Skip to content

Interactive dependency map

Jump to bottom
Michael Messner edited this page May 5, 2026 · 13 revisions

The S130_binary_map_builder.sh module is a core static analysis component of the EMBA firmware security analyzer. Its primary purpose is to generate an Interactive Dependency Map, providing a visual representation of how different binary components within a firmware image interact with one another.

image

Key Functionalities

This module acts as a "cartographer" for the firmware's internal structure, mapping out the relationships between executables and libraries.

  • Dependency Identification: It uses multiple concurrent mechanisms to discover how binaries are linked, including:
  • Standard Linux Tools: Utilizing ldd and objdump to find shared library dependencies.
    • Heuristic Matching: Searching for string patterns like paths (e.g., strings starting with /) and using fuzzy string matching to find potential links that aren't explicitly defined in the binary headers.
    • Emulation-Based Detection: Leveraging results from both user-mode and system-mode emulation to see which files are actually accessed during runtime.
  • Data Aggregation: The module collects these findings into a structured format that can be processed by EMBA's reporting engine.
  • Visualization: It enables the creation of a graphical map in the final HTML report, allowing security researchers to see at a glance which libraries are most critical or which binaries share common dependencies.

Usage and Configuration

The module is integrated into the default scanning workflow for modern versions of EMBA:

  • Automatic Activation: It is enabled by default in the default-scan profile starting with version 2.0.1.
  • Manual Control: Beside enabling or disabling this feature in your own custom scan profile using the parameter: EMBA_MAP_GENERATOR=1 (to enable) or 0 (to disable) it is also possible to tweak further options like the maximum runtime and the maximum files EMBA should process for the map.
# enable EMBA binary map dependency generator
EMBA_MAP_GENERATOR=1
MAX_MAP_FILES=1000
SVG_BUILD_TIMEOUT="12h"
  • Reporting: The resulting interactive map is found within the generated web report (usually at ../log_dir/html_report/index.html) after the scan completes.

image

Alternative Usage

With a helper function it is also possible to run it standalone after the firmware analysis with EMBA is finished:

└─$ ./helpers/firmware_map_builder.sh -e <EMBA log directory>

Additionally, it is also possible to run it without an EMBA scan on an extracted firmware image directory:

└─$ ./helpers/firmware_map_builder.sh -f <firmware directory> -l <log directory>

This module is essential for understanding the "attack surface" of a device by identifying central libraries that, if vulnerable, could compromise multiple system components.

EMBA - firmware security scanning at its best

Sponsor EMBA and EMBArk:

The EMBA environment is free and open source!

We put a lot of time and energy into these tools and related research to make this happen. It's now possible for you to contribute as a sponsor!

If you like EMBA you have the chance to support future development by becoming a Sponsor

Thank You ❤️ Get a Sponsor
You can also buy us some beer here ❤️ Buy me a coffee

To show your love for EMBA with nice shirts or other merch you can check our Spreadshop

EMBA - firmware security scanning at its best

Clone this wiki locally