Emba is designed to give as much information as possible about the firmware.
The tester can decide on the areas to focus on and is always responsible for verifying and interpreting the results.
How to use it?
Before starting, check that all dependencies are met and use the installer.sh script: ./emba.sh -d or ./emba.sh -d -F
Arguments:
Test firmware / live system
-a [MIPS] Architecture of the linux firmware [MIPS, ARM, x86, x64, PPC]
-A [MIPS] Force Architecture of the linux firmware MIPS, ARM, x86, x64, PPC
-l [./path] Log path
-f [./path] Firmware path
-e [./path] Exclude paths from testing (multiple usage possible)
-m [MODULE_NO.] Test only with set modules [e.g. -m p05 -m s10 ... ]] multiple usage possible, case insensitive, final modules aren't selectable, if firmware isn't a binary, the p modules won't run)
-c Enable cwe-checker
-g Create grep-able log file in [log_path]/fw_grep.log
Schematic: MESSAGE_TYPE;MODULE_NUMBER;SUB_MODULE_NUMBER;MESSAGE
-E Enable automated qemu emulation tests (WARNING this module could harm your host!)
-D Run emba in docker container
-i Ignore log path check
Dependency check
-d Only check dependencies
-F Check dependencies but ignore errors
Special tests
-k [./config] Kernel config path
Modify output
-s Print only relative paths
-z Add ANSI color codes to log
Firmware details
-X [version] Firmware version (double quote your input)
-Y [vendor] Firmware vendor (double quote your input)
-Z [device] Device (double quote your input)
-N [notes] Testing notes (double quote your input)
Help
-h Print this help message
For testing live system:
Emba run it as if you were testing static firmware, but with / as firmware path:
sudo ./emba.sh -l ./logs/local_test -f /
Path for logs and firmware path are necessary for testing successfully
Architecture will be detected automatically; you can overwrite it with-a [ARCH]
Use -A [ARCH] if you don't want to use auto-detection for architecture
The paths /proc and /sys will be automatically excluded
It improves output and performance if you exclude docker -e /var/lib/docker
Test kernel config:
Test only a kernel configuration with the kernel checker of checksec:
sudo ./emba.sh -l ./logs/kernel_conf -k ./kernel.config
If you add -f ./firmware/x86_firmware/, it will ignore -k and search for a kernel config inside the firmware points to be noted while using:
sudo is necessary for some modules to run properly
Currently only tested on Kali Linux(2020.4)
emba needs some free disk space for logging
emba uses well-known tools like objdump, LinEnum, checksec, linux-exploit-suggester.sh, cwe-checker
Download Tool: https://github.com/e-m-b-a/emba
Top comments (0)