-
-
Notifications
You must be signed in to change notification settings - Fork 229
UEFI analysis
With PR 291 we introduced a new feature for analysing UEFI firmware. This feature is massively based on the open source project FwHunt from Binarly.
Warning: We introduce new features in a very early phase to get feedback from the EMBA users as early as possible! This UEFI analysis feature is in such an early state and nearly not tested in the field!
Please let us know which firmwares you have tested and what was working and what was failing
- Download UEFI firmware (the following firmware is currently the only tested firmware): Firmware download / Intel Advisory / Binarly writeup
- Download firmware version 0064
- Start EMBA with the following options:
sudo ./emba.sh -f ~/bc0064.cap -l ~/emba_log_bc0064 -t -W -m s02
- Currently a test with only the s02 module will take multiple hours
- If you start EMBA with all modules (default profile, full profile or no profile at all) it will run for a very long time (e.g. for multiple days)
- After the usual health checks EMBA starts with the pre-checker phase:
- As EMBA has detected an AMI firmware it starts the extraction process with the AMI BIOS Guard Extractor:
-
The next step is to walk through all of the available files and extract whatever possible via the deep extraction mode: This step is not essentially needed for this kind of firmware files.
-
Module S02 - FwHunt on all available files
- EMBA Web reporter
Warning: As this feature is highly experimental it is nearly not tested on a broad firmware base.
EMBA - firmware security scanning at its best
Sponsor EMBA and EMBArk:
The EMBA environment is free and open source!
We put a lot of time and energy into these tools and related research to make this happen. It's now possible for you to contribute as a sponsor!
If you like EMBA you have the chance to support future development by becoming a Sponsor
Thank You ❤️ Get a Sponsor
You can also buy us some beer here ❤️ Buy me a coffee
To show your love for EMBA with nice shirts or other merch you can check our Spreadshop
EMBA - firmware security scanning at its best