Binwalk Enterprise TSG
-
Symptom: Access to the Web UI protected by a single password and you are unsure how to setup Multi-Factor Authentication.
-
Cause: This feature requires setup.
-
Resolution: Centrifuge does offer Multi-Factor Authentication support. Most authenticator apps work without issue. Applications like Authy, Google Authenticator & Microsoft Authenticator will work fine to name a few. In order to setup Multi-Factor Authentication for Centrifuge, you need to select "Account Settings" from the username drop down menu once you're logged into the Centrifuge Web UI.
From the "Account Settings" page select "Security" and click on "Set up" underneath "Two-Factor Authentication (2FA)". You will then be provided with steps and a QR code to complete the activation.
-
Symptom: You encounter errors stating you have an “Incorrect MFA Token”.
-
Cause: This is likely an issue with Refirm Labs Multi-Factor Authentication Server.
-
Resolution: Please contact our support team to assist you further. Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: You receive an "Account Expired" message after attempting to login.
-
Cause: Either your subscription has lapsed without renewal or you are a trial user whose trial has ended.
-
Resolution: Is your subscription up to date? If so, please contact our team for further assistance. If you are a trial user who has received this message and you require access to the Web UI as part of your proof of concept, please contact your Sales Representative or open a ticket with our support team discuss further: Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: On attempting to login, you find a username not found error.
-
Cause: Could be the result of typos during account creation or misremembered username.
-
Resolution: As a reminder, the username is the email associated with your centrifuge account. If you are certain the correct email is being used, please contact our support team to assist you further. Instructions can be found within the FAQ or from within the Binwalk Enterprise Web UI: Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: Incorrect Password.
-
Cause: A password may have been forgotten or was accidently created with unintended typos.
-
Resolution: Customers can reset their password using the link below. Binwalk Enterprise Web UI - Reset Password If the automated email is never received on the customer end, please ensure their email address matches the one listed in their profile and that the email isn’t being delivered to a spam filter. If the email isn't being blocked by a mail filter, please contact our support team to assist you further. Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: You notice improper functionality of the platform or one of its features.
-
Cause: Bugs or inconsistencies on how CVEs are being reported through our platform.
-
Resolution: Please report these issues to our support team so we can continue to improve our platform. Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: You are unable to upload a file over 3gb (Or any large file).
-
Cause: Centrifuge Web UI is limited to 3gb file sizes.
-
Resolution: File sizes are unlimited when uploading via REST API. Customers can be directed towards the API documentation for additional details: Binwalk Enterprise API Guide - Add Large Firmware for Analysis Should this method fail, please contact our support team. Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: A message appears alerting you that you have reached your upload limit while using a trial account even after deleting uploads.
-
Cause: Trial accounts have a limit of 3 uploads and to prevent abuse, you are not allowed to delete uploads and add additional ones.
-
Resolution: Exceptions can be made. Please contact our team to discuss situations that may have prevented you from conducting a proper test of our solution.
Binwalk Enterprise automates firmware analysis which was previously a very manual and time consuming process. A failure to detect things like poor coding practices on behalf of vendors can result in massive security vulnerabilities for any organization. Within scanned firmware images, Binwalk Enterprise can help identify the following:
- Known Exploits
- Backdoors
- Potential Zero-Day Threats
- Known Vulnerabilities(CVEs)
- Expired Crypto Keys
- Weak Security Settings
- Hardcoded passwords
- Noncompliance
The Enterprise edition operates as a Single-Tenant SaaS, on-premise or air-gapped deployment with Two-Factor Authentication and SSO connectivity. Binwalk Enterprise integrates into your existing cybersecurity processes through a full RESTful API or command line interface. We employ Static and Emulated analysis against common or custom security policies and standards. As firmware is uploaded, Binwalk Enterprise can automatically monitor for new threats as new vulnerabilities become disclosed.
| Feature | Open-Source | Enterprise | Description |
|---|---|---|---|
| Firmware Comparison | Yes | Show changes to firmware & security analysis results to focus security assessments & spot regressions | |
| Policy/Compliance Reporting | Yes | Interpret security analysis results against common or customer security policies & standards | |
| Detailed Web Reporting | Yes | Downloadable in PDF | |
| Shared Report Links | Yes | Share analysis results with password protected, time to expiration links | |
| Data Export via JSON/CSV | Yes | Download individual results in JSON or CSV format | |
| Full RESTful API | Yes | Integrate with automated workflows | |
| Two-Factor Authentication | Yes | Supports many one-time password solutions like Google Authenticator | |
| Enterprise SSO | Yes | Integrate with cloud SSO providers or Active Directory | |
| Single-Tenant Deployment | Yes | Isolated SaaS deployment | |
| On-Premise/Airgapped deployment | Yes | Meet organizational IP/security requirements with 100% on-premise deployments | |
| Organizations/Groups | Yes | Isolate firmware by organization/supplier |
-
Symptom: Your upload has become stuck and never finished extracting. The upload still has results visible in the Centrifuge UI and the extracted size appears to be right, but the report still shows as finishing analysis.
-
Cause: Your scans being stuck in progress can have a few different causes. One or multiple users may be uploading files to be scanned en masse and over-taxing the available resources used by Centrifuge to scan files.
-
Resolution: If an upload appears to have the correct number of files and Is stuck in a "Finishing Analysis" state, it is possible to force the analysis to finish to avoid resubmission of the firmware. Please consult our Rest API guide for additional steps: Binwalk Enterprise API Guide - Mark Upload as Finished
-
Symptom: Your uploaded file and the analysis results seem very sparse or maybe multiple uploads yield different results.
-
Cause: If there are no results, and the file extraction count is lower than expected then this could have a few different causes. It may be due to excess load on Centrifuge from too much demand on resources but could also be due to unsupported file types.
-
Resolution: Was there a filesystem detected within your upload? Do you believe there should be a Linux or QNX based filesystem present in the analysis? A list of officially supported file types is available in our FAQ. Binwalk Enterprise FAQ In the case where a you are attempting to upload a standalone binary, you may need to package(via tar or zip file) it with its associated file system in order for Centrifuge to provide analysis. The absence of a firmware image in an uploaded file can be easy to find from within the Centrifuge UI. On the 'Report Overview' page check if there is a count for Root FS to see if a scan was successful. A quick scan on the 'Software Bill of Materials', 'Code Analysis' and 'Binary Hardening' pages will yield 0 results at all if there is no firmware image present. We encourage you to open a support ticket on this issue so we can assist you further. Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: Uploads become stuck and never finish extracting.
-
Cause: Scans being stuck in progress can have a few different causes. Larger file sizes typically take a long time to yield analysis results. Scans have been stuck previously and need to be requeued.
-
Resolution: If the file is a larger file (>1.5gb) it may just need a long time to process. In some cases, scans of larger images have taken several days to complete. One option which may help larger files is to use method described in our API documentation: Binwalk Enterprise API Guide - Add Large Firmware for Analysis If the upload is smaller or if a large upload has been stuck for several days the scan may have encountered other issues and we recommend opening a support ticket.
Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: You are unable to generate the PDF report through the Centrifuge interface.
-
Cause: The hardware resources available for Centrifuge to conduct analysis can be the result of issues such as this. It's not uncommon when the platform is under heavy usage to have side effects like stuck scans or an inability to generate PDF reports. We also may be experience other internal issues challenging the availability of certain features.
-
Resolution: Please open a support ticket using the link below. Binwalk Enterprise FAQ - How to Contact Support
-
Symptom: Report needs to be deleted.
-
Cause: Erroneous upload or is no longer needed.
-
Resolution: A report can be deleted through the Binwalk Enterprise Web UI or through REST API. After logging into the Web UI, navigate to "My Reports". On the right side of the page next to each Firmware Image should be an option to delete the upload:
Alternatively, this process can also be done through the REST API. Binwalk Enterprise API Guide - Remove Firmware
-
Symptom: Reports need to be shared.
-
Cause: Reports are very interesting.
-
Resolution: A report can be shared through the Web UI. After clicking on the report you wish to share, you can find a link on the top right side of the page:
-
Symptom: A report was previously shared with someone who no longer needs access.
-
Cause: Shared mistakenly or temporarily.
-
Resolution: Shared reports can be managed by accessing the "Account Settings" page and selecting the "Security Section".
-
Symptom: An uploaded file expands into a massively larger file after analysis.
-
Cause: It's fairly common for extracted file sizes to be very large (20-60 gigabytes).
-
Resolution: Access the upload within the Centrifuge UI and take note of the "File Size" compared to the "Extracted Size" on the "Report Overview" page. Unless there is an extreme disparity (For example, 100mb extracting into 70gb), chances are the large extracted file size is completely normal.
-
Symptom: Centrifuge presents a vulnerability that has already been addressed by the development team.
-
Cause: Vulnerable code can be addressed with the surrounding code or services.
-
Resolution: While the generally recognized definition of a "false positive" is an alert for a non-present threat, this may be the wrong context to view your report. Non-critical vulnerabilities are reported after conducting static analysis. "Critical Vulnerabilities" should be interpreted as something that could be dangerous and a starting point to review how secure an image is. For "Critical Vulnerabilities", Emulation is performed against the function that contains the flaw. Attempting to emulate an entire binary is extremely complicated to do on a large scale especially with something as varied and hard-ware specific as embedded firmware. We can't always know if source data is attacker controlled or not, or know what the surrounding environment will be, so our analysis tends to air on the side of caution.
If you still believe the vulnerability being reported is a "false positive" within the context of that explanation, please contact our support team so we may address it as soon as we are able.