UEFI analysis

With this PR we introduced a new feature for analysing UEFI firmware. This feature is massively based on the open source project FwHunt from Binarly.

Warning: We introduce new features in a very early phase to get feedback from the EMBA users as early as possible! This UEFI analysis feature is in a very early state and nearly not tested!

Quick start

Download UEFI firmware (the following firmware is currently the only tested firmware): Firmware download / Intel Advisory / Binarly writeup
Download firmware version 0064
Start EMBA with the following options:

sudo ./emba.sh -f ~/bc0064.cap -l ~/emba_log_bc0064 -t -W -m s02

Further notes

After the usual health checks EMBA starts with the pre-checker phase:

As EMBA has detected an AMI firmware it starts the extraction process with the AMI BIOS Guard Extractor:

The next step is to walk through all of the available files and extract whatever possible via the deep extraction mode: This step is not essentially needed for this kind of firmware files.
Module S02 - FwHunt on all available files
EMBA Web reporter

Warning: As this feature is highly experimental it is nearly not tested on a broad firmware base.

EMBA - firmware security scanning at its best

Sponsor EMBA and EMBArk:

The EMBA environment is free and open source!

We put a lot of time and energy into these tools and related research to make this happen. It's now possible for you to contribute as a sponsor!

If you like EMBA you have the chance to support future development by becoming a Sponsor

Thank You ❤️ Get a Sponsor
You can also buy us some beer here ❤️ Buy me a coffee

To show your love for EMBA with nice shirts or other merch you can check our Spreadshop

EMBA - firmware security scanning at its best

Home
- Motivation
- Publications
- Referring sites and talks
- Your Feedback
- Star history
Feature overview
- OS-Support
- User-mode emulator
- System emulation
- UEFI analysis
- EMBA AI integration
- Firmware diffing
- Vulnerability detection
- Linux Kernel vulnerability verification
- Toolchain identification
- Aggregator
- Web report
Installation
- Prerequisites
- Classic
- Developer
- Ubuntu installation notes
- Experimental WSL installation
- Dependencies
- System tools
- EMBA update
Usage
- Classic
- Developer
- Docker
- Arguments
- Tweaking EMBA
- Live system
Development
- Structure
- Modules
- Code quality
- Rebuilding system-emulator environment
Sponsoring EMBA
FAQ
EMBArk enterprise environment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

UEFI analysis

Quick start

Further notes

Clone this wiki locally