search

e-m-b-a / embark

EMBArk - The firmware security scanning environment
https://www.securefirmware.de
MIT License
314 stars 46 forks source link

s109 page is not reachable #97

Closed torabi12 closed 1 year ago

torabi12 commented 1 year ago

Describe the bug I used a custom wordlist file in /embark/emba/config/jtr_wordlist.txt, which contained the good password for the scanned FW. I executed the same default-profile scan in emba and in EMBArk, and the s109 modul sub page dropped UnicodeDecodeError in the browser, see screenshots.

To Reproduce Steps to reproduce the behavior:

  1. EMBArk installation default mode
  2. Start EMBArk: sudo ./run-server.sh -a 192.168.x.x
  3. Use the firmware available here: kkeps.bin
  4. Open "Cracking identified password hashes" menu
  5. See error

Expected behavior Page should be displayed in EMBArk.

Screenshots emba: image

EMBArk: image

Desktop (please complete the following information):

Additional context I used this wordlist files with custom modification: https://github.com/berzerk0/Probable-Wordlists/tree/master/Real-Passwords

Top109Million-probable-v2.txt = jtr_wordlist.txt

BenediktMKuehne commented 1 year ago

I'm looking at this...and I don't really know what to do. If that's the only firmware where this happens, I would just tend to ignore it. Reason is as follows; Resources should only be accessed through EMBArk and since this requires the html-template-render functionality.

This could be a bug inside the Django framework though. Could you extract that html page from the log-files and post it here?

torabi12 commented 1 year ago

Hello,

I am sending the html-report folder from EMBArk. html-report.zip

In this version the s109 page is opened. The problem only opening the EMBArk page / report / Open Report / Cracking identified password hashes.

I have checked all the sub pages and this is the only one which is not OK.

torabi12 commented 1 year ago

Iam going to try the same with another binary file. I used kkeps.bin for an old SmartPlug device. I thought that is good for testing because I knew the password inside and I wanted to get back the result from EMBA in the report.

torabi12 commented 1 year ago

I have good news. I reexecuted the same test in EMBArk today (upgraded today also) and the s109 page was displayed correctly. image

The bad news is that emba was not able to crack the hash, but the jtr_wordlist.txt file contained the solution in the last line and it was working a few days before:

image

I suggest to close this bug, and I would like to open a new one later for the JTR issue if you agree.