Tag: embedded

UBI Format Package

We are happy to announce support for UBI images and the UBIFS file system. The new UBI Format package lets you inspect UBI volumes and browse UBIFS file systems directly within the application.

UBI (Unsorted Block Image) is a volume management layer for raw NAND flash memory, widely used in embedded Linux devices such as routers, IoT hardware, industrial controllers, and consumer electronics. A UBI image contains one or more logical volumes that may hold kernel images, SquashFS partitions, or UBIFS file systems. UBIFS is a log-structured file system designed specifically for UBI volumes, featuring a B-tree index and transparent data compression. Having native support in Cerbero Suite means analysts can inspect firmware dumps and flash images encountered during security research, vulnerability assessment, or forensic investigations without needing external tools.

SquashFS Format Package

We are happy to announce support for the SquashFS file system format. The new SquashFS Format package lets you browse and extract files from SquashFS images directly within the application.

SquashFS is a compressed, read-only file system widely used in Linux distributions, embedded devices, firmware images, container technologies, and snap/AppImage application packages. It supports multiple compression algorithms and is designed for high compression ratios with fast random access. Having native support in Cerbero Suite means analysts can inspect SquashFS images encountered during firmware analysis, malware triage, or forensic investigations without needing external tools.

XFA Interactive Form Inspection

The upcoming 0.9.2 version of the Profiler introduces detection of Acro/XFA interactive forms inside PDFs. This technology has been abused numerous times (some recent cases come to mind), so it is now being reported as a potential threat.

The video below shows the inspection of a XFA Interactive Form and how to load a base64-encoded GIF image embedded in it.

Stay tuned!