UEFI analysis
With PR 291 we introduced a new feature for analysing UEFI firmware. This feature is massively based on the open source project FwHunt from Binarly.
- Download UEFI firmware (the following firmware is currently the only tested firmware): Firmware download / Intel Advisory / Binarly writeup
- Download firmware version 0064
- Start EMBA with the following options:
sudo ./emba.sh -f ~/bc0064.cap -l ~/emba_log_bc0064 -t -W -m s02
- After the usual health checks EMBA starts with the pre-checker phase:
- As EMBA has detected an AMI firmware it starts the extraction process with the AMI BIOS Guard Extractor:
-
The next optional step is to walk through all of the available files and extract whatever possible via the deep extraction mode: This step is not essentially needed for this kind of firmware files. If EMBA was able to verify an UEFI firmware the deep-extraction will not be executed anymore.
-
Final pre-checker overview with details about the identified firmware
- Module S02 - FwHunt on all available files
If only the module s02 is activated, EMBA will now user FwHunt to analyse the UEFI firmware in detail:
If EMBA was started with the default profile or with some other settings, the corresponding modules will be used for further analysis.
- EMBA Web reporter
The final results are then easily available via your preferred web browser:
