search

e-m-b-a / embark

EMBArk - The firmware security scanning environment
https://www.securefirmware.de
MIT License
314 stars 46 forks source link

Minor findings in installation, startup and usage of EMBArk #51

Closed torabi12 closed 2 years ago

torabi12 commented 2 years ago

Describe the bug During the installation the following errors came:

kép

kép

kép

Starting EMBArk displays these issues:

kép

kép

kép

Uploading a firmware file works fine but the path looks like this:

kép

The progress bar did not go to 100% but the san has been finished:

kép

I was able to reproduce this issue more times. I know the scan is finished when the fan slows down in the computer but the progress bar does not go to 100%.

I entered these parameters for the scan: kép

but the report contains these: kép

It would be very useful to show real version numbers and proper data in the report, because if I have more scans difficult to check the real versions if the data is incomplete.

To Reproduce Steps to reproduce the behavior:

  1. EMBArk installation (default mode)
  2. Start EMBArk: sudo ./run-server.sh
  3. Use the firmware available here: https://cyberforat.squat.net/openwrt/binary_images/linksys_official/WRT54GS_3.17.4_US_code.zip
  4. See error

Expected behavior Please fix the errors if posible.

Screenshots Attached above.

Desktop (please complete the following information):

torabi12 commented 2 years ago

I checked the same on Kali 2022.3.

During the EMBArk installation there were these warnings: kép

kép

I use a brand new workstation with 11th gen i7 CPU with latest BIOS but I got this more times: kép

and the final one: kép

Usage of EMBArk: Same fakepath as on Ubuntu and on Kali: kép

The progress bar also stopped again but the scan has been finished for sure: kép

and the final report is incomplete: kép

OS: Kali 2022.3 VMware Workstation Pro 16

BenediktMKuehne commented 2 years ago

Hi torabi,

the uploader and the reporter problem are there for anti code-injection stuff. They will eventually be back to working as expected.

The progress-bar overhaul is on the TODO-list. It has some design flaws at the moment.

the warnings etc in #53

BenediktMKuehne commented 2 years ago

pipenv warnings are related to this https://github.com/pypa/pipenv/issues/5208

m-1-k-3 commented 2 years ago

pipenv warnings are related to this pypa/pipenv#5208

Thank you for the resource. We have such warnings in multiple areas in EMBA.

torabi12 commented 2 years ago

Hello Benedikt,

I checked today the upload and reporting in EMBArk and I have these info:

kép

I added these parameters: kép

and I got this back: kép

The final report would be important I think because the user would store only the html pages of the scans. Could you check it on your side please? Thank you.

m-1-k-3 commented 2 years ago

@torabi12 please open a new ticket for better tracking

Thank you