e-m-b-a · m-1-k-3 · Dec 19, 2022 · Dec 16, 2022 · Dec 17, 2022 · Dec 17, 2022
diff --git a/helpers/helpers_emba_dependency_check.sh b/helpers/helpers_emba_dependency_check.sh
@@ -200,7 +200,14 @@ setup_unblob() {
     if ! [[ -d "$HOME"/.cache ]]; then
       mkdir "$HOME"/.cache
     fi
-    cp -pr "$EXT_DIR"/unblob/root_cache/* "$HOME"/.cache/
+    if [[ "$IN_DOCKER" -eq 1 ]]; then
+      if [[ -d "$EXT_DIR"/unblob/root_cache ]]; then
+        cp -pr "$EXT_DIR"/unblob/root_cache/* "$HOME"/.cache/
+      else
+        echo -e "$RED""not ok""$NC"
+        DEP_EXIT=1
+      fi
+    fi
     if [[ -e $(cat "$EXT_DIR"/unblob/unblob_path.cfg)/bin/"$UNBLOB_BIN" ]]; then
       UNBLOB_PATH="$(cat "$EXT_DIR"/unblob/unblob_path.cfg)""/bin/"
       export PATH=$PATH:"$UNBLOB_PATH"
@@ -215,17 +222,22 @@ setup_unblob() {
   fi
   print_output "    ""sasquatch"" - \\c" "no_log"
   if [[ -f /usr/local/bin/sasquatch_binwalk ]]; then
+    if [[ -L "$UNBLOB_PATH"/sasquatch ]]; then
+      rm  "$UNBLOB_PATH"/sasquatch
+    fi
     ln -s /usr/local/bin/sasquatch_binwalk "$UNBLOB_PATH"/sasquatch
     echo -e "$GREEN""ok""$NC"
   elif [[ -f /usr/local/bin/sasquatch_unblob ]]; then
+    if [[ -L "$UNBLOB_PATH"/sasquatch ]]; then
+      rm  "$UNBLOB_PATH"/sasquatch
+    fi
     ln -s /usr/local/bin/sasquatch_unblob "$UNBLOB_PATH"/sasquatch
     echo -e "$ORANGE""warning""$NC"
     DEP_EXIT=1
   else
     echo -e "$RED""not ok""$NC"
     DEP_EXIT=1
   fi
-
 }
 
 dependency_check() 

diff --git a/installer.sh b/installer.sh
@@ -200,7 +200,7 @@ if [[ "$IN_DOCKER" -eq 0 ]]; then
     echo -e "\\n""$ORANGE""EMBA installation in default mode needs a minimum of 13Gig for the docker image""$NC"
     echo -e "\\n""$ORANGE""Please free enough space on /var/lib/docker""$NC"
     echo ""
-    df -h
+    df -h || true
     echo ""
     read -p "If you know what you are doing you can press any key to continue ..." -n1 -s -r
   fi
@@ -214,6 +214,10 @@ if [[ $LIST_DEP -eq 0 ]] ; then
     # the freetz installation is running as freetzuser and needs write access:
     chown "$ORIG_USER":"$ORIG_GROUP" ./external
     chmod 777 ./external
+  else
+    echo -e "\\n""$ORANGE""WARNING: external directory available: ./external""$NC"
+    echo -e "$ORANGE""Please remove it before proceeding ... exit now""$NC"
+    exit 1
   fi
 
   echo -e "\\n""$ORANGE""Update package lists.""$NC"

diff --git a/installer/I120_cwe_checker.sh b/installer/I120_cwe_checker.sh
@@ -33,7 +33,6 @@ I120_cwe_checker() {
     print_git_info "cwe-checker" "EMBA-support-repos/cwe_checker" "cwe_checker is a suite of checks to detect common bug classes such as use of dangerous functions and simple integer overflows."
     echo -e "$ORANGE""cwe-checker will be downloaded.""$NC"
     print_file_info "OpenJDK" "OpenJDK for cwe-checker" "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.12%2B7/OpenJDK11U-jdk_x64_linux_hotspot_11.0.12_7.tar.gz" "external/jdk.tar.gz"
-    print_file_info "GHIDRA" "Ghidra for cwe-checker" "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.2_build/ghidra_10.1.2_PUBLIC_20220125.zip" "external/ghidra.zip"
     print_file_info "GHIDRA" "Ghidra for cwe-checker" "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.5_build/ghidra_10.1.5_PUBLIC_20220726.zip" "external/ghidra.zip"
 
     if [[ "$LIST_DEP" -eq 1 ]] || [[ $DOCKER_SETUP -eq 1 ]] ; then
@@ -77,7 +76,7 @@ I120_cwe_checker() {
           mkdir ./external/cwe_checker 2>/dev/null
           git clone https://github.com/EMBA-support-repos/cwe_checker.git external/cwe_checker
           cd external/cwe_checker || ( echo "Could not install EMBA component cwe_checker" && exit 1 )
-          make all GHIDRA_PATH="$HOME_PATH""/external/ghidra/ghidra_10.1.2_PUBLIC"
+          make all GHIDRA_PATH="$HOME_PATH""/external/ghidra/ghidra_10.1.5_PUBLIC"
           cd "$HOME_PATH" || ( echo "Could not install EMBA component cwe_checker" && exit 1 )
 
           if [[ "$IN_DOCKER" -eq 1 ]]; then
@@ -87,9 +86,7 @@ I120_cwe_checker() {
             # save .config as we remount /root with tempfs -> now we can restore it in the module
             cp -pr /root/.config ./external/cwe_checker/
             cp -pr /root/.local ./external/cwe_checker/
-          fi
 
-          if [[ "$IN_DOCKER" -eq 1 ]]; then
             # cleanup
             rm "$HOME"/.cargo -r -f || true
             rm "$HOME"/.config -r -f || true

diff --git a/installer/I199_default_tools_github.sh b/installer/I199_default_tools_github.sh
@@ -62,9 +62,15 @@ I199_default_tools_github() {
 
         # jchroot
         echo -e "\\n""$ORANGE""$BOLD""Download and install jchroot""$NC"
+        if [[ -d "external/jchroot" ]]; then
+          rm -r external/jchroot
+        fi
         git clone https://github.com/EMBA-support-repos/jchroot.git external/jchroot
         cd ./external/jchroot/ || ( echo "Could not install EMBA component jchroot" && exit 1 )
         make
+        if [[ -e ./jchroot ]] && [[ -e "/usr/sbin/jchroot" ]]; then
+          rm /usr/sbin/jchroot
+        fi
         if [[ -e ./jchroot ]]; then
           cp -r jchroot /usr/sbin/
         fi

diff --git a/installer/IP12_avm_freetz_ng_extract.sh b/installer/IP12_avm_freetz_ng_extract.sh
@@ -80,15 +80,17 @@ IP12_avm_freetz_ng_extract() {
         rm external/execstack_0.0.20131005-1+b10_amd64.deb
 
         if ! [[ -d external/freetz-ng ]]; then
-          mkdir external/freetz-ng
+          if [[ -d /tmp/freetz-ng ]]; then
+            rm -r /tmp/freetz-ng
+          fi
 
           su - freetzuser -c "git clone https://github.com/Freetz-NG/freetz-ng.git /tmp/freetz-ng"
           su - freetzuser -c "cd /tmp/freetz-ng/ && make allnoconfig"
           # we currently running into an error that does not hinder us in using Freetz-NG
           # sudo -u freetzuser make || true
           su - freetzuser -c "cd /tmp/freetz-ng/ && make tools"
           cd "$HOME_PATH" || ( echo "Could not install EMBA component Freetz-NG" && exit 1 )
-          mv /tmp/freetz-ng/* external/freetz-ng/
+          mv /tmp/freetz-ng external/
           chown -R root:root external/freetz-ng
           if [[ "$IN_DOCKER" -eq 1 ]]; then
             # do some cleanup of the docker image

diff --git a/installer/IP61_unblob.sh b/installer/IP61_unblob.sh
@@ -104,9 +104,9 @@ IP61_unblob() {
           echo
         fi
 
-        echo -e "${GREEN}Backup unblob environment for read only docker container: $ORANGE$UNBLOB_PATH$NC"
         echo "$UNBLOB_PATH" > external/unblob/unblob_path.cfg
-        if [[ -d "$HOME"/.cache ]]; then
+        if [[ -d "$HOME"/.cache ]] && [[ "$IN_DOCKER" -eq 1 ]]; then
+          echo -e "${GREEN}Backup unblob environment for read only docker container: $ORANGE$UNBLOB_PATH$NC"
           cp -pr "$HOME"/.cache external/unblob/root_cache
           rm -rf "$HOME"/.cache || true
         fi

diff --git a/modules/S115_usermode_emulator.sh b/modules/S115_usermode_emulator.sh
@@ -40,6 +40,7 @@ S115_usermode_emulator() {
       setup_chroot
     else
       print_output "[-] No chroot binary found ..."
+      module_end_log "${FUNCNAME[0]}" "$NEG_LOG"
       return
     fi
 
@@ -225,8 +226,11 @@ copy_firmware() {
 
 setup_jchroot() {
   export CHROOT="jchroot"
-  # OPTS see https://github.com/vincentbernat/jchroot#security-note
-  OPTS=(-U -u 0 -g 0 -M "0 $(id -u) 1" -G "0 $(id -g) 1")
+  export OPTS=()
+  if [[ "$IN_DOCKER" -eq 1 ]]; then
+    # OPTS see https://github.com/vincentbernat/jchroot#security-note
+    OPTS=(-U -u 0 -g 0 -M "0 $(id -u) 1" -G "0 $(id -g) 1")
+  fi
   print_output "[*] Using ${ORANGE}jchroot${NC} for building more secure chroot environments"
 }