EMBA – Open-Source Firmware Security Testing

IoT (Internet of Things) and OT (Operational Technology) are the current buzzwords for networked devices on which our modern society is based on. In this area the used operating systems are summarized with the term firmware. The devices by themself, so called embedded devices, are essential in the private, as well as in the industrial environment and in the so-called critical infrastructure. Penetration testing of these systems is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify and optimize the complex task of firmware security analysis. EMBA supports the penetration tester with the automated detection of 1-day vulnerabilities on binary level. This goes far beyond the plain CVE detection. With EMBA you always know which public exploits are available for the target firmware. Beside the detection of already known vulnerabilities, EMBA also supports the tester on the next 0-day. For this EMBA identifies critical binary functions, protection mechanisms and services with network behavior on a binary level. There are many other features built into EMBA, such as fully automated firmware extraction, finding file system vulnerabilities, hard-coded credentials, and more. EMBA is an open-source firmware scanner, created by penetration testers for penetration testers.

Talk structure:

1. Introduction to firmware analysis
2. Firmware extraction – in case binwalk fails
3. Firmware analysis – common tasks and the available toolbox
4. Automation helps with the identification of the next 0day vulnerability
5. Hunting 1-days – the unknown known

Tool details:

• License: GPLv3
• Video demo URL: https://youtu.be/_dvdy3klFFY
• Tool URL: https://github.com/e-m-b-a/emba