Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "how to use Emba to analyze the firmware of embedded devices based on Linux". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Words written in the front

Emba is a firmware analysis tool for embedded devices based on Linux. In essence, Emba is a firmware scanner that can help researchers analyze extracted firmware images based on Linux. With the help of this tool, we can easily identify and analyze interesting parts of a large firmware image. Although Emba supports offline firmware images, it can analyze real-time systems or extracted images at the same time. In addition, Emba can also analyze kernel configuration, and its main functions are also designed for penetration testers. The tool requires researchers to interact with it and provides researchers with as much information as possible about the target firmware. Testers can decide which mirror areas to focus on, and interpret and verify the analysis results.

Tool dependency component readelffindgrepmodinforealpathsedcutsortbasenamestringsbcnetstat optional: tree optional: shellcheck optional: docker optional: docker-compose optional: yara optional: qemu optional: binwalk optional: cve-search optional: cve-searchsploit

To detect these dependent components, run the following command:

Sudo. / emba.sh-d

To install all dependent components, you can run the following command:

Sudo. / installer.sh tool usage

Before we begin, we need to check that the host has installed and configured all the dependent components needed for Emba to run, and install it using the installer.sh script.

First, we need to clone the project source code locally using the following command:

Git clone https://github.com/e-m-b-a/emba.git

Next, run the installation script:

Sudo. / installer.sh

Once installed, we can run Emba using the following command:

Sudo. / emba.sh optional parameter Test firmware / live system-a [MIPS] Architecture of the linux firmware [MIPS, ARM, x86, x64, PPC]-A [MIPS] Force Architecture of the linux firmware [MIPS, ARM, x86, x64, PPC] (disable architecture check)-l [. / path] Log path-f [. / path] Firmware path-e [. / path] Exclude paths from testing (multiple usage possible)-m [MODULE_NO.] Test only with set modules [e.g.-m p05-m S10...] (multiple usage possible, case insensitive, final modules aren't selectable, if firmware isn't a binary, the p modules won't run)-c Enable cwe-checker-g Create grep-able log file in [log_path] / fw_grep.log Schematic: MESSAGE_TYPE;MODULE_NUMBER;SUB_MODULE_NUMBER MESSAGE-E Enable automated qemu emulation tests (WARNING this module could harm your host!)-D Run emba in docker container-i Ignore log path check Dependency check-d Only check dependencies-F Check dependencies but ignore errors Special tests-k [. / config] Kernel config path Modify output-s Print only relative paths-z Add ANSI Color codes to log Firmware details-X [version] Firmware version (double quote your input)-Y [vendor] Firmware vendor (double quote your input)-Z [device] Device (double quote your input)-N [notes] Testing notes (double quote your input) Help-h Print this help messageDocker Container

The tool also provides a simple Docker-Compose installation to help us run Emba in a Docker container. Next, we need to run Docker manually in Docker as follows.

Build:

Docker-compose build emba

Run:

Sudo. / emba.sh-l. / logs/path_log-f. / firmware/path_firmware/-D

Run the interactive Docker container:

FIRMWARE=/absolute/path/to/firmware LOG=/home/n/firmware_log/ docker-compose run emba

We can also use the-D option to switch the Docker mode of Emba:

The sudo. / emba.sh-z-s-l. / logs_docker_test1-f / home/m1k3/git-repos/testimages/testimages/testimages/MIPS_router-E-D tool uses a sample static firmware test:

Use binwalk to extract firmware from uploaded files or flash memory

Use the following command to execute Emba:

Sudo. / emba.sh-l. / logs/arm_test-f. / firmware/arm_firmware/

Test kernel configuration: sudo. / emba.sh-l. / logs/kernel_conf-k. / kernel.config license agreement

The development and release of this project follows the GPL v3.0 open source license agreement.

This is the end of the content of "how to use Emba to analyze the firmware of embedded devices based on Linux". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.