UEFI analysis
With PR 291 we introduced a new feature for analysing UEFI firmware. This feature is massively based on the open source project FwHunt from Binarly.
Warning: We introduce new features in a very early phase to get feedback from the EMBA users as early as possible! This UEFI analysis feature is in such an early state and nearly not tested in the field!
Please let us know which firmwares you have tested and what was working and what was failing
- Download UEFI firmware (the following firmware is currently the only tested firmware): Firmware download / Intel Advisory / Binarly writeup
- Download firmware version 0064
- Start EMBA with the following options:
sudo ./emba.sh -f ~/bc0064.cap -l ~/emba_log_bc0064 -t -W -m s02
- After the usual health checks EMBA starts with the pre-checker phase:
- As EMBA has detected an AMI firmware it starts the extraction process with the AMI BIOS Guard Extractor:
-
The next optional step is to walk through all of the available files and extract whatever possible via the deep extraction mode: This step is not essentially needed for this kind of firmware files. If EMBA was able to verify an UEFI firmware the deep-extraction will not be executed anymore.
-
Final pre-checker overview with details about the identified firmware
- Module S02 - FwHunt on all available files
If only the module s02 is activated, EMBA will now user FwHunt to analyse the UEFI firmware in detail:
If EMBA was started with the default profile or with some other settings, the corresponding modules will be used for further analysis.
- EMBA Web reporter
The final results are then easily available via your preferred web browser:
