Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

R.I.P. binwalk #598

Merged
merged 10 commits into from
Apr 27, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ sudo ./emba -l ~/log -f ~firmware -p ./scan-profiles/default-scan.emba
## Quick start with system-emulation scan profile:
For further details on EMBA's system-emulation engine check the [wiki](https://github.com/e-m-b-a/emba/wiki/System-emulation).
```console
sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/default-scan-emulation.emba
sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/default-scan-emulation.emba -m s24

```
---
Expand Down
19 changes: 19 additions & 0 deletions config/banner/RIP-binwalk-v1.2.3.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@

EMBA version 1.2.3 - R.I.P. binwalk


.:'/*/'`:,·:~·–:., ',:'/¯/`:, ,:´'*:^-:´¯'`:·, ‘
/::/:/:::/:::;::::::/`':.,' /:/_/::::/';' '/::::/::::::::::;¯'`*:^:-., ‘
/·*'`·´¯'`^·-~·:–-'::;:::'`; /:' '`:/::;‘/·´'*^-·´¯'`^·,/::::::::::::'`:,
'\ '`;::'i‘ ; ';:';‘'`, ¯'`*^·-:;::::::'\' ‘
'`; ,– ., 'i:'/ | 'i::i '`·, '`·;:::i'‘
i i':/:::'; ;/' '; ;'::i '| .,_ \:'/'
i i/:·'´ ,:'' 'i 'i::i' 'i 'i:::'`·, i/' ‘
'; ' ,:, ~;'´:::'`:, ; 'i::;' 'i 'i::/:,: /'
'i i:/\ `;::::/:'`;' '; i:/' ; ,'.^*'´ _,.·´‘
; ;/ \ '`:/::::/' '; ;/ ° '; ;/ '`*^*'´¯
'; ,' \ '`;/' '; / ° \ /
`'*´ '`~·-·^'´ `'´ ° '`^'´‘
Binwalk
It was a pleasure
25 changes: 25 additions & 0 deletions config/trickest_blacklist.txt
Original file line number Diff line number Diff line change
Expand Up @@ -64,3 +64,28 @@ Eduardmihai1997/VulnerabilityManagement
PotterXma/linux-deployment-standard
paramint/AD-Attack-Defense
BSG9432/Districts-2023
YgorAlberto/ygoralberto.github.io
xsudoxx/OSCP
wiz-sec-public/cloud-middleware-dataset
stkcat/awe-base-images
srchen1987/springcloud-distributed-transaction
splunk-soar-connectors/flashpoint
splitlane/FTCLib-Quickstart
sourchib/Framework7_Cordova
skyblueflag/WebSecurityStudy
Skixie/OSCP-Journey
Singhsanjeev617/A-Red-Teamer-diaries
seeu-inspace/easyg
rojasjo/TelnetHoneypot.Net
Rayyan-appsec/ALL-PENTESTING-BIBLE
papicella/cli-snyk-getting-started
NikulinMS/13-01-hw
marklogic/marklogic-kubernetes
karimhabush/cyberowl
heane404/CVE_scan
fernandoreb/dependency-check-springboot
FDlucifer/Proxy-Attackchain
EGI-Federation/SVG-advisories
chorankates/Help
actions-marketplace-validations/ajinkya599_container-scan
0xsyr0/OSCP
2 changes: 1 addition & 1 deletion helpers/helpers_emba_defaults.sh
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ set_defaults() {
export DEBUG_SCRIPT=0
export UPDATE=0
export ARCH_CHECK=1
export RTOS=0 # Testing RTOS based OS
export RTOS=1 # Testing RTOS based OS - 1 -> no Linux / 0 -> Linux
export CWE_CHECKER=0
export CONTAINER_EXTRACT=0
export DEEP_EXTRACTOR=0
Expand Down
3 changes: 3 additions & 0 deletions helpers/helpers_emba_dependency_check.sh
Original file line number Diff line number Diff line change
Expand Up @@ -443,6 +443,9 @@ dependency_check()
# progpilot for php code checks
check_dep_file "progpilot php ini checker" "$EXT_DIR""/progpilot"

# luacheck - lua linter
check_dep_tool "luacheck"

# APKHunt for android apk analysis
# hard requirement for v1.2.2
# check_dep_file "APKHunt apk scanner" "$EXT_DIR""/APKHunt/apkhunt.go"
Expand Down
7 changes: 5 additions & 2 deletions helpers/helpers_emba_prepare.sh
Original file line number Diff line number Diff line change
Expand Up @@ -381,8 +381,11 @@ prepare_file_arr()
# rm_proc_binary "${FILE_ARR[@]}"
}

prepare_binary_arr()
{
prepare_binary_arr() {
local FIRMWARE_PATH="${1:-}"
if ! [[ -d "${FIRMWARE_PATH}" ]]; then
return
fi
echo ""
print_output "[*] Unique binary auto detection for $ORANGE$FIRMWARE_PATH$NC (could take some time)\\n"

Expand Down
3 changes: 3 additions & 0 deletions modules/L10_system_emulation.sh
Original file line number Diff line number Diff line change
Expand Up @@ -144,12 +144,14 @@ L10_system_emulation() {
IP_ADDRESS_=$(echo "$SYS_EMUL_POS_ENTRY" | grep "TCP ok" | sort -k 7 -t ';' | tail -1 | cut -d\; -f8 | awk '{print $3}')
IMAGE_NAME="$(echo "$SYS_EMUL_POS_ENTRY" | grep "TCP ok" | sort -k 7 -t ';' | tail -1 | cut -d\; -f10)"
ARCHIVE_PATH="$LOG_PATH_MODULE""/""$IMAGE_NAME"
print_ln
print_output "[*] Identified IP address: $ORANGE$IP_ADDRESS_$NC"
print_output "[*] Identified IMAGE_NAME: $ORANGE$IMAGE_NAME$NC"
print_output "[*] Identified ARCHIVE_PATH: $ORANGE$ARCHIVE_PATH$NC"

if [[ -v ARCHIVE_PATH ]] && [[ -f "$ARCHIVE_PATH"/run.sh ]]; then
print_output "[+] Identified emulation startup script (run.sh) in ARCHIVE_PATH ... starting emulation process for further analysis"
print_ln
restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME" 1
# we should get TCP="ok" and SYS_ONLINE=1 back
if [[ "$SYS_ONLINE" -ne 1 ]]; then
Expand Down Expand Up @@ -2231,6 +2233,7 @@ write_results() {
if [[ -f "$LOG_PATH_MODULE"/"$NMAP_LOG" ]]; then
TCP_SERV_CNT="$(grep "udp.*open\ \|tcp.*open\ " "$LOG_PATH_MODULE"/"$NMAP_LOG" 2>/dev/null | awk '{print $1}' | sort -u | wc -l || true)"
fi
[[ "${TCP_SERV_CNT}" -gt 0 ]] && TCP="ok"
ARCHIVE_PATH_="$(echo "$ARCHIVE_PATH_" | rev | cut -d '/' -f1 | rev)"
echo "$FIRMWARE_PATH_orig;$RESULT_SOURCE;Booted $BOOTED;ICMP $ICMP;TCP-0 $TCP_0;TCP $TCP;$TCP_SERV_CNT;IP address: $IP_ADDRESS_;Network mode: $NETWORK_MODE ($NETWORK_DEVICE/$ETH_INT/$INIT_FILE);$ARCHIVE_PATH_;$R_PATH_mod" >> "$LOG_DIR"/emulator_online_results.log
print_bar ""
Expand Down
6 changes: 3 additions & 3 deletions modules/L22_upnp_checks.sh
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,10 @@ check_basic_upnp() {
if [[ -f "$LOG_PATH_MODULE"/upnp-discovery-check.txt ]]; then
print_ln
tee -a "$LOG_FILE" < "$LOG_PATH_MODULE"/upnp-discovery-check.txt
fi
print_ln
print_ln

UPNP_UP=$(grep -c "desc\|IGD" "$LOG_PATH_MODULE"/upnp-discovery-check.txt)
UPNP_UP=$(grep -c "desc\|IGD" "$LOG_PATH_MODULE"/upnp-discovery-check.txt || true)
fi
fi

if [[ "$UPNP_UP" -gt 0 ]]; then
Expand Down
27 changes: 24 additions & 3 deletions modules/P02_firmware_bin_file_check.sh
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ P02_firmware_bin_file_check() {
write_link "$LOG_DIR"/pixd.png
fi

generate_entropy_graph "$FIRMWARE_PATH"

fw_bin_detector "$FIRMWARE_PATH"

backup_p02_vars
Expand Down Expand Up @@ -115,6 +117,25 @@ set_p02_default_exports() {
export QCOW_DETECTED=0
}

generate_entropy_graph() {
local FIRMWARE_PATH_BIN="${1:-}"
# we use the original FIRMWARE_PATH for entropy testing, just if it is a file
if [[ -f $FIRMWARE_PATH_BIN ]] && ! [[ -f "$LOG_DIR"/firmware_entropy.png ]]; then
print_output "[*] Entropy testing with binwalk ... "
# we have to change the working directory for binwalk, because everything except the log directory is read-only in
# Docker container and binwalk fails to save the entropy picture there
if [[ $IN_DOCKER -eq 1 ]] ; then
cd "$LOG_DIR" || return
print_output "$(binwalk -E -F -J "$FIRMWARE_PATH_BIN")"
mv "$(basename "$FIRMWARE_PATH_BIN".png)" "$LOG_DIR"/firmware_entropy.png 2> /dev/null || true
cd /emba || return
else
print_output "$(binwalk -E -F -J "$FIRMWARE_PATH_BIN")"
mv "$(basename "$FIRMWARE_PATH_BIN".png)" "$LOG_DIR"/firmware_entropy.png 2> /dev/null || true
fi
fi
}

fw_bin_detector() {
local CHECK_FILE="${1:-}"
local FILE_BIN_OUT=""
Expand Down Expand Up @@ -170,7 +191,7 @@ fw_bin_detector() {
write_csv_log "basic compressed (patool)" "yes" "NA"
fi
fi
if [[ "$FILE_BIN_OUT" == *"QEMU QCOW2 Image"* ]]; then
if [[ "$FILE_BIN_OUT" == *"QEMU QCOW2 Image"* ]] || [[ "$FILE_BIN_OUT" == *"QEMU QCOW Image"* ]]; then
print_output "[+] Identified Qemu QCOW image - using QCOW extraction module"
export QCOW_DETECTED=1
write_csv_log "Qemu QCOW firmware detected" "yes" "NA"
Expand Down Expand Up @@ -206,7 +227,7 @@ fw_bin_detector() {
write_csv_log "D-Link encrpted_img encrypted" "yes" "NA"
fi
if [[ "$FILE_BIN_OUT" == *"u-boot legacy uImage"* ]]; then
print_output "[+] Identified u-boot firmware - using u-boot module"
print_output "[+] Identified u-boot firmware image"
export UBOOT_IMAGE=1
write_csv_log "Uboot image" "yes" "NA"
fi
Expand Down Expand Up @@ -256,7 +277,7 @@ fw_bin_detector() {
write_csv_log "OpenSSL encrypted" "yes" "NA"
fi
# This check is currently only tested on one firmware - further tests needed:
if [[ "$DLINK_ENC_CHECK" =~ 00000000\ \ 62\ 67\ 6e\ 00\ 00\ 00\ 00\ 00\ \ 00\ 00\ 00\ b9\ 01\ ]]; then
if [[ "$DLINK_ENC_CHECK" =~ 00000000\ \ 62\ 67\ 6e\ 00\ 00\ 00\ 00\ 00\ \ 00\ 00\ 00\ ]]; then
print_output "[+] Identified Buffalo encrpyted firmware - using Buffalo extraction module"
export BUFFALO_ENC_DETECTED=1
write_csv_log "Buffalo encrypted" "yes" "NA"
Expand Down
4 changes: 2 additions & 2 deletions modules/P05_patools_init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,9 @@ patools_extractor() {
else
# Fallback if unzip does not work:
print_ln
print_output "[*] No valid compressed file detected - extraction process via binwalk started"
print_output "[*] No valid compressed file detected - extraction process via unblob started"

binwalk_deep_extract_helper 0 "$FIRMWARE_PATH_" "$EXTRACTION_DIR_"
unblobber "$FIRMWARE_PATH_" "$EXTRACTION_DIR_"
fi

print_ln
Expand Down
144 changes: 0 additions & 144 deletions modules/P11_dlink_SHRS_enc_extract.sh

This file was deleted.

Loading