions in #1134
- Snyk database update by @github-actions in #1136
- Emulation updates by @m-1-k-3 in #1140
- Packetstorm database update by @github-actions in #1144
- CISA known exploited database update by @github-actions in #1142
- Metasploit database update by @github-actions in #1141
- s115 qemu command output by @m-1-k-3 in #1145
- Snyk database update by @github-actions in #1143
- Packetstorm database update by @github-actions in #1149
- CISA known exploited database update by @github-actions in #1147
- Metasploit database update by @github-actions in #1146
- Snyk database update by @github-actions in #1148
- Metasploit database update by @github-actions in #1151
- Packetstorm database update by @github-actions in #1153
- Snyk database update by @github-actions in #1152
- Version string fixes for isc:dhcp and gnu:glibc by @gluesmith2021 in #1150
- Update default-scan-no-notify.emba by @BenediktMKuehne in https://g...
EMBA v1.4.2-Summertime
This release includes one new module as well as a huge amount of little updates, bug fixes and refactoring for your smooth summer time:
- New capa module with ATT&CK support introduced as S18 - see #1212
- Massive variable name refactoring
- Bash expansion refactoring
- Multiple bug fixes and improvements in the system emulation engine
- Medium article - Leveraging Automated Firmware Analysis with the Open-Source Firmware Analyzer EMBA
Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:
└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba
└─$ sudo ./installer.sh -d
This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.
Afterwards, you are ready to analyse your first firmware with EMBA:
└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba
Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
Check it out here and start being an essential part of the future of EMBA
It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:
What's Changed
- Update EMBA VERSION.txt by @github-actions in #1203
- little updates by @m-1-k-3 in #1204
- Metasploit database update by @github-actions in #1205
- Snyk database update by @github-actions in #1206
- Packetstorm database update by @github-actions in #1207
- CISA known exploited database update by @github-actions in #1209
- more bash expansion refactoring by @m-1-k-3 in #1215
- P23 improvements of handling nbd devices by @m-1-k-3 in #1214
- Module documentation template by @m-1-k-3 in #1216
- New capa (identify capabilities in executable files) module with ATT&CK support (S18) by @m-1-k-3 in #1212
- fix p35 by @m-1-k-3 in #1221
- Fix spelling mistake in S23_lua_check.sh by @Grezzo in #1222
- fix s109, p35 by @m-1-k-3 in #1224
- Improve ssdeep command in EMBA by @m-1-k-3 in #1225
- Update docker-compose.yml by @BenediktMKuehne in #1232
- installer fix for #1226 by @m-1-k-3 in #1233
- Little updates by @m-1-k-3 in #1234
- Improve Patool error output by @m-1-k-3 in #1236
- ftp client by @m-1-k-3 in #1241
- L10 init recovery test mode by @m-1-k-3 in #1246
- docker compose install issue by @m-1-k-3 in #1248
- libmagic by @m-1-k-3 in #1249
- little s18 fix by @m-1-k-3 in #1251
- S08 / Installer by @m-1-k-3 in #1255
- docker compose vs docker-compose by @m-1-k-3 in #1260
- little l10 improvements by @m-1-k-3 in #1261
- log_bin_hardening improved by @m-1-k-3 in #1262
- refactoring, L10 fixes by @m-1-k-3 in #1263
- Service handling for lighttpd, debugging services by @m-1-k-3 in #1265
- bump version v1.4.2 by @m-1-k-3 in #1267
New Contributors
Full Changelog: 1.4.1-white-rabbit...1.4.2-Summertime
EMBA v1.4.1 - Follow the white rabbit
Probably you all know that it is the 25th anniversary of the legendary Matrix movie! With the latest release EMBA got massive improvements in building the Matrix via emulation.
This release reflects the recent updates in our system emulation engine.
Short summary of the latest highlights:
- We started rebuilding and upgrading the toolchain of the system emulation engine - With the current work in place we can further update the outdated FirmAE and firmadyne environment which our emulation engine is originally based on
- Linux kernel upgraded from version 4.1.17 (the original firmadyne and FirmAE version) to version 4.1.52 - The original firmadyne kernel is from 01/2016 and a bit rusty. With the update to 4.1.52 (which is from 05/2018) we moved forward in time for more than 2 years. In the future we plan further updates to include more modern kernels.
- Busybox updated from 1.29.3 to the current version 1.36.1
- Multiple libnvram patches were merged from the rehosting repo of libnvram which is maintained primarly by @AndrewFasano
- Including an optional netcat listener to the system emulation engine
- Further debugging possibilities via strace, gdb and gdbserver added to the system emulation engine
- Handling of time64/time32 support in firmware via updated musl libc for libnvram - This hopefully results in an improved handling on more modern firmware
- Improved environment for ARM64 and MIPS64 architecture
- FIRST EPSS (Exploit Prediction Scoring System) integration - see #1109
- Updated docker base image to Kali 2024-2
- @gluesmith2021 fixed multiple bugs in our version detection and CVE engine - see here
Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:
└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba
└─$ sudo ./installer.sh -d
This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.
Afterwards, you are ready to analyse your first firmware with EMBA:
└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba
Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
Check it out here and start being an essential part of the future of EMBA
It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:
- @gluesmith2021 made their first contribution in #1150
What's Changed
- #1073 by @m-1-k-3 in #1076
- restart EMBA functionality by @m-1-k-3 in #1078
- make the quick mode quick by @m-1-k-3 in #1081
- Make the updater work again by @m-1-k-3 in #1082
- fix hardening log for s16 by @m-1-k-3 in #1084
- Quick version identifier update by @github-actions in #1089
- Metasploit database update by @github-actions in #1087
- CISA known exploited database update by @github-actions in #1088
- Snyk database update by @github-actions in #1090
- Packetstorm database update by @github-actions in #1091
- fix day cnt by @m-1-k-3 in #1085
- fix for Spurious linux_kernel CVEs, cpe string handling by @m-1-k-3 in #1086
- Metasploit database update by @github-actions in #1094
- full names and working tagging for packetstorm script by @HoxhaEndri in #1061
- add md5sum to binaries by @m-1-k-3 in #1096
- installer srecord by @m-1-k-3 in #1097
- Firmware/binary handling again by @m-1-k-3 in #1099
- little fixes by @m-1-k-3 in #1102
- Quick version identifier update by @github-actions in #1105
- CISA known exploited database update by @github-actions in #1104
- Metasploit database update by @github-actions in #1103
- Packetstorm database update by @github-actions in #1107
- Snyk database update by @github-actions in #1106
- Packetstorm database update by @github-actions in #1113
- CISA known exploited database update by @github-actions in #1111
- Metasploit database update by @github-actions in #1110
- Snyk database update by @github-actions in #1112
- xz backdoor detection - CVE-2024-3094 by @m-1-k-3 in #1114
- FIRST EPSS (Exploit Prediction Scoring System) integration by @m-1-k-3 in #1109
- Workflow docker builder updates by @m-1-k-3 in #1115
- Remove Arachni / refactoring by @m-1-k-3 in #1117
- Packetstorm database update by @github-actions in #1122
- CISA known exploited database update by @github-actions in #1120
- csv issues #1116 by @m-1-k-3 in #1118
- Metasploit database update by @github-actions in #1119
- Snyk database update by @github-actions in #1121
- csv issues #1116 by @m-1-k-3 in #1123
- f10 csv fix by @m-1-k-3 in #1124
- Vars check by @m-1-k-3 in #1126
- Metasploit database update by @github-actions in #1128
- CISA known exploited database update by @github-actions in #1129
- Packetstorm database update by @github-actions in #1131
- Snyk database update by @github-actions in #1130
- further vars cleanup, kev in f20 by @m-1-k-3 in #1127
- var cleanup, status_bar fix by @m-1-k-3 in #1132
- S36 updates, l10 fixes by @m-1-k-3 in #1133
- CISA known exploited database update by @github-actions in #1135
- Packetstorm database update by @github-actions in #1137
- Metasploit database update by @github-actions in #1134
- Snyk database update by @github-actions in #1136
- Emulation updates by @m-1-k-3 in #1140
- Packetstorm database update by @github-actions in #1144
- CISA known exploited database update by @github-actions in #1142
- Metasploit database update by @github-actions in #1141
- s115 qemu command output by @m-1-k-3 in #1145
- Snyk database update by @github-actions in #1143
- Packetstorm database update by @github-actions in #1149
- CISA known exploited database update by @github-actions in #1147
- Metasploit database update by @github-actions in #1146
- Snyk database update by @github-actions in #1148
- Metasploit database update by @github-actions in #1151
- Packetstorm database update by @github-actions in #1153
- Snyk database update by @github-actions in #1152
- Version string fixes for isc:dhcp and gnu:glibc by @gluesmith2021 in #1150
- Update default-scan-no-notify.emba by @BenediktMKuehne in #1156
- Packetstorm database update by @github-actions in #1161
- Quick version identifier update by @github-actions in #1160
- CISA known exploited database update by @github-actions in #1158
- fix zlib (unzip) version string by @gluesmith2021 in #1164
- JTR hash sorting by @BenediktMKuehne in https://github.com/...
EMBA v1.4.0 - ICS testing Edt.
As we do a lot of ICS/OT testing in our daily business, we thought this release should reflect our usual EMBA usage scenario. Welcome to another huge EMBA release with a lot new features: EMBA v1.4.0 - ICS testing Editition
This time we have collected the following highlights for you:
- less bugs -> more code -> more bugs? -> report all our bugs here
- Extended binary analysis via semgrep (see module s16)
- New static perl analysis via zarn (see module s27)
- Toolchain identification (see wiki)
- Improved update checking (see wiki)
- New scan interface (with integrated status bar) automatically enabled in most scan-profiles
- Improved multiple backend workflows
- Massive speedup of multiple EMBA modules (see #1006 / #996)
- Updated docker base image (see wiki)
- You can get in contact with us on the following social networks: X / Mastodon / NEW: Bluesky
- We can meet in real life at BlackHat Asia this year (see Arsenal schedule)
- Special thanks to our awesome community for releasing multiple new articles around EMBA - see our dedicated section in the wiki
Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:
└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba
└─$ sudo ./installer.sh -d
This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.
Afterwards, you are ready to analyse your first firmware with EMBA:
└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba
Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
Check it out here and start being an essential part of the future of EMBA
It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:
- @413x8 made their first contribution in #931
- @mj138 made their first contribution in #939
- @jblu42 made their first contribution in #987
- @floyd-fuh made their first contribution in #1030
Welcome to the EMBA firmware analysis environment and thank you for your valuable contribution.
What's Changed
- Internet check not blocking by @m-1-k-3 in #722
- Fix docker build workflow by @m-1-k-3 in #723
- disable disk space monitor by @m-1-k-3 in #724
- print fix, http crawler by @m-1-k-3 in #732
- Code cleanup by @m-1-k-3 in #733
- Fix updater by @m-1-k-3 in #749
- Unblob v23.8.11 by @m-1-k-3 in #750
- PEM file with multiple certificates by @HoxhaEndri in #736
- Update README.md by @m-1-k-3 in #757
- add file-command to default deps by @BenediktMKuehne in #763
- Update semgrep workflow by @m-1-k-3 in #764
- Debian repos - https only for Kali by @m-1-k-3 in #766
- Curl online check by @m-1-k-3 in #774
- Improve PW cracking module s107 by @m-1-k-3 in #773
- Check container nr disable for dev mode by @m-1-k-3 in #776
- Set variable by @m-1-k-3 in #777
- Installer updates by @m-1-k-3 in #779
- fix gpt path by @m-1-k-3 in #789
- Improve web page crawler by @m-1-k-3 in #795
- little fix by @m-1-k-3 in #796
- disable the trickest exploit db by @m-1-k-3 in #797
- Debian installer support by @m-1-k-3 in #798
- grep -v -> tail by @m-1-k-3 in #812
- Proxy support by @m-1-k-3 in #811
- Firmware diffing preparation by @m-1-k-3 in #804
- nikto setup, compose cleanup by @m-1-k-3 in #814
- System emulation fs mount improvements by @m-1-k-3 in #815
- L10 Fix SC2250 shellcheck by @HoxhaEndri in #822
- Installer debian package file format by @m-1-k-3 in #826
- Cleanup of PS crawler by @m-1-k-3 in #833
- Check for arachni user and shellcheck braces by @HoxhaEndri in #834
- Try cve db update multiple times during installation by @m-1-k-3 in #837
- Firmware diffing modules by @m-1-k-3 in #838
- fix #839 by @m-1-k-3 in #844
- Semgrep checks and shellcheck braces checks by @HoxhaEndri in #835
- check for space at the end of a line by @HoxhaEndri in #845
- Update installer, dep-check by @m-1-k-3 in #846
- strict mode grep error by @HoxhaEndri in #848
- BMC firmware extractor by @m-1-k-3 in #853
- braces check for all scripts inside "helpers" folder and "installer" folder by @HoxhaEndri in #854
- kernel-hardening-checker fix by @m-1-k-3 in #855
- Version 1.3.1 by @m-1-k-3 in #856
- Version identifiers, Arch check in installer, diff updates by @m-1-k-3 in #860
- check braces for modules scripts by @HoxhaEndri in #861
- braces checked for all script files by @HoxhaEndri in #865
- shellcheck braces check in check_project and in workflow by @HoxhaEndri in #866
- Improve diff mode by @m-1-k-3 in #867
- Fix grep -R by @m-1-k-3 in #869
- CPU check for SSSE3 by @m-1-k-3 in #870
- Diff threading + improved reporting by @m-1-k-3 in #871
- #873 fix by @m-1-k-3 in #874
- zlib string from dell bios firmware by @HoxhaEndri in #872
- Create first_interaction.yml by @m-1-k-3 in #877
- UEFI analysis improvements by @m-1-k-3 in #876
- fwhunt check entire firmware first by @HoxhaEndri in #881
- new version strings and comment for fwhunt by @HoxhaEndri in #882
- integrate cveXplore settings by @BenediktMKuehne in #884
- Install CveXplore v0.3.16++ by @m-1-k-3 in #892
- Full system emulation dependency s24 by @m-1-k-3 in #896
- Cvexplore integration by @BenediktMKuehne in #887
- switch pip install for cvexplore to git repo by @BenediktMKuehne in #899
- Docker-compose cleanup by @m-1-k-3 in #891
- Issue 889 by @m-1-k-3 in #902
- L10, S05 fixes by @m-1-k-3 in #903
- L23 VNC checker modules by @m-1-k-3 in #904
- update first interaction by @m-1-k-3 in #906
- Update check again - #908 by @m-1-k-3 in #909
- Make Routersploit work again by @m-1-k-3 in #910
- Stick to version and check it from requests and urllib3 by @m-1-k-3 in #911
- Improve dep checker by @m-1-k-3 in #912
- Replacement of current cve query mechanism by @m-1-k-3 in #913
- Fix workflows, improve CVE identification by @m-1-k-3 in https://github.com/e-m-b-a/emba...
EMBA v1.3.2 - EMBArk is out
The last EMBA release is not too long ago but in the mean time there was so much going on ... The most important thing is ...
The first official EMBArk release is out now!
Everything started as an idea in the beginning of 2021. The idea was to build an enterprise ready open source firmware analysis environment on top of EMBA. This environment should allow every product security team as well as every penetration tester and security researcher to use professional firmware analysis to improve the security of IoT/OT/ICS ... (you name it) devices as easy as possible. This idea was mixed up to an AMOS research project, where a team of students built a first PoC of EMBArk. You can find the original project here. From there on continuous work, improvement and testing was running more or less under the radar. Until today ... EMBArk is stable and ready for more! Kudos to @BenediktMKuehne for pushing it to the next level.
Say hi to our centralized firmware security analysis environment EMBArk! Check it out here, use it, give us feedback or improve it and start being part of this open source environment.
On EMBA side we have some "bumpy" weeks in the neck:
- As the NIST API is currently changing and we had some serious issues with our cve-search integration we decided to rewrite it by ourself. This process took us some time to get the CVE identification feature fully working again. Thanks for all your testing and feedback during this process. With the new integration EMBA is faster, more stable and the installation is not that error prone anymore.
- UEFI analysis integration was massively improved - see here
- A lot of code cleanup was done by @HoxhaEndri
- A new update check functionality by @HoxhaEndri
- Improved firmware diffing environment - see here
- Updated and new reporting templates by @413x8
- Your great feedback is now collected in our wiki
- Further public online resources are available and collected here
- New support possibilities via patreon or buymeacoffee
Thank you for all your feedback and your testing since version 1.3.1!
It is always a pleasure to welcome new contributors to EMBA. This time we can welcome two of them:
Welcome to the EMBA environment and thank you for your valuable contribution.
We are looking for (release) sponsors here
What's Changed
- Version identifiers, Arch check in installer, diff updates by @m-1-k-3 in #860
- Snyk database update by @github-actions in #864
- CISA known exploited database update by @github-actions in #863
- Metasploit database update by @github-actions in #862
- check braces for modules scripts by @HoxhaEndri in #861
- braces checked for all script files by @HoxhaEndri in #865
- shellcheck braces check in check_project and in workflow by @HoxhaEndri in #866
- Improve diff mode by @m-1-k-3 in #867
- Fix grep -R by @m-1-k-3 in #869
- CPU check for SSSE3 by @m-1-k-3 in #870
- Diff threading + improved reporting by @m-1-k-3 in #871
- #873 fix by @m-1-k-3 in #874
- zlib string from dell bios firmware by @HoxhaEndri in #872
- Create first_interaction.yml by @m-1-k-3 in #877
- Metasploit database update by @github-actions in #878
- CISA known exploited database update by @github-actions in #879
- Snyk database update by @github-actions in #880
- UEFI analysis improvements by @m-1-k-3 in #876
- fwhunt check entire firmware first by @HoxhaEndri in #881
- new version strings and comment for fwhunt by @HoxhaEndri in #882
- integrate cveXplore settings by @BenediktMKuehne in #884
- Install CveXplore v0.3.16++ by @m-1-k-3 in #892
- Snyk database update by @github-actions in #894
- Packetstorm database update by @github-actions in #895
- CISA known exploited database update by @github-actions in #893
- Full system emulation dependency s24 by @m-1-k-3 in #896
- Cvexplore integration by @BenediktMKuehne in #887
- switch pip install for cvexplore to git repo by @BenediktMKuehne in #899
- Docker-compose cleanup by @m-1-k-3 in #891
- Issue 889 by @m-1-k-3 in #902
- Update FUNDING.yml by @m-1-k-3 in #905
- L10, S05 fixes by @m-1-k-3 in #903
- L23 VNC checker modules by @m-1-k-3 in #904
- update first interaction by @m-1-k-3 in #906
- Update FUNDING.yml by @m-1-k-3 in #907
- Update check again - #908 by @m-1-k-3 in #909
- Make Routersploit work again by @m-1-k-3 in #910
- Stick to version and check it from requests and urllib3 by @m-1-k-3 in #911
- Improve dep checker by @m-1-k-3 in #912
- CISA known exploited database update by @github-actions in #915
- Packetstorm database update by @github-actions in #917
- Snyk database update by @github-actions in #916
- Replacement of current cve query mechanism by @m-1-k-3 in #913
- Fix workflows, improve CVE identification by @m-1-k-3 in #919
- rootfs check in uefi extractor by @m-1-k-3 in #921
- fix install workflow by @m-1-k-3 in #922
- check for versions (emba, git and docker) by @HoxhaEndri in #918
- Update FUNDING.yml by @m-1-k-3 in #924
- Update FUNDING.yml by @m-1-k-3 in #925
- Update FUNDING.yml by @m-1-k-3 in #926
- Update FUNDING.yml by @m-1-k-3 in #927
- S26 module fix by @m-1-k-3 in #928
- remove update scripts by @m-1-k-3 in #923
- Packetstorm database update by @github-actions in #935
- CISA known exploited database update by @github-actions in #933
- Snyk database update by @github-actions in #934
- Metasploit database update by @github-actions in #932
- Pre templates by @413x8 in #931
- Multiple fixes by @m-1-k-3 in #930
- Contributors update by @m-1-k-3 in #937
- update default profile for EMBArk by @m-1-k-3 in #938
- Fix parsing of version number from binary version string by @mj138 in #939
- Update Contributors, version by @m-1-k-3 in #940
- Fix parsing of binary name from binary version string by @mj138 in #942
- little cleanup by @m-1-k-3 in #944
- Docker build updates for Kali 2023.4 by @m-1-k-3 in #945
- Metasploit database update by @github-actions in #948
- CISA known exploited database update by @github-actions in #949
- Snyk database update by @github-actions in #950
- Packetstorm database update by @github-actions in #951
- Include 0xdea semgrep rules and haruspex ghidra script, improve cwe-search integration by @m-1-k-3 in #946
- s14 r2 startup command update by @m-1-k-3 in #952
- r2 bin cache by @m-1-k-3 in #953
- fix for #954 by @m-1-k-3 in #955
- Enable workflow dispatch by @m-1-k-3 in #956
New Contributors
- @413x8 made their first contribution in h...
EMBA v1.3.1 - Diff it
What happened since the last EMBA release?
There was the absolute great #Hackersummercamp with our talks at BSidesLV, ICS Village (DEF CON) and Black Hat (Arsenal). The recording of the BSides talk is already available here. Beside this, Nate did a really great talk at BruCON – see here.
Beside a lot of code cleanup, bug fixing and some little improvements the new firmware diffing mode is one of the highlights in version 1.3.1.
In 1 day bug hunting, exploit development and the identification of silent patching it is quite common to identify the differences between two firmware releases.
To use this new feature (as usual in a very early alpha state) it is now possible to define a second firmware with the -o
parameter. EMBA starts with some basic analysis of both firmware images, extracts both images and finds the differences between these firmware images:
If the file is some ASCII file a nice diff is shown:
If the file is a binary file we use radare2 for further analysis:
For further details check our Wiki
Happy bug hunting :)
Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
Check it out here and start being an essential part of the future of EMBA
What's Changed
- Internet check not blocking by @m-1-k-3 in #722
- Fix docker build workflow by @m-1-k-3 in #723
- disable disk space monitor by @m-1-k-3 in #724
- print fix, http crawler by @m-1-k-3 in #732
- Code cleanup by @m-1-k-3 in #733
- Fix updater by @m-1-k-3 in #749
- Unblob v23.8.11 by @m-1-k-3 in #750
- PEM file with multiple certificates by @HoxhaEndri in #736
- Update README.md by @m-1-k-3 in #757
- add file-command to default deps by @BenediktMKuehne in #763
- Update semgrep workflow by @m-1-k-3 in #764
- Debian repos - https only for Kali by @m-1-k-3 in #766
- Curl online check by @m-1-k-3 in #774
- Improve PW cracking module s107 by @m-1-k-3 in #773
- Check container nr disable for dev mode by @m-1-k-3 in #776
- Set variable by @m-1-k-3 in #777
- Installer updates by @m-1-k-3 in #779
- fix gpt path by @m-1-k-3 in #789
- Improve web page crawler by @m-1-k-3 in #795
- little fix by @m-1-k-3 in #796
- disable the trickest exploit db by @m-1-k-3 in #797
- Debian installer support by @m-1-k-3 in #798
- grep -v -> tail by @m-1-k-3 in #812
- Proxy support by @m-1-k-3 in #811
- Firmware diffing preparation by @m-1-k-3 in #804
- nikto setup, compose cleanup by @m-1-k-3 in #814
- System emulation fs mount improvements by @m-1-k-3 in #815
- L10 Fix SC2250 shellcheck by @HoxhaEndri in #822
- Installer debian package file format by @m-1-k-3 in #826
- Cleanup of PS crawler by @m-1-k-3 in #833
- Check for arachni user and shellcheck braces by @HoxhaEndri in #834
- Try cve db update multiple times during installation by @m-1-k-3 in #837
- Firmware diffing modules by @m-1-k-3 in #838
- fix #839 by @m-1-k-3 in #844
- Semgrep checks and shellcheck braces checks by @HoxhaEndri in #835
- check for space at the end of a line by @HoxhaEndri in #845
- Update installer, dep-check by @m-1-k-3 in #846
- strict mode grep error by @HoxhaEndri in #848
- Packetstorm database update by @github-actions in #852
- Snyk database update by @github-actions in #851
- CISA known exploited database update by @github-actions in #850
- Metasploit database update by @github-actions in #849
- BMC firmware extractor by @m-1-k-3 in #853
- braces check for all scripts inside "helpers" folder and "installer" folder by @HoxhaEndri in #854
- kernel-hardening-checker fix by @m-1-k-3 in #855
- Version 1.3.1 by @m-1-k-3 in #856
Full Changelog: 1.3.0-AI-for-EMBA...1.3.1-diff-all-the-firmwares
EMBA v1.3.0 - AI-Assisted Firmware Analysis
Q: Can we use AI for firmware analysis?
A: Sure, let's do it! EMBA now supports AI-assisted firmware analysis.
Again, we rise the bar in the field of Open-Source firmware security analysis. After establishing user-mode emulation or system emulation this time we moved to AI-assisted firmware analysis. More details about our AI integration are available in our Wiki
#Hackersummercamp ahead!
We got the amazing opportunity to show EMBA at the BSides conference in Las Vegas. The schedule is available here.
Additionally, you will find us with a live EMBA demo at Black Hat Arsenal
See you all in Vegas
Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
Check it out here and start being an essential part of the future of EMBA
What's Changed
- Exit of add_partition in L10 by @m-1-k-3 in #430
- log dir on dep check by @m-1-k-3 in #428
- Nikto dep fix by @m-1-k-3 in #429
- cwe-checker install latest master by @m-1-k-3 in #431
- Further trickest blacklist entries by @m-1-k-3 in #432
- Freetzng-fix by @BenediktMKuehne in #433
- update sub-shell pwd fix by @BenediktMKuehne in #435
- Add Packetstorm and Snyk PoC sources by @m-1-k-3 in #434
- Full install fixes by @m-1-k-3 in #436
- s115 - empty log handling by @m-1-k-3 in #438
- Minimal cve-search installation / Dependency issues by @m-1-k-3 in #442
- blacklist update by @m-1-k-3 in #441
- Introducing module_wait helper function by @m-1-k-3 in #439
- Fix dependencies by @m-1-k-3 in #445
- Code cleanup - comments by @m-1-k-3 in #446
- Copyright updates 2023 by @m-1-k-3 in #447
- Kernel downloader and vulnerability verifier by @m-1-k-3 in #451
- cron job fix by @m-1-k-3 in #453
- L10 improvements, more services by @m-1-k-3 in #454
- Kernel config analysis by @m-1-k-3 in #455
- Update the known exploit behaviour by @m-1-k-3 in #458
- example disable profile by @m-1-k-3 in #457
- Refactoring by @m-1-k-3 in #462
- exploit databases updated by @m-1-k-3 in #466
- S12 - checksec implementation fix by @m-1-k-3 in #463
- Improve stop of system emulation by @m-1-k-3 in #465
- Hexagon support by @m-1-k-3 in #467
- Lighttpd analysis module by @m-1-k-3 in #469
- s08 safe_echo fix by @m-1-k-3 in #470
- p35 - true to not fail, s26 - check for files by @m-1-k-3 in #471
- JTR crack multiple hash types by @m-1-k-3 in #473
- deprecated -l option by @m-1-k-3 in #476
- s36 fixes, renamed p61 by @m-1-k-3 in #477
- System emulator improvements by @m-1-k-3 in #478
- Respect module blacklist in waiting state / Installer fix by @m-1-k-3 in #479
- Exploit database update, debug mode, command line tests by @m-1-k-3 in #481
- Add wordlist mechanism to s109 by @m-1-k-3 in #482
- csv export of p59, p60 and p70 by @m-1-k-3 in #483
- disk space monitor, rpm package analysis by @m-1-k-3 in #485
- Improve output of help command by @m-1-k-3 in #492
- Setup further workflows by @m-1-k-3 in #490
- Remove timezone setting by @m-1-k-3 in #494
- Refactor, PID log, Github actions, APKHunt by @m-1-k-3 in #495
- Packetstorm database update by @github-actions in #498
- Snyk database update by @github-actions in #497
- Metasploit database update by @github-actions in #496
- Improve restart EMBA analysis feature by @m-1-k-3 in #499
- Fix install with pip v23+ by @m-1-k-3 in #500
- Another PIPv23 fix by @m-1-k-3 in #501
- return if empty by @m-1-k-3 in #502
- Input validation by @m-1-k-3 in #505
- Check for update setting by @m-1-k-3 in #504
- Routersploit update workflow by @m-1-k-3 in #503
- Dependency checker, workflow by @m-1-k-3 in #506
- Metasploit database update by @github-actions in #509
- Snyk database update by @github-actions in #510
- CISA known exploited database update by @github-actions in #512
- Packetstorm database update by @github-actions in #514
- System emulation improvements, workflow by @m-1-k-3 in #515
- CVE state message printing by @m-1-k-3 in #518
- Packetstorm database update by @github-actions in #528
- Snyk database update by @github-actions in #527
- CISA known exploited database update by @github-actions in #525
- Routersploit database update by @github-actions in #524
- Metasploit database update by @github-actions in #523
- Trickest PoC database update by @github-actions in #526
- Input adjustment by @m-1-k-3 in #529
- version validation by @m-1-k-3 in #530
- PATH variable bug by @m-1-k-3 in #531
- EMBA v1.2.2 - Blue Hat edt. by @m-1-k-3 in #532
- Sponsoring issues by @m-1-k-3 in #534
- Metasploit database update by @github-actions in #536
- Snyk database update by @github-actions in #539
- CISA known exploited database update by @github-actions in #537
- Packetstorm database update by @github-actions in #540
- L25 improvements / multiple little fixes by @m-1-k-3 in #535
- L10 module improvements by @m-1-k-3 in #543
- Metasploit database update by @github-actions in #545
- Snyk database update by @github-actions in #547
- Packetstorm database update by @github-actions in #548
- New version strings (Flex and NBTscan) by @HoxhaEndri in #549
- L10 improvement round x by @m-1-k-3 in #550
- links in templates by @m-1-k-3 in #555
- Freetz extraction module deprecated by @m-1-k-3 in #554
- fix for #551 by @m-1-k-3 in #553
- Testing workflows by @BenediktMKuehne in #541
- Packetstorm database update by @github-actions in #563
- Snyk database update by @github-actions in #562
- CISA known exploited database update by @github-actions in #560
- Metasploit database update by @github-actions in #559
- Improve web crawler (L25) by @m-1-k-3 in #557
- Updated installer.sh for "ubuntu debian" /etc/os-release and new version string by @HoxhaEndri in #552
- SNMP module improvements by @m-1-k-3 in #565
- Remove warning apt-key is deprecated by @HoxhaEndri in #564
- update entropy output by @BenediktMKuehne in #566...
EMBA v1.2.3 - R.I.P. Binwalk
Binwalk, it was a long and great time with you. Now, you are a bit old and rusty and we had some issues in the past. Looks like we need to change our relationship a little bit ...
The binwalk extractor is already unmaintained for a quite long time period. In this time, we jumped in with multiple extractor modules within EMBA to keep the great extraction up. In the last year we have looked quite interested at the development process of Unblob.
We already integrated Unblob as an evaluation module a while ago. Currently it is integrated as the second extraction framework beside binwalk to jump in if our main binwalk/EMBA approach failed.
Now, it is time to change the game and to make Unblob to our main extractor and use binwalk only in the rare case Unblob failed.
Another very cool highlight is the acceptance of EMBA in the embedded research environment. Nate released a great article around analysing IoT devices here
Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also become a sponsor.
Check it out here and start being an essential part of the future of EMBA
What's Changed
- L25 improvements / multiple little fixes by @m-1-k-3 in #535
- L10 module improvements by @m-1-k-3 in #543
- New version strings (Flex and NBTscan) by @HoxhaEndri in #549
- L10 improvement round x by @m-1-k-3 in #550
- links in templates by @m-1-k-3 in #555
- Freetz extraction module deprecated by @m-1-k-3 in #554
- fix for #551 by @m-1-k-3 in #553
- Testing workflows by @BenediktMKuehne in #541
- Improve web crawler (L25) by @m-1-k-3 in #557
- Updated installer.sh for "ubuntu debian" /etc/os-release and new version string by @HoxhaEndri in #552
- SNMP module improvements by @m-1-k-3 in #565
- Remove warning apt-key is deprecated by @HoxhaEndri in #564
- update entropy output by @BenediktMKuehne in #566
- Ignore files containing the following paths: /dev/ /proc/ /sys/ by @HoxhaEndri in #569
- Fix arch detection in f50 by @m-1-k-3 in #567
- Install fixes by @m-1-k-3 in #570
- fix l10 error case by @m-1-k-3 in #571
- Improved default profile handling / running modules script by @m-1-k-3 in #572
- Fail fetch aspnetcore-targeting-pack when cleaning up by @m-1-k-3 in #579
- Metasploit database update by @github-actions in #581
- CISA known exploited database update by @github-actions in #582
- Packetstorm database update by @github-actions in #585
- Snyk database update by @github-actions in #584
- Trickest PoC database update by @github-actions in #583
- fix actions, fix l10 lnk fixer by @m-1-k-3 in #580
- remove unneeded resource by @BenediktMKuehne in #586
- Revert "remove unneeded resource" by @m-1-k-3 in #587
- SBOM generation fix for non vuln components by @m-1-k-3 in #589
- Avoiding /proc and /sys paths (-xdev) in symlink script and check for missing symlinks in s115 by @HoxhaEndri in #590
- Packetstorm database update by @github-actions in #597
- Snyk database update by @github-actions in #596
- CISA known exploited database update by @github-actions in #594
- Metasploit database update by @github-actions in #593
- Lua script analysis support, UPnP live module, improvements by @m-1-k-3 in #591
- R.I.P. binwalk by @m-1-k-3 in #598
- ignore named pipe by @HoxhaEndri in #601
- Packetstorm database update by @github-actions in #607
- Snyk database update by @github-actions in #606
- Metasploit database update by @github-actions in #604
- apk extraction fix by @m-1-k-3 in #603
- R2 decompiler integration by @m-1-k-3 in #608
- url update for sasquatch deb by @m-1-k-3 in #609
- update ubuntu libssl source by @BenediktMKuehne in #610
- Small cleanup fixes by @m-1-k-3 in #611
- Packetstorm database update by @github-actions in #616
- Snyk database update by @github-actions in #615
- CISA known exploited database update by @github-actions in #614
- Metasploit database update by @github-actions in #613
- Hnap detection support for system emulator by @m-1-k-3 in #612
- Version 1.2.3 by @m-1-k-3 in #621
New Contributors
- @HoxhaEndri made their first contribution in #549
Full Changelog: 1.2.2-bluehat...1.2.3-RIP-binwalk
EMBA v1.2.2 - Blue Hat edt.
EMBA was shown at Microsoft Blue Hat Conference by Nate. See here for a picture of Nate himself on the stage and here you can find his slides.
It is so awesome to see that EMBA gets more and more used from the research community.
Spread the word and secure the Internet of Things with EMBA!
As usual we have fixed a huge number of little bugs everywhere within EMBA. Beside these fixes we also introduced the following highlights:
- New analysis module for better Lighttpd analysis (see #469)
- New analysis module for Android apk analysis (see #495)
- Multiple improvements of the JTR password cracking module (includes the possibility to use a word list) (see #473 and #482)
- More modules supporting csv exports
- Better disk space monitoring
- Multiple improvements for the system emulator
- Installer has now PIPv23 support (with this also the latest Kali builds are supported)
- Improved restart mechanism
- Further Unblob extractor integration
- Multiple workflow improvements
- regular PoC and Exploit updates
Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now become a sponsor.
Check it out here and start being an essential part of the future of EMBA
Additionally, I want to highlight our second project EMBArk which got some huge updates in the last time! Great work @BenediktMKuehne
What's Changed
- Lighttpd analysis module by @m-1-k-3 in #469
- s08 safe_echo fix by @m-1-k-3 in #470
- p35 - true to not fail, s26 - check for files by @m-1-k-3 in #471
- JTR crack multiple hash types by @m-1-k-3 in #473
- deprecated -l option by @m-1-k-3 in #476
- s36 fixes, renamed p61 by @m-1-k-3 in #477
- System emulator improvements by @m-1-k-3 in #478
- Respect module blacklist in waiting state / Installer fix by @m-1-k-3 in #479
- Exploit database update, debug mode, command line tests by @m-1-k-3 in #481
- Add wordlist mechanism to s109 by @m-1-k-3 in #482
- csv export of p59, p60 and p70 by @m-1-k-3 in #483
- disk space monitor, rpm package analysis by @m-1-k-3 in #485
- Improve output of help command by @m-1-k-3 in #492
- Setup further workflows by @m-1-k-3 in #490
- Remove timezone setting by @m-1-k-3 in #494
- Refactor, PID log, Github actions, APKHunt by @m-1-k-3 in #495
- Packetstorm database update by @github-actions in #498
- Snyk database update by @github-actions in #497
- Metasploit database update by @github-actions in #496
- Improve restart EMBA analysis feature by @m-1-k-3 in #499
- Fix install with pip v23+ by @m-1-k-3 in #500
- Another PIPv23 fix by @m-1-k-3 in #501
- return if empty by @m-1-k-3 in #502
- Input validation by @m-1-k-3 in #505
- Check for update setting by @m-1-k-3 in #504
- Routersploit update workflow by @m-1-k-3 in #503
- Dependency checker, workflow by @m-1-k-3 in #506
- Metasploit database update by @github-actions in #509
- Snyk database update by @github-actions in #510
- CISA known exploited database update by @github-actions in #512
- Packetstorm database update by @github-actions in #514
- System emulation improvements, workflow by @m-1-k-3 in #515
- CVE state message printing by @m-1-k-3 in #518
- Packetstorm database update by @github-actions in #528
- Snyk database update by @github-actions in #527
- CISA known exploited database update by @github-actions in #525
- Routersploit database update by @github-actions in #524
- Metasploit database update by @github-actions in #523
- Trickest PoC database update by @github-actions in #526
- Input adjustment by @m-1-k-3 in #529
- version validation by @m-1-k-3 in #530
- PATH variable bug by @m-1-k-3 in #531
New Contributors
- @github-actions made their first contribution in #498
Full Changelog: 1.2.1...1.2.2-bluehat