Skip to content

EMBA v1.4.1 - Follow the white rabbit

Compare
Choose a tag to compare
@m-1-k-3 m-1-k-3 released this 17 Jun 12:28
· 676 commits to master since this release
ce738a1

Probably you all know that it is the 25th anniversary of the legendary Matrix movie! With the latest release EMBA got massive improvements in building the Matrix via emulation.

image

This release reflects the recent updates in our system emulation engine.

Short summary of the latest highlights:

  • We started rebuilding and upgrading the toolchain of the system emulation engine - With the current work in place we can further update the outdated FirmAE and firmadyne environment which our emulation engine is originally based on
  • Linux kernel upgraded from version 4.1.17 (the original firmadyne and FirmAE version) to version 4.1.52 - The original firmadyne kernel is from 01/2016 and a bit rusty. With the update to 4.1.52 (which is from 05/2018) we moved forward in time for more than 2 years. In the future we plan further updates to include more modern kernels.
  • Busybox updated from 1.29.3 to the current version 1.36.1
  • Multiple libnvram patches were merged from the rehosting repo of libnvram which is maintained primarly by @AndrewFasano
  • Including an optional netcat listener to the system emulation engine
  • Further debugging possibilities via strace, gdb and gdbserver added to the system emulation engine
  • Handling of time64/time32 support in firmware via updated musl libc for libnvram - This hopefully results in an improved handling on more modern firmware
  • Improved environment for ARM64 and MIPS64 architecture
  • FIRST EPSS (Exploit Prediction Scoring System) integration - see #1109
  • Updated docker base image to Kali 2024-2
  • @gluesmith2021 fixed multiple bugs in our version detection and CVE engine - see here

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
image
Check it out here and start being an essential part of the future of EMBA


It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

What's Changed

  • #1073 by @m-1-k-3 in #1076
  • restart EMBA functionality by @m-1-k-3 in #1078
  • make the quick mode quick by @m-1-k-3 in #1081
  • Make the updater work again by @m-1-k-3 in #1082
  • fix hardening log for s16 by @m-1-k-3 in #1084
  • Quick version identifier update by @github-actions in #1089
  • Metasploit database update by @github-actions in #1087
  • CISA known exploited database update by @github-actions in #1088
  • Snyk database update by @github-actions in #1090
  • Packetstorm database update by @github-actions in #1091
  • fix day cnt by @m-1-k-3 in #1085
  • fix for Spurious linux_kernel CVEs, cpe string handling by @m-1-k-3 in #1086
  • Metasploit database update by @github-actions in #1094
  • full names and working tagging for packetstorm script by @HoxhaEndri in #1061
  • add md5sum to binaries by @m-1-k-3 in #1096
  • installer srecord by @m-1-k-3 in #1097
  • Firmware/binary handling again by @m-1-k-3 in #1099
  • little fixes by @m-1-k-3 in #1102
  • Quick version identifier update by @github-actions in #1105
  • CISA known exploited database update by @github-actions in #1104
  • Metasploit database update by @github-actions in #1103
  • Packetstorm database update by @github-actions in #1107
  • Snyk database update by @github-actions in #1106
  • Packetstorm database update by @github-actions in #1113
  • CISA known exploited database update by @github-actions in #1111
  • Metasploit database update by @github-actions in #1110
  • Snyk database update by @github-actions in #1112
  • xz backdoor detection - CVE-2024-3094 by @m-1-k-3 in #1114
  • FIRST EPSS (Exploit Prediction Scoring System) integration by @m-1-k-3 in #1109
  • Workflow docker builder updates by @m-1-k-3 in #1115
  • Remove Arachni / refactoring by @m-1-k-3 in #1117
  • Packetstorm database update by @github-actions in #1122
  • CISA known exploited database update by @github-actions in #1120
  • csv issues #1116 by @m-1-k-3 in #1118
  • Metasploit database update by @github-actions in #1119
  • Snyk database update by @github-actions in #1121
  • csv issues #1116 by @m-1-k-3 in #1123
  • f10 csv fix by @m-1-k-3 in #1124
  • Vars check by @m-1-k-3 in #1126
  • Metasploit database update by @github-actions in #1128
  • CISA known exploited database update by @github-actions in #1129
  • Packetstorm database update by @github-actions in #1131
  • Snyk database update by @github-actions in #1130
  • further vars cleanup, kev in f20 by @m-1-k-3 in #1127
  • var cleanup, status_bar fix by @m-1-k-3 in #1132
  • S36 updates, l10 fixes by @m-1-k-3 in #1133
  • CISA known exploited database update by @github-actions in #1135
  • Packetstorm database update by @github-actions in #1137
  • Metasploit database update by @github-actions in #1134
  • Snyk database update by @github-actions in #1136
  • Emulation updates by @m-1-k-3 in #1140
  • Packetstorm database update by @github-actions in #1144
  • CISA known exploited database update by @github-actions in #1142
  • Metasploit database update by @github-actions in #1141
  • s115 qemu command output by @m-1-k-3 in #1145
  • Snyk database update by @github-actions in #1143
  • Packetstorm database update by @github-actions in #1149
  • CISA known exploited database update by @github-actions in #1147
  • Metasploit database update by @github-actions in #1146
  • Snyk database update by @github-actions in #1148
  • Metasploit database update by @github-actions in #1151
  • Packetstorm database update by @github-actions in #1153
  • Snyk database update by @github-actions in #1152
  • Version string fixes for isc:dhcp and gnu:glibc by @gluesmith2021 in #1150
  • Update default-scan-no-notify.emba by @BenediktMKuehne in #1156
  • Packetstorm database update by @github-actions in #1161
  • Quick version identifier update by @github-actions in #1160
  • CISA known exploited database update by @github-actions in #1158
  • fix zlib (unzip) version string by @gluesmith2021 in #1164
  • JTR hash sorting by @BenediktMKuehne in #1154
  • Dhcp version strings and blacklist fix by @gluesmith2021 in #1163
  • f20 cpe handling #1155 by @m-1-k-3 in #1166
  • MODULE_BLACKLIST array handling by @m-1-k-3 in #1168
  • CISA known exploited database update by @github-actions in #1170
  • Quick version identifier update by @github-actions in #1171
  • Metasploit database update by @github-actions in #1169
  • Snyk database update by @github-actions in #1172
  • Packetstorm database update by @github-actions in #1173
  • improve not on YARA settings by @m-1-k-3 in #1176
  • F20 CVE version range checking: fix and dead code removal by @gluesmith2021 in #1165
  • Less regex / f20 and s21 wording by @m-1-k-3 in #1177
  • Update unblob and binwalk installer by @m-1-k-3 in #1178
  • System emulation updates by @m-1-k-3 in #1157
  • Revert "System emulation updates" by @m-1-k-3 in #1179
  • Metasploit database update by @github-actions in #1181
  • CISA known exploited database update by @github-actions in #1182
  • Packetstorm database update by @github-actions in #1185
  • Quick version identifier update by @github-actions in #1184
  • Packetstorm database update by @github-actions in #1191
  • Snyk database update by @github-actions in #1190
  • CISA known exploited database update by @github-actions in #1189
  • Metasploit database update by @github-actions in #1188
  • System emulator updates by @m-1-k-3 in #1180
  • Snyk script improved by @HoxhaEndri in #1186
  • System emulation updates by @m-1-k-3 in #1193
  • Metasploit database update by @github-actions in #1194
  • CISA known exploited database update by @github-actions in #1195
  • Quick version identifier update by @github-actions in #1196
  • Packetstorm database update by @github-actions in #1198
  • System emulation updates by @m-1-k-3 in #1199
  • Snyk database update by @github-actions in #1197
  • Update README.md by @BenediktMKuehne in #1200

New Contributors

Full Changelog: 1.4.0-ICS-testing-edt...1.4.1-white-rabbit