Improve our interesting firmware collection #897
Comments
m-1-k-3
added
enhancement
|
What about VxWorks on SuperH4? How much does EMBA unfold vs manual analysis?: https://blogs.nopcode.org/brainstorm/anritsu-ms2721b-spectrum-analyzer/ ;) |
|
@brainstorm do you have already some experience and results of binaryanalysis-ng |
|
@m-1-k-3 Back then BANG did not find much, so I resorted to manual analysis in the second part of that article: https://blogs.nopcode.org/brainstorm/anritsu-ms2721b-spectrum-analyzer-repair-part-2/ I doubt binaryanalysis-ng would find much nowadays either... VxHunter on the other hand found a boatload of very useful stuff (resolving functions and offsets) and nowadays it is integrated in Ghidra as "VxWorks" plugin, which I assume is based on VxHunter. |
|
This issue is stale because it has been open for 28 days with no activity. |
|
It would be very nice if EMBA would support so-called bare-metal firmware, see https://www.youtube.com/watch?v=q4CxE5P6RUE for an explanation. At least in a first iteration it would be nice if the code detects bare-metal firmware and then activates/deactivates certain modules, informs the user, etc. E.g. hardware running https://www.zephyrproject.org/ |
|
Could you give me some more details on what you would expect from this identfication. Probably S03 is already doing parts of your needs. See and Is this already the identification you are expecting. Additionally, EMBA tries to identify UEFI firmware in module P35 which gets further analysed in module s02 Further details are also available in the wiki https://github.com/e-m-b-a/emba/wiki/OS-support#vxworks-based-firmware / https://github.com/e-m-b-a/emba/wiki/OS-support#uefi-firmware |
|
Maybe it's just that Zephyr (strings like "Booting Zephyr OS build v3.2.99") is not in that list? I just think that it very much depends on the chip on those systems on how the firmware would need to be analysed but I also understand that emulating and supporting all the chips out here is a hard task (but maybe worth a try) |
|
If you have already automated some tasks that we can start including into EMBA it would be great. The Zephyr strings can be introduced into the S03 module and in the version detection configuration file here. Could you provided a testing firmware and a PR with the updates on the basic Zephyr integration? |
|
While EMBA detects that a large VMDK file is scanned, it would be nice if it could also do some optimisations to make the scan end. At least for my configuration the scan of the following VMDK image lead to 2 OOM-kill (killing the entire Kali VM) after ~ 10 hours each when it had only 8GB of RAM, and a complete Kali VM freeze when it had 16GB memory (and more CPU) after ~15 hours: https://www.infoblox.com/product-evaluation-portal-ddi/ Maybe something to add to your list of interesting firmwares, would be interesting to know if you were able to scan it successfully with a more powerful machine. |
|
Big images could cause issues if your host does not have enough power. What you could do is
|
|
@floyd-fuh 16cores and 32gig of RAM finished the infoblox in 5h 35mins with the default profile. |
|
This issue is stale because it has been open for 28 days with no activity. |
Is your feature request related to a problem? Please describe.
We are always looking for interesting firmware for testing and improving EMBA. This could be:
The text was updated successfully, but these errors were encountered: