EMBA version 1.1.0 is out now

In August 2020 we released EMBA to the world. 21 months or 1600 commits later version 1.0.0 was available. 1856 commits later version 1.1.0 with a huge amount of improvements and new features was released.

Just to give you a feeling of how massive this update is

• Initial release had around 3400 lines of code
• Version 1.0.0 had around 12000 lines of code
• And now, Version 1.1.0 has more than 20000 lines of code

New system-mode emulation environment

We have replaced the old system-mode emulation modules completely with a new and improved environment. As the system-emulation checks are not activated by default you need to use the -Q switch for enabling this feature. This mechanism is heavily based on the research projects firmadyne and FirmAE. During the re-implementation as EMBA modules it was also possible to improve the emulation results massively.

The following benchmark shows the final results:

For further details, the EMBA wiki can be consulted.

New UI and messaging system

EMBA has new console UI elements integrated. EMBA is now able to show you all needed details during the EMBA testing process:

Additionally, EMBA has a new messaging system based on inotify. EMBA can show you relevant updates as desktop notifications:

Multiple new modules

As usual a huge amount of the modules (probably all) got some kind of updates and bug fixes. Additionally, the following new modules were introduced:

• P05 - Initial extractor of different archive types via patools
• P20 - Foscam encrypted firmware extractor
• P21 - Buffalo encrypted firmware extractor
• S08 - Search package management details
• S99 - Intelligent grepit module
• S109 - Cracking identified password hashes