Skip to content

Releases: e-m-b-a/emba

EMBA v1.4.0 - ICS testing Edt.

05 Mar 10:04
@m-1-k-3 m-1-k-3
1.4.0-ICS-testing-edt
c98898e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
EMBA v1.4.0 - ICS testing Edt. Latest
Latest

As we do a lot of ICS/OT testing in our daily business, we thought this release should reflect our usual EMBA usage scenario. Welcome to another huge EMBA release with a lot new features: EMBA v1.4.0 - ICS testing Editition

image

This time we have collected the following highlights for you:

  • less bugs -> more code -> more bugs? -> report all our bugs here
  • Extended binary analysis via semgrep (see module s16)
  • New static perl analysis via zarn (see module s27)
  • Toolchain identification (see wiki)
  • Improved update checking (see wiki)
  • New scan interface (with integrated status bar) automatically enabled in most scan-profiles
  • Improved multiple backend workflows
  • Massive speedup of multiple EMBA modules (see #1006 / #996)
  • Updated docker base image (see wiki)
  • You can get in contact with us on the following social networks: X / Mastodon / NEW: Bluesky
  • We can meet in real life at BlackHat Asia this year (see Arsenal schedule)
  • Special thanks to our awesome community for releasing multiple new articles around EMBA - see our dedicated section in the wiki

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
image
Check it out here and start being an essential part of the future of EMBA

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

Welcome to the EMBA firmware analysis environment and thank you for your valuable contribution.

What's Changed

Read more

Contributors

m-1-k-3, floyd-fuh, and 5 other contributors
Assets 2
0 Join discussion

EMBA v1.3.2 - EMBArk is out

12 Dec 13:07
@m-1-k-3 m-1-k-3
1.3.2-EMBArk_is_here
04a97e1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
EMBA v1.3.2 - EMBArk is out

The last EMBA release is not too long ago but in the mean time there was so much going on ... The most important thing is ...


The first official EMBArk release is out now!

Everything started as an idea in the beginning of 2021. The idea was to build an enterprise ready open source firmware analysis environment on top of EMBA. This environment should allow every product security team as well as every penetration tester and security researcher to use professional firmware analysis to improve the security of IoT/OT/ICS ... (you name it) devices as easy as possible. This idea was mixed up to an AMOS research project, where a team of students built a first PoC of EMBArk. You can find the original project here. From there on continuous work, improvement and testing was running more or less under the radar. Until today ... EMBArk is stable and ready for more! Kudos to @BenediktMKuehne for pushing it to the next level.

Say hi to our centralized firmware security analysis environment EMBArk! Check it out here, use it, give us feedback or improve it and start being part of this open source environment.

On EMBA side we have some "bumpy" weeks in the neck:

  • As the NIST API is currently changing and we had some serious issues with our cve-search integration we decided to rewrite it by ourself. This process took us some time to get the CVE identification feature fully working again. Thanks for all your testing and feedback during this process. With the new integration EMBA is faster, more stable and the installation is not that error prone anymore.
  • UEFI analysis integration was massively improved - see here
  • A lot of code cleanup was done by @HoxhaEndri
  • A new update check functionality by @HoxhaEndri
  • Improved firmware diffing environment - see here
  • Updated and new reporting templates by @413x8
  • Your great feedback is now collected in our wiki
  • Further public online resources are available and collected here
  • New support possibilities via patreon or buymeacoffee

Thank you for all your feedback and your testing since version 1.3.1!

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome two of them:

Welcome to the EMBA environment and thank you for your valuable contribution.

We are looking for (release) sponsors here

What's Changed

New Contributors

  • @413x8 made their first contribution in h...
Read more

Contributors

m-1-k-3, mj138, and 3 other contributors
Assets 2
0 Join discussion

EMBA v1.3.1 - Diff it

01 Nov 14:06
@m-1-k-3 m-1-k-3
1.3.1-diff-all-the-firmwares
42ed908
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
EMBA v1.3.1 - Diff it

What happened since the last EMBA release?

There was the absolute great #Hackersummercamp with our talks at BSidesLV, ICS Village (DEF CON) and Black Hat (Arsenal). The recording of the BSides talk is already available here. Beside this, Nate did a really great talk at BruCON – see here.

Beside a lot of code cleanup, bug fixing and some little improvements the new firmware diffing mode is one of the highlights in version 1.3.1.
In 1 day bug hunting, exploit development and the identification of silent patching it is quite common to identify the differences between two firmware releases.
To use this new feature (as usual in a very early alpha state) it is now possible to define a second firmware with the -o parameter. EMBA starts with some basic analysis of both firmware images, extracts both images and finds the differences between these firmware images:

image

If the file is some ASCII file a nice diff is shown:

image

If the file is a binary file we use radare2 for further analysis:

image

For further details check our Wiki

Happy bug hunting :)

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
image
Check it out here and start being an essential part of the future of EMBA

What's Changed

Full Changelog: 1.3.0-AI-for-EMBA...1.3.1-diff-all-the-firmwares

Contributors

m-1-k-3, HoxhaEndri, and BenediktMKuehne
Assets 2
0 Join discussion

EMBA v1.3.0 - AI-Assisted Firmware Analysis

25 Jul 09:49
@m-1-k-3 m-1-k-3
1.3.0-AI-for-EMBA
8bcb671
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
EMBA v1.3.0 - AI-Assisted Firmware Analysis

Q: Can we use AI for firmware analysis?
A: Sure, let's do it! EMBA now supports AI-assisted firmware analysis.

Again, we rise the bar in the field of Open-Source firmware security analysis. After establishing user-mode emulation or system emulation this time we moved to AI-assisted firmware analysis. More details about our AI integration are available in our Wiki

#Hackersummercamp ahead!
We got the amazing opportunity to show EMBA at the BSides conference in Las Vegas. The schedule is available here.

Additionally, you will find us with a live EMBA demo at Black Hat Arsenal

See you all in Vegas

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

image

Check it out here and start being an essential part of the future of EMBA

What's Changed

Read more

Contributors

m-1-k-3, HoxhaEndri, and BenediktMKuehne
Assets 2
1 Join discussion

EMBA v1.2.3 - R.I.P. Binwalk

11 May 13:53
@m-1-k-3 m-1-k-3
1.2.3-RIP-binwalk
02fd6ab
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
EMBA v1.2.3 - R.I.P. Binwalk

Binwalk, it was a long and great time with you. Now, you are a bit old and rusty and we had some issues in the past. Looks like we need to change our relationship a little bit ...

image

The binwalk extractor is already unmaintained for a quite long time period. In this time, we jumped in with multiple extractor modules within EMBA to keep the great extraction up. In the last year we have looked quite interested at the development process of Unblob.
We already integrated Unblob as an evaluation module a while ago. Currently it is integrated as the second extraction framework beside binwalk to jump in if our main binwalk/EMBA approach failed.

Now, it is time to change the game and to make Unblob to our main extractor and use binwalk only in the rare case Unblob failed.

Another very cool highlight is the acceptance of EMBA in the embedded research environment. Nate released a great article around analysing IoT devices here

image

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also become a sponsor.

image

Check it out here and start being an essential part of the future of EMBA

What's Changed

  • L25 improvements / multiple little fixes by @m-1-k-3 in #535
  • L10 module improvements by @m-1-k-3 in #543
  • New version strings (Flex and NBTscan) by @HoxhaEndri in #549
  • L10 improvement round x by @m-1-k-3 in #550
  • links in templates by @m-1-k-3 in #555
  • Freetz extraction module deprecated by @m-1-k-3 in #554
  • fix for #551 by @m-1-k-3 in #553
  • Testing workflows by @BenediktMKuehne in #541
  • Improve web crawler (L25) by @m-1-k-3 in #557
  • Updated installer.sh for "ubuntu debian" /etc/os-release and new version string by @HoxhaEndri in #552
  • SNMP module improvements by @m-1-k-3 in #565
  • Remove warning apt-key is deprecated by @HoxhaEndri in #564
  • update entropy output by @BenediktMKuehne in #566
  • Ignore files containing the following paths: /dev/ /proc/ /sys/ by @HoxhaEndri in #569
  • Fix arch detection in f50 by @m-1-k-3 in #567
  • Install fixes by @m-1-k-3 in #570
  • fix l10 error case by @m-1-k-3 in #571
  • Improved default profile handling / running modules script by @m-1-k-3 in #572
  • Fail fetch aspnetcore-targeting-pack when cleaning up by @m-1-k-3 in #579
  • Metasploit database update by @github-actions in #581
  • CISA known exploited database update by @github-actions in #582
  • Packetstorm database update by @github-actions in #585
  • Snyk database update by @github-actions in #584
  • Trickest PoC database update by @github-actions in #583
  • fix actions, fix l10 lnk fixer by @m-1-k-3 in #580
  • remove unneeded resource by @BenediktMKuehne in #586
  • Revert "remove unneeded resource" by @m-1-k-3 in #587
  • SBOM generation fix for non vuln components by @m-1-k-3 in #589
  • Avoiding /proc and /sys paths (-xdev) in symlink script and check for missing symlinks in s115 by @HoxhaEndri in #590
  • Packetstorm database update by @github-actions in #597
  • Snyk database update by @github-actions in #596
  • CISA known exploited database update by @github-actions in #594
  • Metasploit database update by @github-actions in #593
  • Lua script analysis support, UPnP live module, improvements by @m-1-k-3 in #591
  • R.I.P. binwalk by @m-1-k-3 in #598
  • ignore named pipe by @HoxhaEndri in #601
  • Packetstorm database update by @github-actions in #607
  • Snyk database update by @github-actions in #606
  • Metasploit database update by @github-actions in #604
  • apk extraction fix by @m-1-k-3 in #603
  • R2 decompiler integration by @m-1-k-3 in #608
  • url update for sasquatch deb by @m-1-k-3 in #609
  • update ubuntu libssl source by @BenediktMKuehne in #610
  • Small cleanup fixes by @m-1-k-3 in #611
  • Packetstorm database update by @github-actions in #616
  • Snyk database update by @github-actions in #615
  • CISA known exploited database update by @github-actions in #614
  • Metasploit database update by @github-actions in #613
  • Hnap detection support for system emulator by @m-1-k-3 in #612
  • Version 1.2.3 by @m-1-k-3 in #621

New Contributors

Full Changelog: 1.2.2-bluehat...1.2.3-RIP-binwalk

Contributors

m-1-k-3, HoxhaEndri, and BenediktMKuehne
Assets 2
0 Join discussion

EMBA v1.2.2 - Blue Hat edt.

14 Mar 20:26
@m-1-k-3 m-1-k-3
1.2.2-bluehat
01bbd50
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
EMBA v1.2.2 - Blue Hat edt.

EMBA was shown at Microsoft Blue Hat Conference by Nate. See here for a picture of Nate himself on the stage and here you can find his slides.

image

It is so awesome to see that EMBA gets more and more used from the research community.

Spread the word and secure the Internet of Things with EMBA!

As usual we have fixed a huge number of little bugs everywhere within EMBA. Beside these fixes we also introduced the following highlights:

  • New analysis module for better Lighttpd analysis (see #469)
  • New analysis module for Android apk analysis (see #495)
  • Multiple improvements of the JTR password cracking module (includes the possibility to use a word list) (see #473 and #482)
  • More modules supporting csv exports
  • Better disk space monitoring
  • Multiple improvements for the system emulator
  • Installer has now PIPv23 support (with this also the latest Kali builds are supported)
  • Improved restart mechanism
  • Further Unblob extractor integration
  • Multiple workflow improvements
  • regular PoC and Exploit updates

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now become a sponsor.

image

Check it out here and start being an essential part of the future of EMBA

Additionally, I want to highlight our second project EMBArk which got some huge updates in the last time! Great work @BenediktMKuehne

What's Changed

  • Lighttpd analysis module by @m-1-k-3 in #469
  • s08 safe_echo fix by @m-1-k-3 in #470
  • p35 - true to not fail, s26 - check for files by @m-1-k-3 in #471
  • JTR crack multiple hash types by @m-1-k-3 in #473
  • deprecated -l option by @m-1-k-3 in #476
  • s36 fixes, renamed p61 by @m-1-k-3 in #477
  • System emulator improvements by @m-1-k-3 in #478
  • Respect module blacklist in waiting state / Installer fix by @m-1-k-3 in #479
  • Exploit database update, debug mode, command line tests by @m-1-k-3 in #481
  • Add wordlist mechanism to s109 by @m-1-k-3 in #482
  • csv export of p59, p60 and p70 by @m-1-k-3 in #483
  • disk space monitor, rpm package analysis by @m-1-k-3 in #485
  • Improve output of help command by @m-1-k-3 in #492
  • Setup further workflows by @m-1-k-3 in #490
  • Remove timezone setting by @m-1-k-3 in #494
  • Refactor, PID log, Github actions, APKHunt by @m-1-k-3 in #495
  • Packetstorm database update by @github-actions in #498
  • Snyk database update by @github-actions in #497
  • Metasploit database update by @github-actions in #496
  • Improve restart EMBA analysis feature by @m-1-k-3 in #499
  • Fix install with pip v23+ by @m-1-k-3 in #500
  • Another PIPv23 fix by @m-1-k-3 in #501
  • return if empty by @m-1-k-3 in #502
  • Input validation by @m-1-k-3 in #505
  • Check for update setting by @m-1-k-3 in #504
  • Routersploit update workflow by @m-1-k-3 in #503
  • Dependency checker, workflow by @m-1-k-3 in #506
  • Metasploit database update by @github-actions in #509
  • Snyk database update by @github-actions in #510
  • CISA known exploited database update by @github-actions in #512
  • Packetstorm database update by @github-actions in #514
  • System emulation improvements, workflow by @m-1-k-3 in #515
  • CVE state message printing by @m-1-k-3 in #518
  • Packetstorm database update by @github-actions in #528
  • Snyk database update by @github-actions in #527
  • CISA known exploited database update by @github-actions in #525
  • Routersploit database update by @github-actions in #524
  • Metasploit database update by @github-actions in #523
  • Trickest PoC database update by @github-actions in #526
  • Input adjustment by @m-1-k-3 in #529
  • version validation by @m-1-k-3 in #530
  • PATH variable bug by @m-1-k-3 in #531

New Contributors

  • @github-actions made their first contribution in #498

Full Changelog: 1.2.1...1.2.2-bluehat

Contributors

m-1-k-3 and BenediktMKuehne
Assets 2
0 Join discussion

EMBA v1.2.1

02 Feb 07:02
@m-1-k-3 m-1-k-3
1.2.1
2f37e4f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
EMBA v1.2.1

Beside a huge number of bug fixes this release introduces multiple new features. You are invited to celebrate the new EMBA version with us.

Spread the word and secure the Internet of Things with EMBA!

As usual we have fixed a huge number of little bugs everywhere within EMBA. Beside these fixes we also introduced the following highlights:

  • Renamed emba.sh to emba
  • Packetstorm as PoC/Exploit source for matching the SBOM against (see #434)
  • Snyk as PoC/Exploit source for matching the SBOM against (see #434)
  • Kernel vulnerability verification via Symbols and kernel compilation (see #451 and https://arxiv.org/pdf/2209.05217.pdf)
  • Hexagon support (see #395 and #467)
  • Allow for kernel config tests only with the EMBA parameter -k
  • Multiple system-mode emulation improvements (improved emulation rate, improved service startups, better stop handling, ...)
  • Kali Linux 2022.4 is fully supported and the docker image is updated to the current Kali release

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now become a sponsor.

image

Check it out here and start being an essential part of the future of EMBA

What's Changed

Full Changelog: 1.2.0-London-Calling...1.2.1

Contributors

m-1-k-3 and BenediktMKuehne
Assets 2
0 Join discussion

EMBA v1.2.0 - London Calling

05 Dec 12:17
@m-1-k-3 m-1-k-3
1.2.0-London-Calling
74fdf92
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
EMBA v1.2.0 - London Calling

Beside bug fixes this release introduces many new features. You are invited to celebrate the new EMBA version with us.

Spread the word and secure the Internet of Things with EMBA!

image

Since version 1.1.0 we introduced several new features and a lot of improved areas:

  • New architecture support for system-mode emulation (ARM64, MIPS64, x86)
  • New Metasploit integration into system-mode emulation
  • New Kernel config identification, extraction and testing
  • New extraction module for Qemu QCOW2 firmware
  • Improved Unblob integration
  • Improved UEFI extraction and analysis
  • Improved RTOS analysis
  • New module blacklisting feature
  • Zyxel extraction module
  • Improved rootfs detection

What's Changed in detail

New Contributors

Full Changelog: 1.1.0-Las-Vegas-Edt...1.2.0-London-Calling

Contributors

m-1-k-3, nuschpl, and 3 other contributors
Assets 2
0 Join discussion

EMBA v1.1.3 - Metasploit Edt.

27 Oct 07:48
@m-1-k-3 m-1-k-3
1.1.3-Metasploit-Edt
7477450
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
EMBA v1.1.3 - Metasploit Edt.

Highlights:

We included the awesome Metasploit Framework into EMBA's system emulation engine! Check this PR for further details including a link to a testing firmware for your smooth start.

image

What's Changed

Full Changelog: 1.1.2-Knight-Rider-Edt...1.1.3-Metasploit-Edt

Contributors

m-1-k-3 and BenediktMKuehne
Assets 2
0 Join discussion

EMBA v1.1.2 - Knight Rider Edt.

04 Oct 07:27
@m-1-k-3 m-1-k-3
1.1.2-Knight-Rider-Edt
eb33fe4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
EMBA v1.1.2 - Knight Rider Edt.

Highlights:

Bonnie: I have a new feature integrated into K.I.T.T.
Michael: Give me more details
K.I.T.T.: With my new friend EMBA I am able to find the weak spot in every firmware.

40 years later ... K.I.T.T. is definitive able to analyze firmware with EMBA

image

Beside bug fixes this release introduces many new features. Since version 1.1.1 we introduced several new features and multiple improved areas:

  • Thx to @nuschpl the Installer supports non-english systems (see #296)
  • NIOS2 architecture support (see #306)
  • Semgrep introduction into bash checking module S20 (see #321)
  • Module, CVE blacklisting (see #305 and #317)
  • Deep extractor improvements and module split (P59 and P60) (see #326)
  • Zyxel extractor as P22 (see #316 and DC30 Slides)
  • Respect docker user group (see #324)
  • Initial unblob integration as evaluation module P61 (see #306)

What's Changed in more detail

New Contributors

Full Changelog: 1.1.1...1.1.2-Knight-Rider-Edt

Contributors

m-1-k-3, nuschpl, and p4cx
Assets 2
0 Join discussion