Firmware diffing

Note: Preview information! Not finished! Currently not in EMBA included! Planned for v1.3.1 :)

In different security areas around firmware it is quite helpful to identify the changes between different firmware versions. For example, in exploit development you are probably interested in the changes between the latest two firmware versions. As it is usually quite hard to extract enough useful information from the published advisories or the CVE details, the only thing is to check the differences between firmware releases to tear down the fixed vulnerability.

EMBA is able to identify the differences between different firmware versions using fuzzy hash diffing with ssdeep.

The -o option allows the setup of a 2nd firmware. This is usually the newer firmware version:

sudo ./emba -f ~/DIR600B1_2_FW205b01.zip -o ~/DIR600B_FW206b01_FOR_Hardware_B.bin -l ~/emba_logs_dir600-diff

Overview of both firmware images

In diff mode EMBA first gives some details of both firmware images.

1st firmware overview:

2nd firmware overview:

Extraction of both firmware images

1st firmware extraction:

2nd firmware extraction:

Fuzz diffing firmware

Overview page:

ASCII diffing details:

Binary diffing details:

EMBA - firmware security scanning at its best

Sponsor EMBA and EMBArk:

The EMBA environment is free and open source!

We put a lot of time and energy into these tools and related research to make this happen. It's now possible for you to contribute as a sponsor!

If you like EMBA you have the chance to support future development by becoming a Sponsor

Thank You ❤️ Get a Sponsor
You can also buy us some beer here ❤️ Buy me a coffee

To show your love for EMBA with nice shirts or other merch you can check our Spreadshop