emba says hello world

Author: Michael Messner

.gitignore

@@ -0,0 +1,5 @@
+.idea/
+logs/
+dir-combined.yara
+external/
+!external/.keep

CONTRIBUTING.md

@@ -0,0 +1,87 @@
+# Contributing to *emba*
+Contributions to *emba* are always welcome. This document explains the general requirements for contributions and the recommended preparation steps. 
+It also sketches the typical integration process of patches.
+
+## 1) Contribution Checklist
+
+
+- use git to manage your changes [*recommended*]
+
+- add the required copyright header to each new file introduced, see
+  [licensing information](./LICENSE) [**required**]
+
+- structure patches logically, in small steps [**required**]
+    - one separable functionality/fix/refactoring = one patch
+    - do not mix those three into a single patch (e.g., first refactor, then add a new functionality that builds onto the refactoring)
+    - after each patch, *emba* has to work. Do not add
+      even temporary breakages inside a patch series (helps when tracking down bugs)
+    - use `git rebase -i` to restructure a patch series
+
+- base patches on top of latest master or - if there are dependencies - on next
+  (note: next is an integration branch that may change non-linearly)
+
+- add signed-off to all patches [**required**]
+    - to certify the "Developer's Certificate of Origin", see below
+    - check with your employer when not working on your own!
+
+- test your code with shellcheck [**required**] 
+    -  see the included [shellchecker script](./check_project.sh)
+
+- send reminder if nothing happens after about a week
+
+- the code needs to work on the latest Kali Linux (other distributions are welcome but currently not tested)
+
+## 2) Code Guidelines
+
+- General: Identation should be 2 spaces (no tab character)
+
+- Comments: use # sign followed by a space. When needed, create a comment block. Blank lines: allowed
+
+- All functions use snake_case (e.g. `test_xyz()`). One blank lines between functions.
+
+- Variables: Variables should be capitalized, with underscore as word separator (e.g. `PROCESS_EXISTS=1`)
+
+- If you use external code, add `# Test source: [LINK TO CODE]` above
+
+- Scope of variables: Use local variables if possible
+
+- Use `export` for variables which aren't only used in one file - it isn't necessary, but helps for readability
+
+- Code tests: Use shellcheck to test your code (./check_project.sh)
+
+## 3) Developer's Certificate of Origin 1.1
+
+When signing-off a patch for this project like this
+
+    Signed-off-by: Random J Developer <[email protected]>
+
+using your real name (no pseudonyms or anonymous contributions), you declare the
+following:
+
+    By making a contribution to this project, I certify that:
+
+        (a) The contribution was created in whole or in part by me and I
+            have the right to submit it under the open source license
+            indicated in the file; or
+
+        (b) The contribution is based upon previous work that, to the best
+            of my knowledge, is covered under an appropriate open source
+            license and I have the right under that license to submit that
+            work with modifications, whether created in whole or in part
+            by me, under the same open source license (unless I am
+            permitted to submit under a different license), as indicated
+            in the file; or
+
+        (c) The contribution was provided directly to me by some other
+            person who certified (a), (b) or (c) and I have not modified
+            it.
+
+        (d) I understand and agree that this project and the contribution
+            are public and that a record of the contribution (including all
+            personal information I submit with it, including my sign-off) is
+            maintained indefinitely and may be redistributed consistent with
+            this project or the open source license(s) involved.
+
+See also https://www.kernel.org/doc/Documentation/process/submitting-patches.rst
+(Section 11, "Sign your work") for further background on this process which was
+adopted from the Linux kernel.

LICENSE

@@ -1,2 +1,179 @@
-# emba
-emba - Embedded Analyzer
+<!-- 
+emba - EMBEDDED LINUX ANALYZER
+
+Copyright 2020 Siemens AG
+
+emba comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+welcome to redistribute it under the terms of the GNU General Public License.
+See LICENSE file for usage of this software.
+
+Emba is licensed under GPLv3
+
+Author(s): Michael Messner, Pascal Eckmann
+-->
+# emba, an analyzer for Linux-based firmware of embedded devices
+
+![Logo emba](./helpers/emba.png)
+
+
+### Why?
+
+_emba_ is being developed as a firmware scanner that analyses already-extracted Linux-based firmware images. It should help you to identify and focus on the interesting areas of a huge firmware image.
+Although _emba_ is optimized for offline firmware images, it can test both, live systems and extracted images. Additionally, it can also analyze kernel configurations.
+_emba_ is designed to assist a penetration tester. It is not designed as a standalone tool without human interaction. _emba_ is designed to give as much information as possible about the firmware. The tester can decide on the areas to focus on and is always responsible for verifying and interpreting the results.
+
+![emba_weak_functions](./documentation/emba_03.png)
+
+### How to use it?
+
+
+__Before starting, check that all dependencies are met and use the installer.sh script:
+`./emba.sh -d` or `./emba.sh -d -F`__
+
+##### Arguments:  
+```
+Test firmware / live system
+-a [MIPS]         Architecture of the linux firmware [MIPS, ARM, x86, x64]
+-A [MIPS]         Force Architecture of the linux firmware [MIPS, ARM, x86, x64] (disable architecture check)
+-l [./path]       Log path
+-f [./path]       Firmware path
+-e [./path]       Exclude paths from testing (multiple usage possible)
+-m [MODULE_NO.]   Test only with set modules [e.g. -m 05 -m 10 ... ] (multiple usage possible)
+-c                Enable cwe-checker
+
+Dependency check
+-d                Only check dependencies
+-F                Check dependencies but ignore errors
+
+Test kernel config
+-k [./config]     Kernel config path
+
+Modify output
+-s                Print only relative paths
+-z                Add ANSI color codes to log
+
+Help
+-h                Print this help message
+
+```
+
+#### Examples
+
+##### Static firmware testing:
+- Extract the firmware from an update file or from flash storage with [binwalk](https://github.com/ReFirmLabs/binwalk) or something else
+- Execute _emba_ with set parameters, e.g.
+  
+`sudo ./emba.sh -l ./logs/arm_test -f ./firmware/arm_firmware/`   
+
+<img src="./documentation/emba_01.png" alt="emba example startup" width="600"/>
+
+- Path for logs and firmware path are necessary for testing successfully (__WARNING:__ emba needs some free disk space for logging)
+- Architecture will be detected automatically; you can overwrite it with `-a [ARCH]`
+- Use `-A [ARCH]` if you don't want to use auto detection for architecture
+- _emba_ currently supports the following architectures: MIPS, ARM, PPC, x86 and x64
+
+##### Live testing:
+For testing live system with _emba_ run it as if you were testing static firmware, but with `/` as firmware path:
+
+`sudo ./emba.sh -l ./logs/local_test -f /`
+
+- Path for logs and firmware path are necessary for testing successfully
+- Architecture will be detected automatically; you can overwrite it with `-a [ARCH]`
+- Use `-A [ARCH]` if you don't want to use auto detection for architecture
+- The paths `/proc` and `/sys` will be automatically excluded
+- It improves output and performance, if you exclude docker    
+`-e /var/lib/docker`
+
+##### Test kernel config:
+Test only a kernel configuration with the kernel checker of [checksec](https://github.com/slimm609/checksec.sh):
+
+`sudo ./emba.sh -l ./logs/kernel_conf -k ./kernel.config`
+
+- If you add `-f ./firmware/x86_firmware/`, it will ignore `-k` and search for a kernel config inside
+the firmware
+
+__Good to know:__
+- `sudo` is necessary for some modules to run properly
+- Currently only tested on [Kali Linux](https://kali.org/downloads)(2020.2)
+- _emba_ needs some free disk space for logging
+- _emba_ uses well known tools like objdump, [LinEnum](https://github.com/rebootuser/LinEnum), [checksec](https://github.com/slimm609/checksec.sh), [linux-exploit-suggester.sh](https://github.com/mzet-/linux-exploit-suggester), [cwe-checker](https://github.com/fkie-cad/cwe_checker)
+- _emba_ includes multiple modules of the well known Linux analyser [Lynis](https://cisofy.com/lynis/)
+
+### Dependencies
+
+_emba_ uses multiple other tools and components.
+
+For using _emba_ with all features, you will need following tools on your __Kali Linux__:
+- `readelf`
+- `find`
+- `grep`
+- `modinfo`
+- `realpath`
+- `sed`
+- `cut`
+- `sort`
+- `basename`
+- `strings`
+- `Option: tree`
+- `Option: shellcheck`
+- `Option: docker`
+- `Option: yara`
+
+To check these dependencies, only run `sudo ./emba.sh -d`
+
+For installation of all needed dependencies, run `sudo ./installer.sh`
+
+### Structure
+
+```
+├── installer.sh
+```
+    
+-> Tries to install all needed dependencies. Internet access for downloading is required.
+  - Afterwards no Internet access is needed
+```
+├── check_project.sh
+```
+    
+-> Check full project with all subdirectories with [shellchecker](https://github.com/koalaman/shellcheck)   
+   - Install it on your system (Kali) with `apt-get install shellcheck`
+```
+├── emba.sh
+```
+-> Main script of this project
+```
+├── config
+```
+-> Configuration files for different modules with file names, regular expressions or paths. These files are very handy,
+   easy to use and they also keep the modules clean.
+```
+├── external
+```
+-> All tools and files which are from other projects and necessary for _emba_
+```
+├── helpers
+```
+-> Some scripts for stuff like pretty formatting on your terminal or path handling
+```
+└── modules
+```
+-> The stars of the project - every module is an own file and will be called by [_emba_](/emba.sh). 
+
+### External tools in directory 'external'
+- ./yara
+    - yara rule files - add your own rules here
+- ./checksec
+    - https://github.com/slimm609/checksec.sh
+- ./linux-exploit-suggester.sh
+    - https://github.com/mzet-/linux-exploit-suggester
+- ./objdump with all architectures enabled
+    - https://www.gnu.org/software/binutils/
+- ./allitems.csv
+    - Use the CSV formated vulnerability list from Mitre: https://cve.mitre.org/data/downloads/
+
+### How to write own modules?
+
+[Look here](/modules/template_module.sh) - read this file, copy and modify it. Add your _main_ function, where `module_log_init` 
+and `module_title` are been called to the [_emba_](/emba.sh) script. That's it. Or if you only want to run a single command:
+Add your command to [_user\_check_](/modules/user_check.sh) and uncomment `user_check` in the [_emba_](/emba.sh) script.
+

README.md

@@ -0,0 +1,82 @@
+#!/bin/bash
+
+# emba - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020 Siemens AG
+#
+# emba comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# Emba is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+
+# Description:  Check all shell scripts inside ./helpers, ./modules, emba.sh and itself with shellchecker
+
+GREEN='\033[0;32m'
+ORANGE='\033[0;33m'
+BOLD='\033[1m'
+NC='\033[0m' # no color
+
+HELP_DIR="./helpers"
+MOD_DIR="./modules"
+
+SOURCES=()
+
+import_helper() {
+  HELPERS=$(find "$HELP_DIR" -iname "*.sh" 2>/dev/null)
+  for LINE in $HELPERS; do
+    if (file "$LINE" | grep -q "shell script"); then
+      echo "$LINE"
+      SOURCES+=("$LINE")
+    fi
+  done
+}
+
+import_module() {
+  MODULES=$(find "$MOD_DIR" -iname "*.sh" 2>/dev/null)
+  for LINE in $MODULES; do
+    if (file "$LINE" | grep -q "shell script"); then
+      echo "$LINE"
+      SOURCES+=("$LINE")
+    fi
+  done
+}
+
+check()
+{
+  echo -e "\\n""$ORANGE""$BOLD""Embedded Linux Analyzer Shellcheck""$NC""\\n""$BOLD""=================================================================""$NC"
+  if ! command -v shellcheck >/dev/null 2>&1; then
+    echo -e "\\n""$ORANGE""Shellcheck not found!""$NC""\\n""$ORANGE""Install shellcheck via 'apt-get install shellcheck'!""$NC\\n"
+    exit 1
+  fi
+
+  echo -e "\\n""$GREEN""Run shellcheck on this script:""$NC""\\n"
+  if shellcheck ./check_project.sh || [[ $? -ne 1 && $? -ne 2 ]]; then
+    echo -e "$GREEN""$BOLD""==> SUCCESS""$NC""\\n"
+  else
+    echo -e "\\n""$ORANGE$BOLD==> FIX ERRORS""$NC""\\n"
+  fi
+
+  echo -e "\\n""$GREEN""Run shellcheck on installer:""$NC""\\n"
+  if shellcheck ./installer.sh || [[ $? -ne 1 && $? -ne 2 ]]; then
+    echo -e "$GREEN""$BOLD""==> SUCCESS""$NC""\\n"
+  else
+    echo -e "\\n""$ORANGE$BOLD==> FIX ERRORS""$NC""\\n"
+  fi
+
+  echo -e "\\n""$GREEN""Load all files for check:""$NC""\\n"
+  echo "./emba.sh"
+  import_helper
+  import_module
+
+  echo -e "\\n""$GREEN""Run shellcheck:""$NC""\\n"
+  if shellcheck -P "$HELP_DIR":"$MOD_DIR" -a ./emba.sh "${SOURCES[@]}" || [[ $? -ne 1 && $? -ne 2 ]]; then
+    echo -e "$GREEN""$BOLD""==> SUCCESS""$NC""\\n"
+  else
+    echo -e "\\n""$ORANGE""$BOLD""==> FIX ERRORS""$NC""\\n"
+  fi
+}
+
+check

check_project.sh

@@ -0,0 +1,6 @@
+*/inittab
+*/rcS*
+*/init.d
+*/rc.d
+*/rc?.d
+*/*.service

config/boot_files.cfg

@@ -0,0 +1,4 @@
+*/*.pem
+*/authorized_keys
+*/id_dsa
+*/id_rsa

config/cert_files.cfg

@@ -0,0 +1,3 @@
+*/*www*
+*/*cgi*
+*/*htdocs*

config/check_command_inj_dirs.cfg

@@ -0,0 +1,4 @@
+'.*$.*'
+$(.*$.*)
+shell_exec('.*$.*');
+exec('.*$.*');

config/check_command_injections.cfg

@@ -0,0 +1,7 @@
+*/*.cfg
+*/*.conf
+*/*.rhosts
+*/hosts.equiv
+*/exports
+*/fstab
+*/*.bak

config/config_files.cfg

@@ -0,0 +1,2 @@
+PRIVATE KEY-----
+\-\-\-\-\-BEGIN\ .*PRIVATE KEY\-\-\-\-\-

config/deep_search.cfg

@@ -0,0 +1,7 @@
+strcpy
+strcat
+printf
+fprintf
+sprintf
+system
+mmap