The last few weeks looked a bit more silent to the outside ... but cool things were going on in the background. Now, it is time to share all the great things we were working on ;)

In the early days of the EMBA firmware analysis environment one of our visions was a bit like the following:

EMBA should be an environment for fully automated detection and verification of known and unknown vulnerabilities in the product and firmware sector

The complete environment needs to be available as Open-Source which allows you to be part of it. Everyone should be able to perform high quality firmware security analysis, perform better IoT penetration tests, create the best SBOMs, scale and optimize firmware security research at all. Additionally, everyone should be able to modify, integrate and adopt EMBA easily (btw. this is the reason why we decided to use Bash), improve EMBA and being part of EMBA as user, tester, developer, feedback giver, idea generator, bug hunter ... you get the idea of Open-Source ;)

Vulnerability analysis in the field of firmware is a complex task, but with EMBA we have built some quite solid tooling and strategies over the years. This would not be possible without all the other awesome Open-Source projects out there!

EMBA is standing on the shoulders of giants. EMBA is standing on your shoulders! Thank you!

We were always fascinated by the idea of automatically starting up the device during an EMBA analysis in a controlled emulated environment. This means that we will be able to verify the already discovered results directly on the running firmware. We are not at the end of this journey yet, but it looks like this goal is not completely unrealistic anymore! In our opinion this release is a milestone to our ultimate goal of vulnerability detection and verification.

The road to version 2.0.0 was very rough and bumpy. Over the last few months we tested, tested, tested, looked at emulation output and improved every little piece a little bit! The goal we had in mind was ...

Let's bring our system emulation engine to the next level

After months of testing, building kernels (shoutout to @HoxhaEndri), analyzing, fixing, refactoring, testing again and screaming multiple times we are now quite happy with the results! Enjoy the following benchmark results of some of our firmware test sets:

• FirmAE corpus

The original FirmAE corpus was created somewhere before 2020. So, today this corpus is quite outdated. Nevertheless, as the FirmAE project was already optimized to a 79% success rate with at least one network service available we were interested if we can further improve this high success rate. We took this corpus as an initial benchmark indicator to ensure our performance is not too bad. The following overview gives some insights into the results from all three system emulation frameworks: firmadyne, FirmAE and EMBA

While firmadyne was the initial framework and other environments like FirmAE and also EMBA were built around the same approach, it had only 16% of success rate. This means in only 16% of the firmware tests firmadyne was able to bring the firmware automatically to a state where network services were reachable. FirmAE improved this rate to 79% success rate. And now, EMBA got this rate to 95% success rate with at least one network service available. Altogether EMBA was able to identify more than 6000 network services on 1074 systems.

The Fraunhofer FKIE builds regularly the so-called Home Router Security Report (Check this report). We used these reports as inspiration and built some firmware sets over time:

• Firmware Testset 2020

On a fresh and unoptimized firmware corpus we can get a better idea of more real-world results of the different engines. Neither firmadyne, nor FirmAE were trained on this firmware corpus. This resulted in significantly lower success rates:

The firmadyne results dropped down to 5% (from 16% on the FirmAE corpus) of success rate and the FirmAE rates dropped to 30% (from 79% on the FirmAE corpus). In comparison EMBA was able to double the FirmAE results and fully automatically emulate 87% of firmware to a state where at least one network service was available. In total EMBA detected more than 600 network services on 126 analyzed firmware images.

With the integration of the dependency track API it is now also possible to automatically transfer the generated SBOM into your dependency track instance and track all the vulnerabilities in a beautiful vulnerability and SBOM management tool:

This integration mechanism enhances your vulnerability handling and pentesting process massively and shows the flexibility of EMBA.

• Firmware Testset 2022

The testset of the year 2022 looked a bit like a duplication of the results of 2020. Firmadyne got 2% of the tested firmware to a reachable network service, FirmAE already improved the state to 16% and EMBA climbed up to 76%. This time with around 400 reachable network services on 121 analyzed firmware images:

• Firmware Testset 2024

Also on a more modern testset from 2024 the picture changed not that much. Firmadyne now has only 1% success rate, FirmAE improved the emulation results to 17% and EMBA stays quite stable at 77%:

These stable emulation results across a huge amount of different firmware images from different vendors with different architectures from different time periods highlight the magic of EMBA and give us a quite good base for further development.

Additionally, we want to take a look at the following highlights:

• We have 7 new contributors! This is probably the most amazing thing in our release notes! Thanks for supporting EMBA with your effort!
• EMBA got a new kernel for the system emulation engine. We moved away from the old 4.1 firmadyne/FirmAE based kernel to a much newer 4.14.336 LTS Kernel <- This is a very big thing, and you need to clap now ;) (see https://github.com/e-m-b-a/emba/pull/1575 by @HoxhaEndri and the Kernel repo here)
• Rocky Linux support by @jurrejelle <- Clap again
• EMBA reached another milestone - 3000 Github stars and counting (If you like EMBA you should also give us a star!)
• The EMBA book is available here
• Copilot code check results integrated - part 1 of a lot
• Improve internal docker base image verification checks
• We build a whole new testing environment where we can run a huge number of EMBA tests in parallel <- This is so freaking cool. Good job @BenediktMKuehne
• Improve SBOM generation with better Java support - see also https://github.com/e-m-b-a/emba/discussions/1765
• Add Java decompilation and security analysis capabilities - see also https://github.com/e-m-b-a/emba/pull/1828
• Add integration of the dependency track API to automatically upload and further process the generated SBOM - see also the wiki
• The launcher is now available - see the Wiki for further details
• Thanks to the great work of @gluesmith2021 we were able to switch to NVDv2. With this step we are hopefully well prepared for the near future. Check the great work here https://github.com/intel/cve-bin-tool/pull/5265

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA. Breaking News: Check also our new shop for EMBA merch here.

It is always a pleasure to welcome new contributors to EMBA. This time we welcome:

• @waiwai24 made their first contribution in https://github.com/e-m-b-a/emba/pull/1532
• @Jeff-Rowell made their first contribution in https://github.com/e-m-b-a/emba/pull/1615
• @starrysky1004 made their first contribution in https://github.com/e-m-b-a/emba/pull/1659
• @dennisliuu made their first contribution in https://github.com/e-m-b-a/emba/pull/1677
• @dependabot[bot] made their first contribution in https://github.com/e-m-b-a/emba/pull/1695
• @jurrejelle made their first contribution in https://github.com/e-m-b-a/emba/pull/1712
• @T1z1anXXX made their first contribution in https://github.com/e-m-b-a/emba/pull/1810

Besides all our newcomers we also want to thank the other, regular contributors!

We had never before so many bug reports, contributors and helping hands! Big kudos to all of you!

How can you reach us and stay up to date? Just take one of these channels (or all):

• Bluesky
• Mastodon
• Github discussions
• Github issues
• LinkedIn
• X

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the CVE database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

For updating your outdated EMBA installation, please check the update section in our wiki.

What's Changed

• bump version in docker-compose by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1509
• trivy workflow exception update by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1510
• update sbom scanning profiles by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1511
• Linux kernel version database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1513
• Metasploit database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1514
• CISA known exploited database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1515
• Architecture detection improvements by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1512
• Snyk database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1516
• fix max_pid_protection calls by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1517
• SBOM module for apk_pkg_mgmt_parser by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1518
• Multiple little fixes to improve F17, F50, S18, S25 by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1520
• l35 helper fix by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1522
• Improve installer warning on missing docker installation by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1523
• fix installer by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1524
• Snyk database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1529
• Quick version identifier update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1528
• CISA known exploited database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1527
• Metasploit database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1526
• Linux kernel version database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1525
• fix IL15 for latest Kali installation by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1533
• Update dep check to warn if the cve-db from docker container will be used by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1534
• Linux kernel version database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1535
• Metasploit database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1536
• CISA known exploited database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1537
• Snyk database update by @github-actions[bot] in https://github.com/e-m-b-a/emba/pull/1538
• optimize I05_emba_docker_image_dl.sh by @waiwai24 in https://github.com/e-m-b-a/emba/pull/1532
• S08 debian package management update by @m-1-k-3 in https://github.com/e-m-b-a/emba/pull/1540

New Contributors

• @waiwai24 made their first contribution in https://github.com/e-m-b-a/emba/pull/1532
• @Jeff-Rowell made their first contribution in https://github.com/e-m-b-a/emba/pull/1615
• @starrysky1004 made their first contribution in https://github.com/e-m-b-a/emba/pull/1659
• @dennisliuu made their first contribution in https://github.com/e-m-b-a/emba/pull/1677
• @dependabot[bot] made their first contribution in https://github.com/e-m-b-a/emba/pull/1695
• @jurrejelle made their first contribution in https://github.com/e-m-b-a/emba/pull/1712
• @T1z1anXXX made their first contribution in https://github.com/e-m-b-a/emba/pull/1810

Full Changelog: https://github.com/e-m-b-a/emba/compare/v1.5.2-SBOM-next-generation-EMBA...v2.0.0-A-brave-new-world