EMBA firmware report

[+] Check binaries for critical functions

This module identifies the usage of critical binary functions in firmware via readelf.

Examples of binary functions are system, strcpy, printf and strcat. These functions are listed in the configuration

file config/functions.cfg.

[*] Interesting functions: fprintf mmap popen printf sprintf strcat strcpy system

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/lib/libmbedcrypto.so.3 (-rw-r--r-- root root) found:

    	553:	00073b40	0	FUNC	GLOBAL	DEFAULT	UND	printf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/lib/libmbedx509.so (-rw-r--r-- root root) found:

    	201:	00012820	0	FUNC	GLOBAL	DEFAULT	UND	printf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/lib/libcurl.so (-rw-r--r-- root root) found:

    	112:	00062730	0	FUNC	GLOBAL	DEFAULT	UND	sprintf

    	266:	00062050	0	FUNC	GLOBAL	DEFAULT	UND	strcpy

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/bin/get_fwinfo (-rw-r--r-- root root) found:

    	1:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/bin/apmode (-rw-r--r-- root root) found:

    	3:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/bin/recovery (-rw-r--r-- root root) found:

    	1:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

    	6:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	system

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/bin/disable_mcu_wdt_t31zx (-rw-r--r-- root root) found:

    	3:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/bin/tag_generator (-rw-r--r-- root root) found:

    	2:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	strcpy

    	3:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/bin/gpioset (-rw-r--r-- root root) found:

    	1:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	popen

    	2:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

    	8:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	system

    	15:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	sprintf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/bin/log_tool (-rw-r--r-- root root) found:

    	1:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/bin/zrt_cam_daemon (-rw-r--r-- root root) found:

    	3:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	strcpy

    	8:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

    	39:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	system

    	63:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	fprintf

    	65:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	strcat

    	111:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	sprintf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/bin/cam_update (-rw-r--r-- root root) found:

    	2:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	strcpy

    	6:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	popen

    	7:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

    	38:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	strcat

    	75:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	sprintf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/bin/mcuisp (-rw-r--r-- root root) found:

    	2:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	strcpy

    	3:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

    	12:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	system

    	29:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	sprintf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/usr/bin/read_mcu_ver (-rw-r--r-- root root) found:

    	2:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

    	13:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	fprintf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/lib/libutil-0.9.33.2.so (-rw-r--r-- root root) found:

    	39:	00000d40	0	FUNC	GLOBAL	DEFAULT	UND	strcpy

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/lib/libdl-0.9.33.2.so (-rw-r--r-- root root) found:

    	35:	00002250	0	FUNC	GLOBAL	DEFAULT	UND	fprintf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/lib/libuClibc-0.9.33.2.so (-rw-r--r-- root root) found:

    	18:	0003b600	40	FUNC	GLOBAL	DEFAULT	7	strcpy

    	60:	0002fcc0	568	FUNC	GLOBAL	DEFAULT	7	popen

    	62:	0002f780	80	FUNC	GLOBAL	DEFAULT	7	printf

    	278:	00063cc0	184	FUNC	WEAK	DEFAULT	7	system

    	405:	0000b870	96	FUNC	GLOBAL	DEFAULT	7	mmap

    	533:	0002f830	64	FUNC	GLOBAL	DEFAULT	7	fprintf

    	545:	0003b3a0	52	FUNC	GLOBAL	DEFAULT	7	strcat

    	926:	0002f930	68	FUNC	GLOBAL	DEFAULT	7	sprintf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/lib/libm-0.9.33.2.so (-rw-r--r-- root root) found:

    	140:	00009e80	0	FUNC	GLOBAL	DEFAULT	UND	sprintf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/lib/libpthread-0.9.33.2.so (-rw-r--r-- root root) found:

    	63:	0000a8f4	24	FUNC	GLOBAL	DEFAULT	8	system

    	273:	00011570	0	FUNC	GLOBAL	DEFAULT	UND	sprintf

    	317:	00011380	0	FUNC	GLOBAL	DEFAULT	UND	mmap

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/11108416-13869836.lzma_extract/lzma.uncompressed_extract/3761304-11775640.cpio_portable_ascii_extract/bin/busybox (-rw-r--r-- root root) found:

    	4:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	strcpy

    	14:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

    	60:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	system

    	118:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	fprintf

    	122:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	strcat

    	231:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	sprintf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/13893632-15421440.squashfs_v4_le_extract/thirdlib/libcrypto.so.1.0.0 (-rw-r--r-- arachni 122) found:

    	4087:	001710b0	0	FUNC	GLOBAL	DEFAULT	UND	sprintf

    	4123:	00170ec0	0	FUNC	GLOBAL	DEFAULT	UND	fprintf

    	4131:	00170e60	0	FUNC	GLOBAL	DEFAULT	UND	printf

    	4151:	00170d60	0	FUNC	GLOBAL	DEFAULT	UND	strcpy

    	4154:	00170d30	0	FUNC	GLOBAL	DEFAULT	UND	strcat

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/13893632-15421440.squashfs_v4_le_extract/thirdlib/libcproducer.so (-rw-r--r-- arachni 122) found:

    	481:	00072b50	0	FUNC	GLOBAL	DEFAULT	UND	strcat

    	515:	00072b40	0	FUNC	GLOBAL	DEFAULT	UND	strcpy

    	932:	000728d0	0	FUNC	GLOBAL	DEFAULT	UND	printf

[+] Interesting function in ./logs/firmware/unblob_extracted/firmware_extract/13893632-15421440.squashfs_v4_le_extract/bin/wl (-rw-r--r-- arachni 122) found:

    	2:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	strcpy

    	4:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	printf

    	38:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	fprintf

    	41:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	strcat

    	77:	00000000	0	FUNC	GLOBAL	DEFAULT	UND	sprintf

[*] Found 23 binaries with interesting functions in 39 files (vulnerable functions: fprintf mmap popen printf sprintf strcat strcpy system)