EMBA v1.3.1 : Diff It – Unveiling The Firmware Diffing Mode And Latest Updates

What Happened Since The Last EMBA Release?

There was the absolute great #Hackersummercamp with our talks at BSidesLV, ICS Village (DEF CON) and Black Hat (Arsenal). The recording of the BSides talk is already available here. Beside this, Nate did a really great talk at BruCON – see here.

Beside a lot of code cleanup, bug fixing and some little improvements the new firmware diffing mode is one of the highlights in version 1.3.1.
In 1 day bug hunting, exploit development and the identification of silent patching it is quite common to identify the differences between two firmware releases.
To use this new feature (as usual in a very early alpha state) it is now possible to define a second firmware with the -o parameter. EMBA starts with some basic analysis of both firmware images, extracts both images and finds the differences between these firmware images:

If the file is some ASCII file a nice diff is shown:

If the file is a binary file we use radare2 for further analysis:

For further details check our Wiki

Happy bug hunting 🙂

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

What’s Changed

• Internet check not blocking by @m-1-k-3 in #722
• Fix docker build workflow by @m-1-k-3 in #723
• disable disk space monitor by @m-1-k-3 in #724
• print fix, http crawler by @m-1-k-3 in #732
• Code cleanup by @m-1-k-3 in #733
• Fix updater by @m-1-k-3 in #749
• Unblob v23.8.11 by @m-1-k-3 in #750
• PEM file with multiple certificates by @HoxhaEndri in #736
• Update README.md by @m-1-k-3 in #757
• add file-command to default deps by @BenediktMKuehne in #763
• Update semgrep workflow by @m-1-k-3 in #764
• Debian repos – https only for Kali by @m-1-k-3 in #766
• Curl online check by @m-1-k-3 in #774
• Improve PW cracking module s107 by @m-1-k-3 in #773
• Check container nr disable for dev mode by @m-1-k-3 in #776
• Set variable by @m-1-k-3 in #777
• Installer updates by @m-1-k-3 in #779
• fix gpt path by @m-1-k-3 in #789
• Improve web page crawler by @m-1-k-3 in #795
• little fix by @m-1-k-3 in #796
• disable the trickest exploit db by @m-1-k-3 in #797
• Debian installer support by @m-1-k-3 in #798
• grep -v -> tail by @m-1-k-3 in #812
• Proxy support by @m-1-k-3 in #811
• Firmware diffing preparation by @m-1-k-3 in #804
• nikto setup, compose cleanup by @m-1-k-3 in #814
• System emulation fs mount improvements by @m-1-k-3 in #815
• L10 Fix SC2250 shellcheck by @HoxhaEndri in #822
• Installer debian package file format by @m-1-k-3 in #826
• Cleanup of PS crawler by @m-1-k-3 in #833
• Check for arachni user and shellcheck braces by @HoxhaEndri in #834
• Try cve db update multiple times during installation by @m-1-k-3 in #837
• Firmware diffing modules by @m-1-k-3 in #838
• fix #839 by @m-1-k-3 in #844
• Semgrep checks and shellcheck braces checks by @HoxhaEndri in #835
• check for space at the end of a line by @HoxhaEndri in #845
• Update installer, dep-check by @m-1-k-3 in #846
• strict mode grep error by @HoxhaEndri in #848
• Packetstorm database update by @github-actions in #852
• Snyk database update by @github-actions in #851
• CISA known exploited database update by @github-actions in #850
• Metasploit database update by @github-actions in #849
• BMC firmware extractor by @m-1-k-3 in #853
• braces check for all scripts inside “helpers” folder and “installer” folder by @HoxhaEndri in #854
• kernel-hardening-checker fix by @m-1-k-3 in #855
• Version 1.3.1 by @m-1-k-3 in #856

Full Changelog: 1.3.0-AI-for-EMBA…1.3.1-diff-all-the-firmwares