Binwalk Enterprise TSG
-
Symptom: Access to the Web UI protected by a single password and you are unsure how to setup Multi-Factor Authentication.
-
Cause: This feature requires setup.
-
Resolution: Centrifuge does offer Multi-Factor Authentication support. Most authenticator apps work without issue. Applications like Authy, Google Authenticator & Microsoft Authenticator will work fine to name a few. In order to setup Multi-Factor Authentication for Centrifuge, you need to select "Account Settings" from the username drop down menu once you're logged into the Centrifuge Web UI.
From the "Account Settings" page select "Security" and click on "Set up" underneath "Two-Factor Authentication (2FA)". You will then be provided with steps and a QR code to complete the activation.
-
Symptom: You encounter errors stating you have an “Incorrect MFA Token”.
-
Cause: This is likely an issue with Refirm Labs Multi-Factor Authentication Server.
-
Resolution: Please contact our support team to assist you further. Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: You receive an "Account Expired" message after attempting to login.
-
Cause: Either your subscription has lapsed without renewal or you are a trial user whose trial has ended.
-
Resolution: Is your subscription up to date? If so, please contact our team for further assistance. If you are a trial user who has received this message and you require access to the Web UI as part of your proof of concept, please contact your Sales Representative or open a ticket with our support team discuss further: Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: On attempting to login, you find a username not found error.
-
Cause: Could be the result of typos during account creation or misremembered username.
-
Resolution: As a reminder, the username is the email associated with your centrifuge account. If you are certain the correct email is being used, please contact our support team to assist you further. Instructions can be found within the FAQ or from within the Binwalk Enterprise Web UI: Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: Incorrect Password.
-
Cause: A password may have been forgotten or was accidently created with unintended typos.
-
Resolution: Customers can reset their password using the link below. Binwalk Enterprise Web UI - Reset Password If the automated email is never received on the customer end, please ensure their email address matches the one listed in their profile and that the email isn’t being delivered to a spam filter. If the email isn't being blocked by a mail filter, please contact our support team to assist you further. Binwalk Enterprise FAQ - How to Contact Support
Binwalk exposes its data via REST API so that users can interact with Binwalk in a programmatic way. An authenticated user can upload, analyze, and parse results all from a script or application.
-
Symptom: You notice improper functionality of the platform or one of its features.
-
Cause: Bugs or inconsistencies on how CVEs are being reported through our platform.
-
Resolution: Please report these issues to our support team so we can continue to improve our platform. Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: You are unable to upload a file over 3gb (Or any large file).
-
Cause: Centrifuge Web UI is limited to 3gb file sizes.
-
Resolution: File sizes are unlimited when uploading via REST API. Customers can be directed towards the API documentation for additional details: Binwalk Enterprise API Guide - Add Large Firmware for Analysis Should this method fail, please contact our support team. Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: A message appears alerting you that you have reached your upload limit while using a trial account even after deleting uploads.
-
Cause: Trial accounts have a limit of 3 uploads and to prevent abuse, you are not allowed to delete uploads and add additional ones.
-
Resolution: Exceptions can be made. Please contact our team to discuss situations that may have prevented you from conducting a proper test of our solution.
-
Symptom: Customer receives an error stating "413 Request Entity too large" or something like that.
-
Cause: This is the result of a cloudflare error reaching upload limit sizes. This affects uploads 100mb or larger, this link can provide additional clarification: 413 Error - Request Entity too large
-
Resolution: This type of problem is usually encountered by command line users and is resolved by uploading the firmware in chunks for processing. The link below can explain more: Binwalk API Documentation - Upload large files for analysis
Users uploading from the webUI will have this process handling automatically.
-
Symptom: Sending firmware images to another organization's cloud violates policy.
-
Cause: Organizations often introduce such policies due to intellectual property concerns, confidentiality, etc.
-
Resolution:
A deployment On-Premise is ideal for users who have heightened security requirements to protect Intellectual Property, meet specific policy requirements, etc. On-Premise deployments offer the same features as our hosted Binwalk Enterprise platform and can be deployed through the use of Replicated Multi-Prem Solutions to a local environment. To inquire further about getting started with an On-Premise deployment, please contact our support team.
Binwalk Enterprise - How to Contact Support
Thank you for deciding to use Centrifuge to help vet and validate the security posture of your firmware at scale. Centrifuge was designed to be deployed as a cloud-connected Software-as-a-Service. As such, adapting to run on-premises presents unique challenges. We use Replicated to package our cloud stack so that our customers can self-install and self-upgrade their on-premises deployments of Centrifuge.
Supported Operating Systems
ReFirm generally tests all our deployments on Debian 9, however the following operating systems should also work:
- Debian 7.7+
- Ubuntu 14.04.5 / 16.04 / 18.04
- Red Hat Enterprise Linux 6.5+
- CentOS 6+
- Amazon Linux 2014.03 / 2014.09 / 2015.03 / 2015.09 / 2016.03 / 2016.09 / 2017.03 / 2017.09 / 2018.03 / 2.0
- Oracle Linux 6.5+
Machine Requirements Minimum Specifications:
- 4 Cores @ 3.0Ghz
- 32GB of RAM
Recommended Specifications:
- 6 Cores @ 3.6 Ghz
- 64 GB of RAM
The storage requirement is determined by the amount of firmware you expect to upload. The core Centrifuge software stack takes approximately 30 GB of space on the drive including the operating system. For each firmware that is uploaded expect a 15x increase in storage needed. So if you upload a 20MB firmware image, expect the disk usage to increase by 300MB.
We recommend our customers deploy Centrifuge inside of a managed virtual environment (like ESX or vSphere) that allows you to resize the disk as needed. Be aware that all of the storage being used is in docker volumes. These volumes are generally stored in the /var partition of the host system - so please ensure that the majority of free space is allocated to /var.
Installation of Centrifuge using Replicated is quite easy and intuitive. Once we supply you with a license file, and you have your machine or virtual machine created you simply run the following commands:
curl -sSL -o install.sh https://get.replicated.com/centrifuge/stable/swarm-init
sudo bash ./install.shFollow the on-screen prompts and instructions. You can also see an example of this installation process here:
Installing cloud-native software on-prem | Replicated Enterprise Demo
Note: If you are an air-gapped on-premises customer the installation process is a little different. Please reach out to us for those instructions.
Upgrades and bugfix intervals are scheduled on a periodic basis. Bugfixes and minor enhancements are released on a monthly basis, major releases are pushed on a quarterly basis. As a customer, you can manage all the updates to the platform through the Replicated administrative interface.
Any questions or concerns with the details above please do not hesitate to contact our support staff.
Binwalk Enterprise - How to Contact Support
It is possible to create an air-gapped version of Binwalk Enterprise. The below is a link to Replicated's website where the process is explained in detail:
Binwalk Enterprise - Airgapped Installation
We also have a video walkthrough of the Air-Gap installation process:
How to Airgap the centrifuge Platform using Replicated
An Air-Gapped installation does require a specific license to be generated prior to setup. If you encounter issues during setup, feel free to contact our support team to assist you.
Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: IoT devices can present serious vulnerabilities in an ever-expanding attack surface.
-
Cause: Poor coding practices or malicious actors.
-
Resolution: Binwalk Enterprise automates firmware analysis which was previously a very manual and time consuming process. A failure to detect things like poor coding practices on behalf of vendors can result in massive security vulnerabilities for any organization. Within scanned firmware images, Binwalk Enterprise can help identify the following:
-
Known Exploits
-
Backdoors
-
Potential Zero-Day Threats
-
Known Vulnerabilities(CVEs)
-
Expired Crypto Keys
-
Weak Security Settings
-
Hardcoded passwords
-
Noncompliance
The Enterprise edition operates as a Single-Tenant SaaS, on-premise or air-gapped deployment with Two-Factor Authentication and SSO connectivity. Binwalk Enterprise integrates into your existing cybersecurity processes through a full RESTful API or command line interface. We employ Static and Emulated analysis against common or custom security policies and standards. As firmware is uploaded, Binwalk Enterprise can automatically monitor for new threats as new vulnerabilities become disclosed.
| Feature | Open-Source | Enterprise | Description |
|---|---|---|---|
| Firmware Comparison | Yes | Show changes to firmware & security analysis results to focus security assessments & spot regressions | |
| Policy/Compliance Reporting | Yes | Interpret security analysis results against common or customer security policies & standards | |
| Detailed Web Reporting | Yes | Downloadable in PDF | |
| Shared Report Links | Yes | Share analysis results with password protected, time to expiration links | |
| Data Export via JSON/CSV | Yes | Download individual results in JSON or CSV format | |
| Full RESTful API | Yes | Integrate with automated workflows | |
| Two-Factor Authentication | Yes | Supports many one-time password solutions like Google Authenticator | |
| Enterprise SSO | Yes | Integrate with cloud SSO providers or Active Directory | |
| Single-Tenant Deployment | Yes | Isolated SaaS deployment | |
| On-Premise/Airgapped deployment | Yes | Meet organizational IP/security requirements with 100% on-premise deployments | |
| Organizations/Groups | Yes | Isolate firmware by organization/supplier |
-
Symptom: Your upload has become stuck and never finished extracting. The upload still has results visible in the Centrifuge UI and the extracted size appears to be right, but the report still shows as finishing analysis.
-
Cause: Your scans being stuck in progress can have a few different causes. One or multiple users may be uploading files to be scanned en masse and over-taxing the available resources used by Centrifuge to scan files.
-
Resolution: If an upload appears to have the correct number of files and Is stuck in a "Finishing Analysis" state, it is possible to force the analysis to finish to avoid resubmission of the firmware. Please consult our Rest API guide for additional steps: Binwalk Enterprise API Guide - Mark Upload as Finished
-
Symptom: Your uploaded file and the analysis results seem very sparse or maybe multiple uploads yield different results.
-
Cause: If there are no results, and the file extraction count is lower than expected then this could have a few different causes. It may be due to excess load on Centrifuge from too much demand on resources but could also be due to unsupported file types.
-
Resolution: Was there a filesystem detected within your upload? Do you believe there should be a Linux or QNX based filesystem present in the analysis? A list of officially supported file types is available in our FAQ. Binwalk Enterprise FAQ In the case where a you are attempting to upload a standalone binary, you may need to package(via tar or zip file) it with its associated file system in order for Centrifuge to provide analysis. The absence of a firmware image in an uploaded file can be easy to find from within the Centrifuge UI. On the 'Report Overview' page check if there is a count for Root FS to see if a scan was successful. A quick scan on the 'Software Bill of Materials', 'Code Analysis' and 'Binary Hardening' pages will yield 0 results at all if there is no firmware image present. We encourage you to open a support ticket on this issue so we can assist you further. Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: Uploads become stuck and never finish extracting.
-
Cause: Scans being stuck in progress can have a few different causes. Larger file sizes typically take a long time to yield analysis results. Scans have been stuck previously and need to be requeued.
-
Resolution: If the file is a larger file (>1.5gb) it may just need a long time to process. In some cases, scans of larger images have taken several days to complete. One option which may help larger files is to use method described in our API documentation: Binwalk Enterprise API Guide - Add Large Firmware for Analysis If the upload is smaller or if a large upload has been stuck for several days the scan may have encountered other issues and we recommend opening a support ticket.
Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: You are unable to generate the PDF report through the Centrifuge interface.
-
Cause: The hardware resources available for Centrifuge to conduct analysis can be the result of issues such as this. It's not uncommon when the platform is under heavy usage to have side effects like stuck scans or an inability to generate PDF reports. We also may be experience other internal issues challenging the availability of certain features.
-
Resolution: Please open a support ticket using the link below. Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: Report needs to be deleted.
-
Cause: Erroneous upload or is no longer needed.
-
Resolution: A report can be deleted through the Binwalk Enterprise Web UI or through REST API. After logging into the Web UI, navigate to "My Reports". On the right side of the page next to each Firmware Image should be an option to delete the upload:
Alternatively, this process can also be done through the REST API. Binwalk Enterprise API Guide - Remove Firmware
-
Symptom: Reports need to be shared.
-
Cause: Reports are very interesting.
-
Resolution: A report can be shared through the Web UI. After clicking on the report you wish to share, you can find a link on the top right side of the page:
-
Symptom: A report was previously shared with someone who no longer needs access.
-
Cause: Shared mistakenly or temporarily.
-
Resolution: Shared reports can be managed by accessing the "Account Settings" page and selecting the "Security Section".
-
Symptom: An uploaded file expands into a massively larger file after analysis.
-
Cause: It's fairly common for extracted file sizes to be very large (20-60 gigabytes).
-
Resolution: Access the upload within the Centrifuge UI and take note of the "File Size" compared to the "Extracted Size" on the "Report Overview" page. Unless there is an extreme disparity (For example, 100mb extracting into 70gb), chances are the large extracted file size is completely normal.
-
Symptom: Centrifuge presents a vulnerability that has already been addressed by the development team.
-
Cause: Vulnerable code can be addressed with the surrounding code or services.
-
Resolution: While the generally recognized definition of a "false positive" is an alert for a non-present threat, this may be the wrong context to view your report. Non-critical vulnerabilities are reported after conducting static analysis. "Critical Vulnerabilities" should be interpreted as something that could be dangerous and a starting point to review how secure an image is. For "Critical Vulnerabilities", Emulation is performed against the function that contains the flaw. Attempting to emulate an entire binary is extremely complicated to do on a large scale especially with something as varied and hard-ware specific as embedded firmware. We can't always know if source data is attacker controlled or not, or know what the surrounding environment will be, so our analysis tends to air on the side of caution.
If you still believe the vulnerability being reported is a "false positive" within the context of that explanation, please contact our support team so we may address it as soon as we are able.