embedded – Cerbero Blog

CRAMFS Format Package

We are happy to announce support for CRAMFS file system images. The new CRAMFS Format package lets you browse and extract files from CRAMFS images directly within the application.

CRAMFS (Compressed ROM File System) is a simple, read-only compressed file system designed for Linux ROM devices. It compresses file data one page at a time using zlib, keeping the image compact while allowing random read access. CRAMFS is commonly found in embedded systems, firmware images, set-top boxes, and devices with limited flash storage. Having native support in Cerbero Suite means analysts can inspect firmware dumps and ROM images encountered during security research, vulnerability assessment, or forensic investigations without needing external tools.

YAFFS Format Package

We are happy to announce support for YAFFS and YAFFS2 file system images. The new YAFFS Format package lets you browse and extract files from YAFFS flash dumps directly within the application.

YAFFS2 (Yet Another Flash File System 2) is a log-structured file system designed for NAND flash memory. It is widely used in embedded Linux devices such as Android phones, routers, set-top boxes, IoT hardware, and industrial controllers. YAFFS stores data in fixed-size chunks (pages) interleaved with spare (out-of-band) areas that contain metadata tags. Having native support in Cerbero Suite means analysts can inspect firmware dumps and flash images encountered during security research, vulnerability assessment, or forensic investigations without needing external tools or knowing the NAND geometry parameters.

UBI Format Package

We are happy to announce support for UBI images and the UBIFS file system. The new UBI Format package lets you inspect UBI volumes and browse UBIFS file systems directly within the application.

UBI (Unsorted Block Image) is a volume management layer for raw NAND flash memory, widely used in embedded Linux devices such as routers, IoT hardware, industrial controllers, and consumer electronics. A UBI image contains one or more logical volumes that may hold kernel images, SquashFS partitions, or UBIFS file systems. UBIFS is a log-structured file system designed specifically for UBI volumes, featuring a B-tree index and transparent data compression. Having native support in Cerbero Suite means analysts can inspect firmware dumps and flash images encountered during security research, vulnerability assessment, or forensic investigations without needing external tools.

SquashFS Format Package

We are happy to announce support for the SquashFS file system format. The new SquashFS Format package lets you browse and extract files from SquashFS images directly within the application.

SquashFS is a compressed, read-only file system widely used in Linux distributions, embedded devices, firmware images, container technologies, and snap/AppImage application packages. It supports multiple compression algorithms and is designed for high compression ratios with fast random access. Having native support in Cerbero Suite means analysts can inspect SquashFS images encountered during firmware analysis, malware triage, or forensic investigations without needing external tools.

XFA Interactive Form Inspection

The upcoming 0.9.2 version of the Profiler introduces detection of Acro/XFA interactive forms inside PDFs. This technology has been abused numerous times (some recent cases come to mind), so it is now being reported as a potential threat.

The video below shows the inspection of a XFA Interactive Form and how to load a base64-encoded GIF image embedded in it.

Stay tuned!