-
-
Notifications
You must be signed in to change notification settings - Fork 239
UEFI analysis
With PR 291 we introduced a new feature for analysing UEFI firmware. This feature is massively based on the open source project FwHunt from Binarly.
- Download UEFI firmware (the following firmware is currently the only tested firmware): Firmware download / Intel Advisory / Binarly writeup
- Download firmware version 0064
- Start EMBA with the following options:
sudo ./emba.sh -f ~/bc0064.cap -l ~/emba_log_bc0064 -t -W -m s02
- After the usual health checks EMBA starts with the pre-checker phase:
- As EMBA has detected an AMI firmware it starts the extraction process with the AMI BIOS Guard Extractor:
-
The next optional step is to walk through all of the available files and extract whatever possible via the deep extraction mode: This step is not essentially needed for this kind of firmware files. If EMBA was able to verify an UEFI firmware the deep-extraction will not be executed anymore.
-
Final pre-checker overview with details about the identified firmware
- Module S02 - FwHunt on all available files
If only the module s02 is activated, EMBA will now user FwHunt to analyse the UEFI firmware in detail:
If EMBA was started with the default profile or with some other settings, the corresponding modules will be used for further analysis.
- EMBA Web reporter
The final results are then easily available via your preferred web browser:
EMBA - firmware security scanning at its best
Sponsor EMBA and EMBArk:
The EMBA environment is free and open source!
We put a lot of time and energy into these tools and related research to make this happen. It's now possible for you to contribute as a sponsor!
If you like EMBA you have the chance to support future development by becoming a Sponsor
Thank You ❤️ Get a Sponsor
You can also buy us some beer here ❤️ Buy me a coffee
To show your love for EMBA with nice shirts or other merch you can check our Spreadshop
EMBA - firmware security scanning at its best