-
-
Notifications
You must be signed in to change notification settings - Fork 225
Tweak your scan
EMBA includes multiple configuration possibilities to tweak your firmware analysis procedure. In the following article we try to summarize some of them.
Some modules are running quite long and/or produce so much data that someone probably does not want to run them. EMBA has the possibilities to blacklist some module in the file ./config/module_blacklist.txt
. To blacklist a module just add the basename of the module (without the fileending .sh) to the configuration file. This could result in the following settings:
┌──(m1k3㉿emba)-[~/github-repos/emba_forked]
└─$ cat config/module_blacklist.txt
S110_yara_check
S99_grepit
To verify the new settings you can start a new EMBA scan. In the main log file (emba.log) the following entries are shown:
xxx
EMBA tries to automatically identify how many cores your host has and calculates the maximum modules in parallel and maximum threads (within a module) in parallel. The identified settings are shown in the beginning of a firmware test:
Especially if your system is running into resource issues you are able to tweak these settings with the following command line options:
-P Overwrite auto MAX_MODS (maximum modules in parallel) configuration
-T Overwrite auto MAX_MOD_THREADS (maximum threads per module) configuration
EMBA performs regular tests that the CVE-search environment is available and fully working. Sometimes this is not needed and can be disabled with the following command line options:
-j No check for cve-search
This setting also speeds up the initial startup process. WARNING: If the cve-search environment is not fully working EMBA is not able to detect it. This could result in incomplete scanning results.
EMBA - firmware security scanning at its best
Sponsor EMBA and EMBArk:
The EMBA environment is free and open source!
We put a lot of time and energy into these tools and related research to make this happen. It's now possible for you to contribute as a sponsor!
If you like EMBA you have the chance to support future development by becoming a Sponsor
Thank You ❤️ Get a Sponsor
You can also buy us some beer here ❤️ Buy me a coffee
To show your love for EMBA with nice shirts or other merch you can check our Spreadshop
EMBA - firmware security scanning at its best