QNX Support in EMBA

[ttepatti]

Hello! I wanted to raise the idea of potentially adding QNX support to EMBA, to see what the maintainers thought and if it was a path worth putting energy towards.

Is your feature request related to a problem? Please describe.
QNX is a commercial "UNIX-like real time operating system" developed by BlackBerry. (You can view more info about the OS on their Wikipedia page) It's widely used as an embedded operating system, most notably within the automotive industry.

Currently, QNX-based firmware can be scanned using EMBA, but there aren't many QNX-specific detections or extractions within EMBA.

Describe the solution you'd like

• Add QNX OS detection to S06 - Linux distribution detection
• Add QNX IFS filesystem extraction module to "Pre-Modules"

And, as a stretch goal:

• Add QNX-specific bootloader and system startup file detection to S07
• Add QNX-specific microkernel detections to S24/S25, if possible
• Add QNX-specific CVEs/vulnerability reporting if an old/vulnerable version of QNX is detected

Describe alternatives you've considered
Currently, much of this QNX analysis is possible manually. If you extract QNX filesystems outside of EMBA before scanning them, EMBA still does a great job scanning through all of their binaries - because of that, these requests are mainly just 'quality of life' improvements.

Priority issue
Are you already a Sponsor? - No

Additional context

• One thing that could make IFS support particularly tricky is QNX's commercial/proprietary state. That being said, QNX has been made open source in the past and there are open source extractors for the IFS format, but I am definitely not an expert on software licensing.
• Additional details on QNX's "Image File System" (IFS) format are available on the QNX developer docs website: https://www.qnx.com/developers/docs/7.0.0/#com.qnx.doc.neutrino.building/topic/intro/intro_ifs.html
• Finding a piece of QNX firmware that is freely available and could be used for unit testing/feature testing could be difficult. Automotive companies in particular are usually somewhat restrictive with their firmware distribution.

Anyhow, thank you for reading! I'd be more than happy to help put these features together, if you think it would be a useful addition to EMBA. I'm a big fan of EMBA and poke at a lot of QNX stuff in my free time, so I'd love to see more QNX-related features added to the project.

Thanks!

[github-actions]

Thank you for contributing an issue!

Welcome to the EMBA firmware analysis community!

We are glad you are here and appreciate your contribution. Please keep in mind our contributing guidelines here and here.
Also, please check existing open issues and consider to open a discussion in the dedicated discussion area.
Additionally, we have collected a lot of details around EMBA, the installation and the usage of EMBA in our Wiki.

If you like EMBA you have the chance to support us by becoming a Sponsor or buying some beer here.

To show your love for EMBA with nice shirts or other merch you can check our Spreadshop.

This is an automatic message. Allow for time for the EMBA community to be able to read the issue and comment on it.

[m-1-k-3]

Good idea @ttepatti

We can try to address two areas:

• Extraction: As far as I understand there are special filesystems or packing used for this kind of firmware. This should be addressed in our main extraction frameworks unblob and binwalk. Please open dedicated issues in both projects. If they integrate it, it will automatically land in EMBA.
• Analysis: We can start straight ahead with some extracted filesystem and your knowledge where to find the juicy areas and what we should look for.

For both steps testing firmware is needed. Is there something out there in the Internet?