EMBA v1.2.2 - Blue Hat edt.

EMBA was shown at Microsoft Blue Hat Conference by Nate. See here for a picture of Nate himself on the stage and here you can find his slides.

It is so awesome to see that EMBA gets more and more used from the research community.

---

Spread the word and secure the Internet of Things with EMBA!

---

As usual we have fixed a huge number of little bugs everywhere within EMBA. Beside these fixes we also introduced the following highlights:

• New analysis module for better Lighttpd analysis (see #469)
• New analysis module for Android apk analysis (see #495)
• Multiple improvements of the JTR password cracking module (includes the possibility to use a word list) (see #473 and #482)
• More modules supporting csv exports
• Better disk space monitoring
• Multiple improvements for the system emulator
• Installer has now PIPv23 support (with this also the latest Kali builds are supported)
• Improved restart mechanism
• Further Unblob extractor integration
• Multiple workflow improvements
• regular PoC and Exploit updates

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now become a sponsor.

Check it out here and start being an essential part of the future of EMBA

Additionally, I want to highlight our second project EMBArk which got some huge updates in the last time! Great work @BenediktMKuehne

What's Changed

• Lighttpd analysis module by @m-1-k-3 in #469
• s08 safe_echo fix by @m-1-k-3 in #470
• p35 - true to not fail, s26 - check for files by @m-1-k-3 in #471
• JTR crack multiple hash types by @m-1-k-3 in #473
• deprecated -l option by @m-1-k-3 in #476
• s36 fixes, renamed p61 by @m-1-k-3 in #477
• System emulator improvements by @m-1-k-3 in #478
• Respect module blacklist in waiting state / Installer fix by @m-1-k-3 in #479
• Exploit database update, debug mode, command line tests by @m-1-k-3 in #481
• Add wordlist mechanism to s109 by @m-1-k-3 in #482
• csv export of p59, p60 and p70 by @m-1-k-3 in #483
• disk space monitor, rpm package analysis by @m-1-k-3 in #485
• Improve output of help command by @m-1-k-3 in #492
• Setup further workflows by @m-1-k-3 in #490
• Remove timezone setting by @m-1-k-3 in #494
• Refactor, PID log, Github actions, APKHunt by @m-1-k-3 in #495
• Packetstorm database update by @github-actions in #498
• Snyk database update by @github-actions in #497
• Metasploit database update by @github-actions in #496
• Improve restart EMBA analysis feature by @m-1-k-3 in #499
• Fix install with pip v23+ by @m-1-k-3 in #500
• Another PIPv23 fix by @m-1-k-3 in #501
• return if empty by @m-1-k-3 in #502
• Input validation by @m-1-k-3 in #505
• Check for update setting by @m-1-k-3 in #504
• Routersploit update workflow by @m-1-k-3 in #503
• Dependency checker, workflow by @m-1-k-3 in #506
• Metasploit database update by @github-actions in #509
• Snyk database update by @github-actions in #510
• CISA known exploited database update by @github-actions in #512
• Packetstorm database update by @github-actions in #514
• System emulation improvements, workflow by @m-1-k-3 in #515
• CVE state message printing by @m-1-k-3 in #518
• Packetstorm database update by @github-actions in #528
• Snyk database update by @github-actions in #527
• CISA known exploited database update by @github-actions in #525
• Routersploit database update by @github-actions in #524
• Metasploit database update by @github-actions in #523
• Trickest PoC database update by @github-actions in #526
• Input adjustment by @m-1-k-3 in #529
• version validation by @m-1-k-3 in #530
• PATH variable bug by @m-1-k-3 in #531

New Contributors

• @github-actions made their first contribution in #498

Full Changelog: 1.2.1...1.2.2-bluehat

EMBA v1.2.1

Beside a huge number of bug fixes this release introduces multiple new features. You are invited to celebrate the new EMBA version with us.

---

Spread the word and secure the Internet of Things with EMBA!

---

As usual we have fixed a huge number of little bugs everywhere within EMBA. Beside these fixes we also introduced the following highlights:

• Renamed emba.sh to emba
• Packetstorm as PoC/Exploit source for matching the SBOM against (see #434)
• Snyk as PoC/Exploit source for matching the SBOM against (see #434)
• Kernel vulnerability verification via Symbols and kernel compilation (see #451 and https://arxiv.org/pdf/2209.05217.pdf)
• Hexagon support (see #395 and #467)
• Allow for kernel config tests only with the EMBA parameter -k
• Multiple system-mode emulation improvements (improved emulation rate, improved service startups, better stop handling, ...)
• Kali Linux 2022.4 is fully supported and the docker image is updated to the current Kali release

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now become a sponsor.

Check it out here and start being an essential part of the future of EMBA

What's Changed

• Exit of add_partition in L10 by @m-1-k-3 in #430
• log dir on dep check by @m-1-k-3 in #428
• Nikto dep fix by @m-1-k-3 in #429
• cwe-checker install latest master by @m-1-k-3 in #431
• Further trickest blacklist entries by @m-1-k-3 in #432
• Freetzng-fix by @BenediktMKuehne in #433
• update sub-shell pwd fix by @BenediktMKuehne in #435
• Add Packetstorm and Snyk PoC sources by @m-1-k-3 in #434
• Full install fixes by @m-1-k-3 in #436
• s115 - empty log handling by @m-1-k-3 in #438
• Minimal cve-search installation / Dependency issues by @m-1-k-3 in #442
• blacklist update by @m-1-k-3 in #441
• Introducing module_wait helper function by @m-1-k-3 in #439
• Fix dependencies by @m-1-k-3 in #445
• Code cleanup - comments by @m-1-k-3 in #446
• Copyright updates 2023 by @m-1-k-3 in #447
• Kernel downloader and vulnerability verifier by @m-1-k-3 in #451
• cron job fix by @m-1-k-3 in #453
• L10 improvements, more services by @m-1-k-3 in #454
• Kernel config analysis by @m-1-k-3 in #455
• Update the known exploit behaviour by @m-1-k-3 in #458
• example disable profile by @m-1-k-3 in #457
• Refactoring by @m-1-k-3 in #462
• exploit databases updated by @m-1-k-3 in #466
• S12 - checksec implementation fix by @m-1-k-3 in #463
• Improve stop of system emulation by @m-1-k-3 in #465
• Hexagon support by @m-1-k-3 in #467

Full Changelog: 1.2.0-London-Calling...1.2.1

EMBA v1.2.0 - London Calling

Beside bug fixes this release introduces many new features. You are invited to celebrate the new EMBA version with us.

---

Spread the word and secure the Internet of Things with EMBA!

---

Since version 1.1.0 we introduced several new features and a lot of improved areas:

• New architecture support for system-mode emulation (ARM64, MIPS64, x86)
• New Metasploit integration into system-mode emulation
• New Kernel config identification, extraction and testing
• New extraction module for Qemu QCOW2 firmware
• Improved Unblob integration
• Improved UEFI extraction and analysis
• Improved RTOS analysis
• New module blacklisting feature
• Zyxel extraction module
• Improved rootfs detection

What's Changed in detail

• Shadow file detection, mipsn32 in user mode emulation, fixes by @m-1-k-3 in #285
• Fix notification system on Ubuntu installation by @m-1-k-3 in #286
• FwHunt, CWE-Checker, Cyclone SBOM, Bug fixes, kernel-to-elf by @m-1-k-3 in #291
• Improve cwe-checker integration by @m-1-k-3 in #292
• v1.1.1 by @m-1-k-3 in #293
• fix for installer.sh failing with non-english locale by @nuschpl in #296
• Limit check to modules directory by @p4cx in #300
• NIOS2 architecture, Unblob eval, restart scan, semgrep, ... by @m-1-k-3 in #306
• Installer updates by @m-1-k-3 in #312
• Grepit and semgrep improvements by @m-1-k-3 in #311
• Sanitizing environment by @m-1-k-3 in #314
• Cleanup: Tabs vs spaces by @m-1-k-3 in #323
• Routersploit state fix by @m-1-k-3 in #322
• CWE check output bug by @m-1-k-3 in #320
• Replace chroot with jchroot by @m-1-k-3 in #313
• Semgrep integration into S20 module by @m-1-k-3 in #321
• Module blacklisting by @m-1-k-3 in #317
• semgrep fixes for status bar by @m-1-k-3 in #315
• Zyxel extract module by @m-1-k-3 in #316
• zyxel cleanup for usg310 by @m-1-k-3 in #325
• Respect docker group - no sudo by @m-1-k-3 in #324
• Deep extractor improvements by @m-1-k-3 in #326
• Beware of memory issues by @m-1-k-3 in #328
• 1.1.2 cleanup by @m-1-k-3 in #329
• Version 1.1.2 by @m-1-k-3 in #333
• Restart of directory based firmware not possible by @m-1-k-3 in #337
• Remove grepit 0 results by @m-1-k-3 in #339
• Little fixes (S06, S03, S109) by @m-1-k-3 in #340
• cleanup, P03 removed by @m-1-k-3 in #344
• fix php iniscan by @m-1-k-3 in #343
• RTOS analysis improvements by @m-1-k-3 in #341
• restore bindip instead of delete file by @BenediktMKuehne in #346
• pip install for requests by @m-1-k-3 in #351
• docker-compose version check by @m-1-k-3 in #347
• shellcheck disable cleanup by @m-1-k-3 in #349
• Kernel config search and check by @m-1-k-3 in #348
• Dependency checker includes the container by @m-1-k-3 in #352
• SECURITY.md by @m-1-k-3 in #354
• Create semgrep.yml by @m-1-k-3 in #355
• Create codacy.yml by @m-1-k-3 in #358
• Metasploit system emulation integration by @m-1-k-3 in #357
• Multiple style fixes by @m-1-k-3 in #359
• Linting by @m-1-k-3 in #360
• fix fail if already satisfied by @BenediktMKuehne in #361
• Print function fix by @m-1-k-3 in #363
• Kernel config extraction in S24 by @m-1-k-3 in #364
• Cleanup round by @m-1-k-3 in #365
• EMBA v1.1.3 by @m-1-k-3 in #366
• exit code fix by @m-1-k-3 in #373
• lzo - ubi extractor fix by @m-1-k-3 in #381
• Prepare support for further architectures by @m-1-k-3 in #380
• typo by @m-1-k-3 in #384
• Check disk space for installation by @m-1-k-3 in #385
• New Kernels for system emulation, qcow extractor by @m-1-k-3 in #396
• installer - missed this by @m-1-k-3 in #397
• Add rootfs detection by path of /bin/sh by @jlucius in #394
• Qualcom DSP6 - basic support by @m-1-k-3 in #399
• Installer fix by @m-1-k-3 in #401
• nikto install fix by @m-1-k-3 in #398
• Better UEFI extractor by @BenediktMKuehne in #374
• Make installer.sh executeable again by @jlucius in #403
• ARM64 support by @m-1-k-3 in #402
• Check project updates by @m-1-k-3 in #406
• Improve CSV export of s24 by @m-1-k-3 in #408
• Trickest blacklist by @m-1-k-3 in #411
• log color, init sort, web reporter by @m-1-k-3 in #412
• Add CVE Trickest Blacklist by @jlucius in #413
• User-mode emulator fixes by @m-1-k-3 in #414
• Remove wget log during installation by @m-1-k-3 in #416
• s115 jchroot bypass by @m-1-k-3 in #417
• Sasquatch split binwalk vs unblob by @m-1-k-3 in #418
• Unblob it in case binwalk fails by @m-1-k-3 in #421
• Exit on sasquatch dependency error by @m-1-k-3 in #420
• P61 tree output fix by @m-1-k-3 in #422
• l10 vlan infos by @m-1-k-3 in #423
• v1.2.0 by @m-1-k-3 in #424

New Contributors

• @nuschpl made their first contribution in #296
• @jlucius made their first contribution in #394

Full Changelog: 1.1.0-Las-Vegas-Edt...1.2.0-London-Calling

EMBA v1.1.3 - Metasploit Edt.

Highlights:

We included the awesome Metasploit Framework into EMBA's system emulation engine! Check this PR for further details including a link to a testing firmware for your smooth start.

What's Changed

• Restart of directory based firmware not possible by @m-1-k-3 in #337
• Remove grepit 0 results by @m-1-k-3 in #339
• Little fixes (S06, S03, S109) by @m-1-k-3 in #340
• cleanup, P03 removed by @m-1-k-3 in #344
• fix php iniscan by @m-1-k-3 in #343
• RTOS analysis improvements by @m-1-k-3 in #341
• restore bindip instead of delete file by @BenediktMKuehne in #346
• pip install for requests by @m-1-k-3 in #351
• docker-compose version check by @m-1-k-3 in #347
• shellcheck disable cleanup by @m-1-k-3 in #349
• Kernel config search and check by @m-1-k-3 in #348
• Dependency checker includes the container by @m-1-k-3 in #352
• SECURITY.md by @m-1-k-3 in #354
• Create semgrep.yml by @m-1-k-3 in #355
• Create codacy.yml by @m-1-k-3 in #358
• Metasploit system emulation integration by @m-1-k-3 in #357
• Multiple style fixes by @m-1-k-3 in #359
• Linting by @m-1-k-3 in #360
• fix fail if already satisfied by @BenediktMKuehne in #361
• Print function fix by @m-1-k-3 in #363
• Kernel config extraction in S24 by @m-1-k-3 in #364
• Cleanup round by @m-1-k-3 in #365
• EMBA v1.1.3 by @m-1-k-3 in #366

Full Changelog: 1.1.2-Knight-Rider-Edt...1.1.3-Metasploit-Edt

EMBA v1.1.2 - Knight Rider Edt.

Highlights:

Bonnie: I have a new feature integrated into K.I.T.T.
Michael: Give me more details
K.I.T.T.: With my new friend EMBA I am able to find the weak spot in every firmware.

40 years later ... K.I.T.T. is definitive able to analyze firmware with EMBA

Beside bug fixes this release introduces many new features. Since version 1.1.1 we introduced several new features and multiple improved areas:

• Thx to @nuschpl the Installer supports non-english systems (see #296)
• NIOS2 architecture support (see #306)
• Semgrep introduction into bash checking module S20 (see #321)
• Module, CVE blacklisting (see #305 and #317)
• Deep extractor improvements and module split (P59 and P60) (see #326)
• Zyxel extractor as P22 (see #316 and DC30 Slides)
• Respect docker user group (see #324)
• Initial unblob integration as evaluation module P61 (see #306)

What's Changed in more detail

• fix for installer.sh failing with non-english locale by @nuschpl in #296
• Limit check to modules directory by @p4cx in #300
• NIOS2 architecture, Unblob eval, restart scan, semgrep, ... by @m-1-k-3 in #306
• Installer updates by @m-1-k-3 in #312
• Grepit and semgrep improvements by @m-1-k-3 in #311
• Sanitizing environment by @m-1-k-3 in #314
• Cleanup: Tabs vs spaces by @m-1-k-3 in #323
• Routersploit state fix by @m-1-k-3 in #322
• CWE check output bug by @m-1-k-3 in #320
• Replace chroot with jchroot by @m-1-k-3 in #313
• Semgrep integration into S20 module by @m-1-k-3 in #321
• Module blacklisting by @m-1-k-3 in #317
• semgrep fixes for status bar by @m-1-k-3 in #315
• Zyxel extract module by @m-1-k-3 in #316
• zyxel cleanup for usg310 by @m-1-k-3 in #325
• Respect docker group - no sudo by @m-1-k-3 in #324
• Deep extractor improvements by @m-1-k-3 in #326
• Beware of memory issues by @m-1-k-3 in #328
• 1.1.2 cleanup by @m-1-k-3 in #329
• Version 1.1.2 by @m-1-k-3 in #333

New Contributors

• @nuschpl made their first contribution in #296

Full Changelog: 1.1.1...1.1.2-Knight-Rider-Edt

EMBA v1.1.1 - UEFI analysis intro

Highlights:

Since version 1.1.0 we introduced several new features and multiple improved areas:

• Better shadow file and hash detection based on the feedback of jaylagorio
• mipsn32 support in user-mode emulation module (s115) based on the feedback of jaylagorio
• Experimental UEFI firmware support (p35 and s02) based on FwHunt / See wiki post
• Improved SBOM creation (f21) with Cyclonedx
• Improved kernel analysis via vmlinuz-to-elf (s24)
• Fixing (hopefully) and improving cwe-checker integration (see issue #290) (s120)

---

What's Changed

• Shadow file detection, mipsn32 in user mode emulation, fixes by @m-1-k-3 in #285
• Fix notification system on Ubuntu installation by @m-1-k-3 in #286
• FwHunt, CWE-Checker, Cyclone SBOM, Bug fixes, kernel-to-elf by @m-1-k-3 in #291
• Improve cwe-checker integration by @m-1-k-3 in #292
• v1.1.1 by @m-1-k-3 in #293

Full Changelog: 1.1.0-Las-Vegas-Edt...1.1.1

EMBA v1.1.0 - Las Vegas Edt.

Beside bug fixes this release introduces many new features and it was so much fun working on it. We think this release is very beautiful and we are really proud of it! You are invited to celebrate the new EMBA version with us.

---

Spread the word and secure the Internet of Things with EMBA!

---

Since version 1.0.0 we introduced several new features and a lot of improved areas:

• Complete reworked system-mode emulation environment can be enabled with the -Q switch (see also our wiki page)
• New status bar can be enabled with -B option (see also #272)
• Support of Ubuntu 22.04 LTS in default installation mode
• Experimental WSL support in default installation mode (see also #273)
• Massive speed improvements
• New testing modules (S08, S99, S109)
• New and improved extractor modules (P05, P20, P21)
• Removed modules (S30, S103)
• Possibility to overwrite auto-detected threading values (parameters -T and -P)
• Improved CSV logging

---

What's Changed

• Deep extraction of android ota update files by @m-1-k-3 in #246
• #247 and removed FACT by @m-1-k-3 in #248
• CSV logging by @m-1-k-3 in #250
• CRASS module of grepit by @m-1-k-3 in #251
• Add exception for s99 webreport by @p4cx in #252
• Multiple fixes (p05, p10, p60, s24, s99, installer) by @m-1-k-3 in #253
• Cleanup, S35 updates, P60 updates by @m-1-k-3 in #254
• versions, fritz extractor by @m-1-k-3 in #257
• f20 cleanup, installer fixes, s15 cleanup by @m-1-k-3 in #259
• Fix links in web report and new parameters by @p4cx in #261
• Foscam/Buffalo firmware decryption module / BigIP detection / Bug fixes by @m-1-k-3 in #262
• Buffallo decryptor by @m-1-k-3 in #265
• Yara search path fix by @m-1-k-3 in #266
• Refactoring, cleanup, jtr module, suid module by @m-1-k-3 in #268
• Os change by @BenediktMKuehne in #258
• Threading, notifications, CVSSv3 by @m-1-k-3 in #271
• Status bar by @p4cx in #272
• Experimental WSL support by @m-1-k-3 in #274
• Ubuntu-recommendations by @BenediktMKuehne in #279
• System emulation replacement for EMBA by @m-1-k-3 in #275
• Setup status bar option by @m-1-k-3 in #277
• Speed improvements for module s106 and s110 by @m-1-k-3 in #281
• Restore ownership by @BenediktMKuehne in #280
• Version 1.1.0 by @m-1-k-3 in #282

Full Changelog: 1.0.0-Singapore-Edt...1.1.0-Las-Vegas-Edt

EMBA v1.0.3

EMBA version 1.0.3 is available!

Beside bug fixes, this release introduces the following relevant changes:

• EMBA now also supports ubuntu:jammy (22.04 LTS) for default installation - w00t
• Final fixes of the web reporter
• New John the ripper password cracking module runs on hashes identified with STACS in s108
• Gtfobins integration in SUID detection (module s40)
• Massive speed improvements for module s13 and s14

What's Changed

• Refactoring, cleanup, jtr module, suid module by @m-1-k-3 and @p4cx in #268
• Ubuntu support by @BenediktMKuehne in #258

Full Changelog: 1.0.2...1.0.3

EMBA v1.0.2

EMBA version 1.0.2 is available!

Beside bug fixes, this release introduces the following relevant changes:

• Foscam firmware decryption module
• Buffalo firmware decryption module
• Multiple fixes in web report generator
• New options: -y overwrite log dir automatically, -j ignore cve-search check

What's Changed in more detail:

• Cleanup, S35 updates, P60 updates by @m-1-k-3 in #254
• Versions update, freetz-ng extractor by @m-1-k-3 in #257
• F20 cleanup, installer fixes, S15 cleanup by @m-1-k-3 in #259
• Fix links in web report and new parameters by @p4cx in #261
• Foscam/Buffalo firmware decryption module / BigIP detection / Bug fixes by @m-1-k-3 in #262
• Buffallo decryptor by @m-1-k-3 in #265

Full Changelog: 1.0.1...1.0.2

For bugs please open an issue.

EMBA v1.0.1

EMBA version 1.0.1 is available!

Beside bug fixes, this release introduces the following relevant changes:

• Removed FACT extractor
• Introduced S99-grepit module - see also https://github.com/floyd-fuh/crass/blob/master/grep-it.sh
• More CSV logging

What's Changed in more detail:

• Deep extraction of android ota update files by @m-1-k-3 in #246
• #247 and removed FACT by @m-1-k-3 in #248
• CSV logging by @m-1-k-3 in #250
• CRASS module of grepit by @m-1-k-3 in #251
• Add exception for s99 webreport by @p4cx in #252
• Multiple fixes (p05, p10, p60, s24, s99, installer) by @m-1-k-3 in #253

Full Changelog: 1.0.0-Singapore-Edt...1.0.1