Automated Firmware Security Scanners

Opensource Tools

EMBA:EMBA - The firmware security analyzer

EMBA (Embedded Firmware Analyzer) is a robust tool designed for analyzing the security of embedded firmware. This session will provide hands-on experience with EMBA, focusing on how it can be used in IoT security engineering and vulnerability research.


one of our favourite tool which made for us easy work, we would like recommend to researcher and industrial experts

Generic Errors: like (mkdir: cannot create directory ‘/run/user/0’: Permission denied Authorization required, but no authorization protocol specified Error: cannot open display: :0) if you are facing issues to open html report do following

xhost local:root
export DISPLAY=:0

Some Regular Usage Commands:

Quick Installation commands

git clone
cd emba
sudo ./ -d

Quick start with default scan profile:

sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/default-scan.emba

Quick start with system-emulation scan profile:

sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/default-scan-emulation.emba

Quick start with AI-assisted analysis enabled

sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/default-scan-gpt.emba

Quick start in firmware diffing mode

sudo ./emba -l ~/log -f ~/1st-firmware -o ~/2nd-newer-firmware -t
Note : If you just want to use a dedicated module with the default profile for example you can add a -m s666 for using the module s666
FACT: The Firmware Analysis and Comparison Tool (FACT):

The Firmware Analysis and Comparison Tool (formerly known as Fraunhofer's Firmware Analysis Framework (FAF)) is intended to automate most of the firmware analysis process. It unpacks arbitrary firmware files and processes several analyses. Additionally, it can compare several images or single files.Furthermore, Unpacking, analysis and comparisons are based on plug-ins guaranteeing maximal flexibility and expandability.

When my team testing, we saw Debian 11 is more stable for the latest version and we have exported OVA file to use without any difficulties.

Setting IP Address Configure Static or Dynamic IP Addres to use externally instead of inside VM

After installed tool redirect to path: FACT_core/src/config

$ cd FACT_core/src/config

File to edit
$ sudo nano uwsgi_config.ini

add IP Address and save the file
$  http-socket == <respected ip>:5000

Come back main folder



$sudo python3 start_all_installed_fact_components

Now fact will run given ip address which you can access over the network same subnet For more unique features in this tool follow below

BinBloom (FACT):

Overview BinBloom is a software tool designed for analyzing raw binary firmware. It's compatible with all architectures, primarily performing statistics-based analysis.

Main Features

  • Loading Address: BinBloom can parse raw binary firmware to determine its loading address.
  • Endianness: The tool uses heuristics to determine the endianness of a firmware.
  • UDS Database: It can check if the firmware contains an array of UDS (Unified Diagnostic Services) command IDs.

Installation and Setup Download and Install:

git clone
cd binbloom
autoreconf -i
sudo make install