Download Latest Version EMBA v2.0.0 - A brave new world of firmware analysis source code.tar.gz (3.3 MB)
Email in envelope

Get an email when there's a new version of EMBA

Home / v1.5.2-SBOM-next-generation-EMBA
Name Modified Size InfoDownloads / Week
Parent folder
EMBA v1.5.2 - SBOM - The next generation source code.tar.gz 2025-03-11 3.2 MB
0
EMBA v1.5.2 - SBOM - The next generation source code.zip 2025-03-11 3.4 MB
0
README.md 2025-03-11 11.4 kB
0
Totals: 3 Items   6.7 MB 0

We need to talk about serious SBOM tooling! The CRA will hit us all ... quite hard and very soon. Check the dates (from Wikipedia):

image

And check the SBOM requiremenents here:

image

To give it a bump there are also some penalties if you are not able to fulfill the CRA:

image

We have seen this coming a while ago and decided to move EMBA from the firmware analyzer to the SBOM tool (without loosing our main competence in firmware analysis). During the last months we have rewritten main parts of EMBA to ensure we can build SBOMs. The goal was not only to build some SBOM ... our goal was always to build SBOMs that provide more value, are reproducible and accurate. This also includes targets where no package manager is available but also systems with multiple package managers.

The following highlights happened somehow during the last weeks: * cve-bin-tool integration for module f17 resulted in a rewrite of f20 (which was completely removed for this release) * SBOM VEX support via module f17 (integrated into the main SBOM but also available seperated) * Further sources for SBOM generation are supported - Check our wiki * Improved S09 threading by @gluesmith2021 * Massive bug fixing - more and more bug reports from our fellow EMBA users are coming in * More and more users are also helping in fixing stuff ... thank you for supporting EMBA * Improved the system check on EMBA startup resulted in speeding up EMBA * Improved our quality checking process of newly built EMBA base images * Integrated auto generation of kernel and gcc data into our github pipeline (available in config directory)

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor. image

Check it out here and start being an essential part of the future of EMBA

It is always a pleasure to welcome new contributors to EMBA. This time we welcome: * @chconil made their first contribution in https://github.com/e-m-b-a/emba/pull/1415

How can you reach us and stay up to date? Just take one of these channels: * Bluesky * Mastodon * Github discussions * Github issues * LinkedIn * X

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the CVE database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

For updating your oudated EMBA installation, please check the update section in our wiki.

What's Changed

New Contributors

Full Changelog: https://github.com/e-m-b-a/emba/compare/v1.5.1-rise-from-the-dead...v1.5.2-SBOM-next-generation-EMBA

Source: README.md, updated 2025-03-11