-
-
Notifications
You must be signed in to change notification settings - Fork 237
Usage
Before running emba make sure that you have installed all dependencies.
- Execute emba with set parameters, e.g.
sudo ./emba.sh -l ./log -f ./firmware - Path for logs and firmware path are necessary for testing a firmware image.
- You can specify multiple arguments.
- Test only a kernel configuration with the kernel checker of checksec:
sudo ./emba.sh -l ./logs/kernel_conf -k ./kernel.config - If you add
-f ./firmware, it will ignore-kand search for a kernel config inside the firmware - You can specify some arguments.
Good to know:
-
sudois necessary for some modules to run properly, e.g.S115_usermode_emulator.sh - Currently only tested on Kali Linux (2020.4)
- emba needs some free disk space for logging
- emba currently supports the following architectures: MIPS, ARM, PPC, x86 and x64
There is a simple docker-compose setup added, which allows you to run emba in a docker container.
Run interactive docker container:
FIRMWARE=/absolute/path/to/firmware LOG=/home/n/firmware_log/ docker-compose run embaThis will drop you a shell in the folder where emba has been added. The firmware is located at /firmware and the log directory at /log.
./emba.sh -l /log -f /firmware -iLet emba do the work for you, use the -D switch to start emba in Docker mode:
sudo ./emba.sh -l ./log -f /firmware -D- You can specify some arguments.
Limitations:
- CWE-Checker and FACT-extractor are currently used as separate docker containers (see https://github.com/e-m-b-a/emba/issues/70)
- CVE-Search needs the database exposed by the host
Print the possible command line options with
./emba.sh -hTest firmware / live system
-a [MIPS] Architecture of the linux firmware [MIPS, ARM, x86, x64, PPC]
-A [MIPS] Force Architecture of the linux firmware [MIPS, ARM, x86, x64, PPC] (disable architecture check)
-l [./path] Log path
-f [./path] Firmware path
-e [./path] Excludes paths from testing (multiple usage possible)
-m [MODULE_NO.] Tests only with set modules [e.g. -m p05 -m s10 ... ]]
(multiple usage possible, case insensitive, final modules aren't selectable, if firmware isn't a binary, the p modules won't run)
-c Enables cwe-checker
-g Create grep-able log file in [log_path]/fw_grep.log
Schematic: MESSAGE_TYPE;MODULE_NUMBER;SUB_MODULE_NUMBER;MESSAGE
-E Enables automated qemu emulation tests (WARNING this module could harm your host!)
-D Runs emba in docker container
-i Ignores log path check
Web reporter
-W Activates web report creation in log path (overwrites -z)
Dependency check
-d Only checks dependencies
-F Checks dependencies but ignore errors
Special tests
-k [./config] Kernel config path
-x Enable deep extraction - try to extract every file two times with binwalk (WARNING: Uses a lot of disk space)
Modify output
-s Prints only relative paths
-z Adds ANSI color codes to log
Firmware details
-X [version] Firmware version (double quote your input)
-Y [vendor] Firmware vendor (double quote your input)
-Z [device] Device (double quote your input)
-N [notes] Testing notes (double quote your input)
Help
-h Prints this help message
For testing a live system with emba, run it as if you were testing static firmware, but with / as firmware path:
./emba.sh -l ./log -f /- Path for logs and firmware path are necessary for emba.
- It improves output and performance, if you exclude docker with the
-eswitch:./emba.sh -l ./log -f / -e /var/lib/docker
EMBA - firmware security scanning at its best
Sponsor EMBA and EMBArk:
The EMBA environment is free and open source!
We put a lot of time and energy into these tools and related research to make this happen. It's now possible for you to contribute as a sponsor!
If you like EMBA you have the chance to support future development by becoming a Sponsor
Thank You ❤️ Get a Sponsor
You can also buy us some beer here ❤️ Buy me a coffee
To show your love for EMBA with nice shirts or other merch you can check our Spreadshop
EMBA - firmware security scanning at its best