Installation

We strongly recommend that you run EMBA inside a virtual machine with a current version of Kali Linux (a current Kali Linux is recommend but a Ubuntu Jammy should also work). Additionally, the default (docker) mode should be used.
WARNING: Do not use EMBA in developer mode (-D) as it can execute malicious code (e.g. s115 module) and harm your host system! Only use it if you know what you are doing.

EMBA can be run in two modes, Classic and Developer. In the classic variant, EMBA and all modules are executed inside the Docker container. Developer mode is intended to be used exclusively for development and not on a regular basis. The standard Docker variant only requires Docker and cve-search to be installed on the host (sudo ./installer.sh -d) and EMBA will install everything else in the Docker container itself during of the first run.

Prerequisites

EMBA is using a lot of other tools in the background (mostly open-source). The needed system resources depend a lot on the firmware you are going to analyse. Usually EMBA runs quite smooth in the following environment:

• VMware running a current Kali Linux (currently we are using 2024/02) or Ubuntu:jammy (22.04 LTS)
• Note: EMBA is only designed to run on x86-64 architecture and it is not running on ARM architecture.
• Warning: EMBA is currently not running on other Linux Distributions without modifications. (For Ubuntu 22.10 a workaround is documented here)
• RAM: 16GB or more
• Processors: 8 cores minimum recommended (with 12 cores EMBA will run quite smooth)
• The more cores your system has for EMBA, the more RAM is needed. Rule of thumb: Double the cores and you have the minimum RAM in GB -> 12 cores results in at least 24GB of RAM. If EMBA is crashing your system or your desktop environment, please check the output of dmesg for OOM messages which are indicators that your system was running out of memory.
• For a typical installation (installer option -d), docker-compose version 1.29.x is the only tested version
• Hard disk: 30GB-100GB of free disk space (the more the better)

If you are using a recent Kali Linux, then the installer and EMBA itself should work fine. We are currently not testing alternative Linux distributions, but feel free to test it and modify EMBA, if needed. Don't forget to open a PR with your changes!

Classic installation

To install the necessary environment, you only have to run the install script with root permissions:

sudo ./installer.sh -d

WARNING: The prepared docker image is around 14G and you need to download it in a compressed state with around 6G.

You can choose to install your own docker image, instead of the default emba docker, by using the c flag followed by the name of the container:

sudo ./installer.sh -d -c {name-of-the-container}

If this switch is not used, EMBA will download the default docker image.

You should use the -d switch with the installer to run a typical installation. This will install needed dependencies (e.g. cve-search) on the host. Additionally it will download the EMBA docker image. We recommend using this for the initial installation. The default usage of EMBA is with the protection of a Docker environment, and therefore is very easy to maintain.

Good to know:
If you are using an older distribution, it can happen that some of the installed programs (especially docker-compose) in the package sources correspond to an older version than is required for EMBA. To work around this potential problem: use a modern Debian derivative or manually update these tools.

• To build the EMBA container manually:

  docker-compose build emba
  

  (you can skip this step, then EMBA download a fresh docker image on its first run from hub.docker.com)

Random installation topics

• Hints on installation behind a proxy
• Installing EMBA on Ubuntu 20.04 - LTS
• Vagrant installation project - EMBAbox
• EMBA/EMBArk installation on proxmox

Dependencies

EMBA uses numerous external tools, which are installed with the installer script. The applications that the installer needs to compile, parse or install are not listed here. If there are used tools missing, then please open an issue and we will add them here.

• FIT-Image extractor
• EnGenius decryptor
• Unblob extractor
• BMC decryptor
• binwalk
• cpu_rec
• checksec
• CISA known exploited vulnerabilities catalog
• EPSS data
• CVE-Search - removed in version 1.3.2
• CVE-Searchsploit
• cwe-checker
• capa
• RUST
• OpenJDK
• Docker
  • docker-compose
  • docker.io
• GHIDRA
  • Haruspex Ghidra script
• Radare2
• fdtdump (device-tree-compiler)
• linux-exploit-suggester
• OpenSSL
• uboot mkimage
• objdump
• pixd
• bandit
• progpilot
• Zarn
• semgrep
  • semgrep community rules
  • semgrep rules for C/C++ by 0xdea
• qemu-user-static
• shellcheck
• sshdcc
• sudo parser
• STACS - Static Token And Credential Scanner
• yara
• Android payload dumper
• APKHunt
• John the Ripper password cracker
• patool - portable archive file manager
• FwHunt - UEFI firmware analyzer
• BIOSUtilities
• CycloneDX - SBOM converter
• jchroot - a chroot with more isolation
• yara rules:
  • ahhh/YARA/crypto_signatures.yar
  • DiabloHorn/yara4pentesters/juicy_files.txt
  • Xumeiquer/yara-forensics/compressed.yar
  • Yara-Rules/rules/packer_compiler_signatures.yar
• Full system emulator
  • Qemu system mode emulator
  • FirmAE kernels
  • Nmap portscanner
  • SNMP check
  • TestSSL.sh
  • Nikto web server analyzer
  • Arachni web application analyzer
  • GH0st3rs Routersploit fork
  • Metasploit Framework

We try to keep track of all the used projects here.

System tools

The EMBA installer installs all the necessary external tools for smooth operation, but EMBA requires many system-internal tools. During our development on Kali these tools have always been on the system, and therefore are not reinstalled.

• awk
• basename
• bc
• cat
• chmod
• chown
• cp
• cut
• date
• dirname
• dpkg-deb
• echo
• eval
• find
• grep
• head
• kill
• ln
• ls
• md5sum
• mkdir
• mknod
• modinfo
• mv
• netstat
• printf
• pwd
• readelf
• realpath
• rm
• rmdir
• rpm
• sed
• seq
• sleep
• sort
• strings
• tee
• touch
• tr
• tree
• uniq
• unzip
• wc

It is possible that some tools used in EMBA have been forgotten and are not listed. If so, we are really sorry! Please send us a note and we will fix it.