EMBA v2.0.0 - A brave new world of firmware analysis #1831

m-1-k-3 · 2025-12-16T10:59:52Z

m-1-k-3
Dec 16, 2025
Maintainer

The last few weeks looked a bit more silent to the outside ... but cool things were going on in the background. Now, it is time to share all the great things we were working on ;)

In the early days of the EMBA firmware analysis environment one of our visions was a bit like the following:

EMBA should be an environment for fully automated detection and verification of known and unknown vulnerabilities in the product and firmware sector

The complete environment needs to be available as Open-Source which allows you to be part of it. Everyone should be able to perform high quality firmware security analysis, perform better IoT penetration tests, create the best SBOMs, scale and optimize firmware security research at all. Additionally, everyone should be able to modify, integrate and adopt EMBA easily (btw. this is the reason why we decided to use Bash), improve EMBA and being part of EMBA as user, tester, developer, feedback giver, idea generator, bug hunter ... you get the idea of Open-Source ;)

Vulnerability analysis in the field of firmware is a complex task, but with EMBA we have built some quite solid tooling and strategies over the years. This would not be possible without all the other awesome Open-Source projects out there!

EMBA is standing on the shoulders of giants. EMBA is standing on your shoulders! Thank you!

We were always fascinated by the idea of automatically starting up the device during an EMBA analysis in a controlled emulated environment. This means that we will be able to verify the already discovered results directly on the running firmware. We are not at the end of this journey yet, but it looks like this goal is not completely unrealistic anymore! In our opinion this release is a milestone to our ultimate goal of vulnerability detection and verification.

The road to version 2.0.0 was very rough and bumpy. Over the last few months we tested, tested, tested, looked at emulation output and improved every little piece a little bit! The goal we had in mind was ...

Let's bring our system emulation engine to the next level

After months of testing, building kernels (shoutout to @HoxhaEndri), analyzing, fixing, refactoring, testing again and screaming multiple times we are now quite happy with the results! Enjoy the following benchmark results of some of our firmware test sets:

FirmAE corpus

The original FirmAE corpus was created somewhere before 2020. So, today this corpus is quite outdated. Nevertheless, as the FirmAE project was already optimized to a 79% success rate with at least one network service available we were interested if we can further improve this high success rate. We took this corpus as an initial benchmark indicator to ensure our performance is not too bad. The following overview gives some insights into the results from all three system emulation frameworks: firmadyne, FirmAE and EMBA

While firmadyne was the initial framework and other environments like FirmAE and also EMBA were built around the same approach, it had only 16% of success rate. This means in only 16% of the firmware tests firmadyne was able to bring the firmware automatically to a state where network services were reachable. FirmAE improved this rate to 79% success rate. And now, EMBA got this rate to 95% success rate with at least one network service available. Altogether EMBA was able to identify more than 6000 network services on 1074 systems.

The Fraunhofer FKIE builds regularly the so-called Home Router Security Report (Check this report). We used these reports as inspiration and built some firmware sets over time:

Firmware Testset 2020

On a fresh and unoptimized firmware corpus we can get a better idea of more real-world results of the different engines. Neither firmadyne, nor FirmAE were trained on this firmware corpus. This resulted in significantly lower success rates:

The firmadyne results dropped down to 5% (from 16% on the FirmAE corpus) of success rate and the FirmAE rates dropped to 30% (from 79% on the FirmAE corpus). In comparison EMBA was able to double the FirmAE results and fully automatically emulate 87% of firmware to a state where at least one network service was available. In total EMBA detected more than 600 network services on 126 analyzed firmware images.

With the integration of the dependency track API it is now also possible to automatically transfer the generated SBOM into your dependency track instance and track all the vulnerabilities in a beautiful vulnerability and SBOM management tool:

This integration mechanism enhances your vulnerability handling and pentesting process massively and shows the flexibility of EMBA.

Firmware Testset 2022

The testset of the year 2022 looked a bit like a duplication of the results of 2020. Firmadyne got 2% of the tested firmware to a reachable network service, FirmAE already improved the state to 16% and EMBA climbed up to 76%. This time with around 400 reachable network services on 121 analyzed firmware images:

Firmware Testset 2024

Also on a more modern testset from 2024 the picture changed not that much. Firmadyne now has only 1% success rate, FirmAE improved the emulation results to 17% and EMBA stays quite stable at 77%:

These stable emulation results across a huge amount of different firmware images from different vendors with different architectures from different time periods highlight the magic of EMBA and give us a quite good base for further development.

Additionally, we want to take a look at the following highlights:

We have 7 new contributors! This is probably the most amazing thing in our release notes! Thanks for supporting EMBA with your effort!
EMBA got a new kernel for the system emulation engine. We moved away from the old 4.1 firmadyne/FirmAE based kernel to a much newer 4.14.336 LTS Kernel <- This is a very big thing, and you need to clap now ;) (see Linux Kernel v4.14.336 for system emulation environment #1575 by @HoxhaEndri and the Kernel repo here)
Rocky Linux support by @jurrejelle <- Clap again
EMBA reached another milestone - 3000 Github stars and counting (If you like EMBA you should also give us a star!)
The EMBA book is available here
Copilot code check results integrated - part 1 of a lot
Improve internal docker base image verification checks
We build a whole new testing environment where we can run a huge number of EMBA tests in parallel <- This is so freaking cool. Good job @BenediktMKuehne
Improve SBOM generation with better Java support - see also CVE finding discrepancy between emba-f17-cve-bin-tool and cve-bin-tool itself #1765
Add Java decompilation and security analysis capabilities - see also S28 module: Java decompiler and analyzer / fix p10, add vineflower #1828
Add integration of the dependency track API to automatically upload and further process the generated SBOM - see also the wiki
The launcher is now available - see the Wiki for further details
Thanks to the great work of @gluesmith2021 we were able to switch to NVDv2. With this step we are hopefully well prepared for the near future. Check the great work here fix: missing CVEs by switching to cve 2.0 (#5172) ossf/cve-bin-tool#5265
We have a new web shop for EMBA merch here. Check it out and show your love for Open-Source firmware analysis with EMBA
So many new notes, videos, papers and blogposts that deal with EMBA or use EMBA as helper or benchmark tool somewhere in the Internet (with your ideas, your papers, using it and showing how hard we fail you make EMBA to what it is!) - check the Wiki section
Finally, we had the joy of being part of the beautiful TROOPERS25 security conference. The recording of our talk "SBOMs the right way" is now available here

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA.
Breaking News: Check also our new shop for EMBA merch here.

It is always a pleasure to welcome new contributors to EMBA. This time we welcome:

@waiwai24 made their first contribution in optimize I05_emba_docker_image_dl.sh #1532
@Jeff-Rowell made their first contribution in Issue1614/feature request reuse existing SBOM for CVE rechecking without full rescan #1615
@starrysky1004 made their first contribution in Fix bug in S21 S23 S27 about csv path extraction #1659
@dennisliuu made their first contribution in Fix: release files cfg typo for SuSE #1677
@dependabot[bot] made their first contribution in Bump lycheeverse/lychee-action from 1.8.0 to 2.0.2 in /.github/workflows #1695
@jurrejelle made their first contribution in Add Rocky/RHEL/Alma/Redhat Linux support #1712
@T1z1anXXX made their first contribution in fix: wrongly use '||' in L10_system_emulation.sh #1810

Besides all our newcomers we also want to thank the other, regular contributors!

We had never before so many bug reports, contributors and helping hands! Big kudos to all of you!

How can you reach us and stay up to date? Just take one of these channels (or all):

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the CVE database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

For updating your outdated EMBA installation, please check the update section in our wiki.

What's Changed

bump version in docker-compose by @m-1-k-3 in bump version in docker-compose #1509
trivy workflow exception update by @m-1-k-3 in trivy workflow exception update #1510
update sbom scanning profiles by @m-1-k-3 in update sbom scanning profiles #1511
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1513
Metasploit database update by @github-actions[bot] in Metasploit database update #1514
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1515
Architecture detection improvements by @m-1-k-3 in Architecture detection improvements #1512
Snyk database update by @github-actions[bot] in Snyk database update #1516
fix max_pid_protection calls by @m-1-k-3 in fix max_pid_protection calls #1517
SBOM module for apk_pkg_mgmt_parser by @m-1-k-3 in SBOM module for apk_pkg_mgmt_parser #1518
Multiple little fixes to improve F17, F50, S18, S25 by @m-1-k-3 in Multiple little fixes to improve F17, F50, S18, S25 #1520
l35 helper fix by @m-1-k-3 in l35 helper fix #1522
Improve installer warning on missing docker installation by @m-1-k-3 in Improve installer warning on missing docker installation #1523
fix installer by @m-1-k-3 in fix installer #1524
Snyk database update by @github-actions[bot] in Snyk database update #1529
Quick version identifier update by @github-actions[bot] in Quick version identifier update #1528
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1527
Metasploit database update by @github-actions[bot] in Metasploit database update #1526
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1525
fix IL15 for latest Kali installation by @m-1-k-3 in fix IL15 for latest Kali installation #1533
Update dep check to warn if the cve-db from docker container will be used by @m-1-k-3 in Update dep check to warn if the cve-db from docker container will be used #1534
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1535
Metasploit database update by @github-actions[bot] in Metasploit database update #1536
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1537
Snyk database update by @github-actions[bot] in Snyk database update #1538
optimize I05_emba_docker_image_dl.sh by @waiwai24 in optimize I05_emba_docker_image_dl.sh #1532
S08 debian package management update by @m-1-k-3 in S08 debian package management update #1540
System emulation updates by @m-1-k-3 in System emulation updates #1530
L10: improve service handling by @m-1-k-3 in L10: improve service handling #1541
Exe extraction improvements by @m-1-k-3 in Exe extraction improvements #1542
Metasploit database update by @github-actions[bot] in Metasploit database update #1543
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1544
Snyk database update by @github-actions[bot] in Snyk database update #1545
Speedup pre-checking phase by @m-1-k-3 in Speedup pre-checking phase #1546
find and fix unprintable characters by @m-1-k-3 in find and fix unprintable characters #1547
Snyk database update by @github-actions[bot] in Snyk database update #1552
Metasploit database update by @github-actions[bot] in Metasploit database update #1551
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1550
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1549
P50 p55 emulation switch by @m-1-k-3 in P50 p55 emulation switch #1548
Revert handling of additional ip address by @m-1-k-3 in Revert handling of additional ip address #1553
update uml-utilities.deb by @m-1-k-3 in update uml-utilities.deb #1554
Snyk database update by @github-actions[bot] in Snyk database update #1559
Metasploit database update by @github-actions[bot] in Metasploit database update #1558
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1557
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1556
update CONTRIBUTING.md by @m-1-k-3 in update CONTRIBUTING.md #1560
remove hardcoded linux kernel version by @HoxhaEndri in remove hardcoded linux kernel version #1561
Metasploit database update by @github-actions[bot] in Metasploit database update #1567
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1566
GCC version database update by @github-actions[bot] in GCC version database update #1565
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1564
Snyk database update by @github-actions[bot] in Snyk database update #1568
JSON bin version identifier migration by @m-1-k-3 in JSON bin version identifier migration #1562
migrate further modules to json config by @m-1-k-3 in migrate further modules to json config #1569
Improve CVE detection by @m-1-k-3 in Improve CVE detection #1570
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1571
Snyk database update by @github-actions[bot] in Snyk database update #1574
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1572
Metasploit database update by @github-actions[bot] in Metasploit database update #1573
Migration of modules S24 and L15 to improved architecture by @m-1-k-3 in Migration of modules S24 and L15 to improved architecture #1576
Metasploit database update by @github-actions[bot] in Metasploit database update #1581
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1580
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1579
Snyk database update by @github-actions[bot] in Snyk database update #1582
payload dumper installation fix by @HoxhaEndri in payload dumper installation fix #1583
Linux Kernel v4.14.336 for system emulation environment by @HoxhaEndri in Linux Kernel v4.14.336 for system emulation environment #1575
Update docker-compose.yml by @m-1-k-3 in Update docker-compose.yml #1584
S25 improvements + fixes by @m-1-k-3 in S25 improvements + fixes #1578
Deeper extractor update by @m-1-k-3 in Deeper extractor update #1587
Snyk database update by @github-actions[bot] in Snyk database update #1588
System emulation updates / Speedup S09 by @m-1-k-3 in System emulation updates / Speedup S09 #1586
Improve sorting of L10 configs by @m-1-k-3 in Improve sorting of L10 configs #1590
Snyk database update by @github-actions[bot] in Snyk database update #1596
Metasploit database update by @github-actions[bot] in Metasploit database update #1595
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1594
GCC version database update by @github-actions[bot] in GCC version database update #1593
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1592
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1597
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1598
Metasploit database update by @github-actions[bot] in Metasploit database update #1599
Snyk database update by @github-actions[bot] in Snyk database update #1600
Metasploit database update by @github-actions[bot] in Metasploit database update #1604
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1603
GCC version database update by @github-actions[bot] in GCC version database update #1602
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1601
Snyk database update by @github-actions[bot] in Snyk database update #1605
System emulation updates by @m-1-k-3 in System emulation updates #1591
links, installer updates by @m-1-k-3 in links, installer updates #1606
Snyk database update by @github-actions[bot] in Snyk database update #1613
Metasploit database update by @github-actions[bot] in Metasploit database update #1612
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1611
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1610
copy_and_link helper function, improve logging, little bug fixes by @m-1-k-3 in copy_and_link helper function, improve logging, little bug fixes #1608
improve s24 kernel handling by @m-1-k-3 in improve s24 kernel handling #1616
Copilot review integration by @m-1-k-3 in Copilot review integration #1617
make s26 environment work again by @m-1-k-3 in make s26 environment work again #1618
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1620
Metasploit database update by @github-actions[bot] in Metasploit database update #1621
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1619
Snyk database update by @github-actions[bot] in Snyk database update #1622
Issue1614/feature request reuse existing SBOM for CVE rechecking without full rescan by @Jeff-Rowell in Issue1614/feature request reuse existing SBOM for CVE rechecking without full rescan #1615
Copilot cleanup Installer Update #2 by @m-1-k-3 in Copilot cleanup #2 #1623
Snyk database update by @github-actions[bot] in Snyk database update #1627
Metasploit database update by @github-actions[bot] in Metasploit database update #1626
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1625
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1624
another cleanup round with copilot by @m-1-k-3 in another cleanup round with copilot #1628
Quick updates by @m-1-k-3 in Quick updates #1630
Quick updates by @m-1-k-3 in Quick updates #1631
style by @m-1-k-3 in style #1632
Quick updates by @m-1-k-3 in Quick updates #1633
reference by @m-1-k-3 in reference #1634
style by @m-1-k-3 in style #1635
cleanup, migrate wc by @m-1-k-3 in cleanup, migrate wc #1636
Check_project - fast mode by @m-1-k-3 in Check_project - fast mode #1637
Fixes everywhere by @m-1-k-3 in Fixes everywhere #1639
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1640
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1641
Metasploit database update by @github-actions[bot] in Metasploit database update #1642
Snyk database update by @github-actions[bot] in Snyk database update #1643
fix ambiguous redirect / Installer updates by @m-1-k-3 in fix ambiguous redirect / Installer updates #1644
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1645
GCC version database update by @github-actions[bot] in GCC version database update #1646
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1647
Metasploit database update by @github-actions[bot] in Metasploit database update #1648
Snyk database update by @github-actions[bot] in Snyk database update #1649
Fix L10 init entries by @m-1-k-3 in Fix L10 init entries #1650
Cleanup and Community projects by @m-1-k-3 in Cleanup and Community projects #1651
Snyk database update by @github-actions[bot] in Snyk database update #1656
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1654
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1653
Metasploit database update by @github-actions[bot] in Metasploit database update #1655
Improve EMBA version in F50 module by @m-1-k-3 in Improve EMBA version in F50 module #1652
Fix bug in S21 S23 S27 about csv path extraction by @starrysky1004 in Fix bug in S21 S23 S27 about csv path extraction #1659
Snyk database update by @github-actions[bot] in Snyk database update #1664
Metasploit database update by @github-actions[bot] in Metasploit database update #1663
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1662
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1661
Basic Tricore architecture support by @m-1-k-3 in Basic Tricore architecture support #1660
Fix build_cpe_identifier() does not product proper CPEs. #1666 / emulation updates by @m-1-k-3 in Fix #1666 / emulation updates #1667
Objdump fix / s40 perm fix / emulation max restart by @m-1-k-3 in Objdump fix / s40 perm fix / emulation max restart #1668
Improve s16, s17 modules by @m-1-k-3 in Improve s16, s17 modules #1670
Introduce the EMBA launcher by @m-1-k-3 in Introduce the EMBA launcher #1669
Snyk database update by @github-actions[bot] in Snyk database update #1673
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1672
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1671
Bandit config / L10 qemu log check by @m-1-k-3 in Bandit config / L10 qemu log check #1674
cleanup by @m-1-k-3 in cleanup #1675
Fix: release files cfg typo for SuSE by @dennisliuu in Fix: release files cfg typo for SuSE #1677
Snyk database update by @github-actions[bot] in Snyk database update #1681
Metasploit database update by @github-actions[bot] in Metasploit database update #1680
GCC version database update by @github-actions[bot] in GCC version database update #1679
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1678
Update README.md by @m-1-k-3 in Update README.md #1683
Snyk database update by @github-actions[bot] in Snyk database update #1687
Metasploit database update by @github-actions[bot] in Metasploit database update #1686
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1685
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1684
make s23 work again / L10 updates by @m-1-k-3 in make s23 work again / L10 updates #1676
Snyk database update by @github-actions[bot] in Snyk database update #1692
Metasploit database update by @github-actions[bot] in Metasploit database update #1691
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1690
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1689
Bump lycheeverse/lychee-action from 1.8.0 to 2.0.2 in /.github/workflows by @dependabot[bot] in Bump lycheeverse/lychee-action from 1.8.0 to 2.0.2 in /.github/workflows #1695
Snyk database update by @github-actions[bot] in Snyk database update #1700
Metasploit database update by @github-actions[bot] in Metasploit database update #1699
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1698
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1697
Add latest news section to README by @m-1-k-3 in Add latest news section to README #1696
l10 - shift around and cleanup by @m-1-k-3 in l10 - shift around and cleanup #1688
fix Missing lua detection case #1694 by @m-1-k-3 in fix #1694 #1701
Metasploit database update by @github-actions[bot] in Metasploit database update #1704
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1703
Snyk database update by @github-actions[bot] in Snyk database update #1705
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1702
Snyk database update by @github-actions[bot] in Snyk database update #1711
Metasploit database update by @github-actions[bot] in Metasploit database update #1710
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1709
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1708
multiple fixes by @m-1-k-3 in multiple fixes #1707
Snyk database update by @github-actions[bot] in Snyk database update #1715
Metasploit database update by @github-actions[bot] in Metasploit database update #1714
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1713
Add Rocky/RHEL/Alma/Redhat Linux support by @jurrejelle in Add Rocky/RHEL/Alma/Redhat Linux support #1712
Snyk database update by @github-actions[bot] in Snyk database update #1722
Metasploit database update by @github-actions[bot] in Metasploit database update #1721
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1719
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1720
Emulation engine - improve runtime and sevice starter by @m-1-k-3 in Emulation engine - improve runtime and sevice starter #1716
Snyk database update by @github-actions[bot] in Snyk database update #1725
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1724
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1723
Bump docker base image by @m-1-k-3 in Bump docker base image #1726
Make the default install workflow work again by @m-1-k-3 in Make the default install workflow work again #1727
Make workflows work again by @m-1-k-3 in Make workflows work again #1728
L10 config prio adjustments by @m-1-k-3 in L10 config prio adjustments #1729
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1730
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1731
Metasploit database update by @github-actions[bot] in Metasploit database update #1732
Snyk database update by @github-actions[bot] in Snyk database update #1733
Snyk database update by @github-actions[bot] in Snyk database update #1738
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1737
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1736
s22 fix and cleanup by @m-1-k-3 in s22 fix and cleanup #1739
fix multi_grep detection mechanism by @m-1-k-3 in fix multi_grep detection mechanism #1741
Snyk database update by @github-actions[bot] in Snyk database update #1745
Metasploit database update by @github-actions[bot] in Metasploit database update #1744
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1743
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1742
bump binutils by @m-1-k-3 in bump binutils #1746
Improve system restarter for HNAP/UPnP module by @m-1-k-3 in Improve system restarter for HNAP/UPnP module #1747
improve upnp/hnap/jnap module by @m-1-k-3 in improve upnp/hnap/jnap module #1749
Snyk database update by @github-actions[bot] in Snyk database update #1753
Metasploit database update by @github-actions[bot] in Metasploit database update #1752
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1751
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1750
fix nmap result copy by @m-1-k-3 in fix nmap result copy #1755
improve dnsmasq.json by @m-1-k-3 in improve dnsmasq.json #1756
fix upnp detection by @m-1-k-3 in fix upnp detection #1757
remove weak file pattern by @m-1-k-3 in remove weak file pattern #1758
Snyk database update by @github-actions[bot] in Snyk database update #1762
Metasploit database update by @github-actions[bot] in Metasploit database update #1761
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1760
s24 kernel detection improvementen by @m-1-k-3 in s24 kernel detection improvementen #1759
Bump docker base image by @m-1-k-3 in Bump docker base image #1764
fix s16 by @m-1-k-3 in fix s16 #1766
EMBA restart for firmware directories by @m-1-k-3 in EMBA restart for firmware directories #1767
fix Recurring EMBA docker environment not ready! #1774, New docker image output format #1773, EMBA docker environment not ready! #1772 by @m-1-k-3 in fix #1774, #1773, #1772 #1775
Add missing csv header fields to S12_binary_protection.sh by @jblu42 in Add missing csv header fields to S12_binary_protection.sh #1777
Snyk database update by @github-actions[bot] in Snyk database update #1781
Metasploit database update by @github-actions[bot] in Metasploit database update #1780
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1779
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1778
Improve package handling, fix CVE finding discrepancy between emba-f17-cve-bin-tool and cve-bin-tool itself #1765, Incorrect header in CSV: csv_logs/s09_firmware_base_version_check.csv #1771, 1782 by @m-1-k-3 in Improve package handling, fix #1765, #1771, 1782 #1769
Axis detection by @m-1-k-3 in Axis detection #1783
Dependency Track integration by @m-1-k-3 in Dependency Track integration #1784
Q20 - little fix by @m-1-k-3 in Q20 - little fix #1786
Snyk database update by @github-actions[bot] in Snyk database update #1790
Metasploit database update by @github-actions[bot] in Metasploit database update #1789
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1787
GCC version database update by @github-actions[bot] in GCC version database update #1788
improve wolfSSL identifier by @m-1-k-3 in improve wolfSSL identifier #1791
F14 - tag module integration by @m-1-k-3 in F14 - tag module integration #1792
Update latest news section in README.md by @m-1-k-3 in Update latest news section in README.md #1798
big cleanup round by @m-1-k-3 in big cleanup round #1793
bug report template improvements, little fixes by @m-1-k-3 in bug report template improvements, little fixes #1799
Updating CONTRIBUTORS.md by @m-1-k-3 in Updating CONTRIBUTORS.md #1800
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1802
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1801
Metasploit database update by @github-actions[bot] in Metasploit database update #1803
Snyk database update by @github-actions[bot] in Snyk database update #1804
add VERSION.XML parsing to s08 by @m-1-k-3 in add VERSION.XML parsing to s08 #1806
another cleanup round by @m-1-k-3 in another cleanup round #1807
fix: wrongly use '||' in L10_system_emulation.sh by @T1z1anXXX in fix: wrongly use '||' in L10_system_emulation.sh #1810
v2.0.0 preparation by @m-1-k-3 in v2.0.0 preparation #1809
bump docker base image by @m-1-k-3 in bump docker base image #1811
Snyk database update by @github-actions[bot] in Snyk database update #1815
Metasploit database update by @github-actions[bot] in Metasploit database update #1814
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1813
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1812
S17 log improvements by @m-1-k-3 in S17 log improvements #1816
Next v2.0.0 cleanup by @m-1-k-3 in Next v2.0.0 cleanup #1818
Crass update by @m-1-k-3 in Crass update #1821
Snyk database update by @github-actions[bot] in Snyk database update #1826
Metasploit database update by @github-actions[bot] in Metasploit database update #1825
CISA known exploited database update by @github-actions[bot] in CISA known exploited database update #1823
Linux kernel version database update by @github-actions[bot] in Linux kernel version database update #1824
S28 module: Java decompiler and analyzer / fix p10, add vineflower by @m-1-k-3 in S28 module: Java decompiler and analyzer / fix p10, add vineflower #1828
bump v2.0.0 by @m-1-k-3 in bump v2.0.0 #1830

New Contributors

@waiwai24 made their first contribution in optimize I05_emba_docker_image_dl.sh #1532
@Jeff-Rowell made their first contribution in Issue1614/feature request reuse existing SBOM for CVE rechecking without full rescan #1615
@starrysky1004 made their first contribution in Fix bug in S21 S23 S27 about csv path extraction #1659
@dennisliuu made their first contribution in Fix: release files cfg typo for SuSE #1677
@dependabot[bot] made their first contribution in Bump lycheeverse/lychee-action from 1.8.0 to 2.0.2 in /.github/workflows #1695
@jurrejelle made their first contribution in Add Rocky/RHEL/Alma/Redhat Linux support #1712
@T1z1anXXX made their first contribution in fix: wrongly use '||' in L10_system_emulation.sh #1810

Full Changelog: v1.5.2-SBOM-next-generation-EMBA...v2.0.0-A-brave-new-world

This discussion was created from the release EMBA v2.0.0 - A brave new world of firmware analysis.

waiwai24 · 2025-12-16T11:13:51Z

waiwai24
Dec 16, 2025

It's great to see that EMBA has taken an important step in firmware analysis, especially in improving the success rate of system simulation and integrating the SBOM workflow💪
Looking forward to further refinement in the subsequent versions

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

EMBA v2.0.0 - A brave new world of firmware analysis #1831

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

EMBA v2.0.0 - A brave new world of firmware analysis #1831

Uh oh!

m-1-k-3 Dec 16, 2025 Maintainer

What's Changed

New Contributors

Replies: 1 comment

Uh oh!

waiwai24 Dec 16, 2025

m-1-k-3
Dec 16, 2025
Maintainer

waiwai24
Dec 16, 2025