No border binaries found, exiting...
r0pb3rt opened this issue · 4 comments
r0pb3rt commented
Hi,
I ran in an issue using the Docker container trying Karonte with an fw for the TP-LINK TL-WR841.
Steps to reproduce:
$ git clone https://github.com/ucsb-seclab/karonte.git
$ cd karonte
$ docker run -it -v `pwd`:/data badnack/karonte /bin/bash
(karonte) karonte@d963df435825:/data$ ls firmware/
TL-WR841Nv14_EU_0.9.1_4.16_up_boot_180319-rel57291_.bin TL-WR841Nv14_EU_0.9.1_4.16_up_boot_180319-rel57291_.json
My config:
(karonte) karonte@d963df435825:/data$ cat firmware/TL-WR841Nv14_EU_0.9.1_4.16_up_boot_180319-rel57291_.json
{
"bin": [],
"pickle_parsers": "",
"stats": "True",
"data_keys": [],
"base_addr": "",
"eg_source_addr": "",
"fw_path": "./firmware/TL-WR841Nv14_EU_0.9.1_4.16_up_boot_180319-rel57291_.bin",
"angr_explode_bins": [],
"glob_var": [],
"arch": "",
"only_string": ""
}
The issue:
(karonte) karonte@d963df435825:/data$ python2 tool/karonte.py firmware/TL-WR841Nv14_EU_0.9.1_4.16_up_boot_180319-rel57291_.json
/home/karonte/.virtualenvs/karonte/local/lib/python2.7/site-packages/cffi/cparser.py:164: UserWarning: Global variable 'r' in cdef(): for consistency with C it should have a storage class specifier (usually 'extern')
"(usually 'extern')" % (decl.name,))
INFO | 2020-01-01 22:51 | Karonte | Logging at: /tmp/Karonte.txt_19
INFO | 2020-01-01 22:51 | Karonte | Firmware directory: /tmp/fw/TL-WR841Nv14_EU_0.9.1_4.16_up_boot_180319-rel57291_.bin._unpacked
INFO | 2020-01-01 22:51 | Karonte | Candidates pickled in /tmp/karonte/pickles/parser//_tmp_fw_TL-WR841Nv14_EU_091_416_up_boot_180319-rel57291_bin_unpacked.pk
ERROR | 2020-01-01 22:51 | Karonte | No border binaries found, exiting...
INFO | 2020-01-01 22:51 | Karonte | Finished, results in /tmp/Karonte.txt_19
0
Did I messed up the config somehow?
Is maybe binwalk in the Docker container broken ?
(karonte) karonte@d963df435825:/data$ $ binwalk
bash: binwalk: command not found
badnack commented
It might be that the firmware is composed by MIPS binaries, and the angr verison that we used for this version of Karonte had poor support for MIPS.
r0pb3rt commented
I've retried with a ARM based model (Netgear R7800), without success:
karonte/firmware$ wget http://www.downloads.netgear.com/files/GDC/R7800/R7800-V1.0.2.68.zip
karonte/firmware$ unzip R7800-V1.0.2.68.zip
Archive: R7800-V1.0.2.68.zip
inflating: R7800-V1.0.2.68.img
inflating: R7800-V1.0.2.68_Release_Notes.html
karonte/firmware$ nano fw.json
karonte/firmware$ cat fw.json
{
"bin": [],
"pickle_parsers": "",
"stats": "True",
"data_keys": [],
"base_addr": "",
"eg_source_addr": "",
"fw_path": "./firmware/R7800-V1.0.2.68.img",
"angr_explode_bins": [],
"glob_var": [],
"arch": "",
"only_string": ""
}
karonte/firmware$ cd ..
karonte$ docker run -it -v `pwd`:/data badnack/karonte /bin/bash
(karonte) karonte@958e90214ea2:~$ cd /data/
(karonte) karonte@958e90214ea2:/data$ ls firmware/
R7800-V1.0.2.68.img R7800-V1.0.2.68.zip R7800-V1.0.2.68_Release_Notes.html fw.json
(karonte) karonte@958e90214ea2:/data$ python2 tool/karonte.py firmware/fw.json
/home/karonte/.virtualenvs/karonte/local/lib/python2.7/site-packages/cffi/cparser.py:164: UserWarning: Global variable 'r' in cdef(): for consistency with C it should have a storage class specifier (usually 'extern')
"(usually 'extern')" % (decl.name,))
INFO | 2020-01-03 08:19 | Karonte | Logging at: /tmp/Karonte.txt_50
INFO | 2020-01-03 08:19 | Karonte | Firmware directory: /tmp/fw/R7800-V1.0.2.68.img._unpacked
INFO | 2020-01-03 08:19 | Karonte | Candidates pickled in /tmp/karonte/pickles/parser//_tmp_fw_R7800-V10268img_unpacked.pk
ERROR | 2020-01-03 08:19 | Karonte | No border binaries found, exiting...
INFO | 2020-01-03 08:19 | Karonte | Finished, results in /tmp/Karonte.txt_50
0
(karonte) karonte@958e90214ea2:/data$ cat /tmp/Karonte.txt_50
Logging started. Time: 1578039596.3
Border Binaries Sesults
==============
Total firmware Binaries: 0
Total Basic block in the firmware sample: 0
Parser time 0.000607967376709 seconds
Border binary finder module did not find any border binaries.
==============
Analysis Terminated.
(karonte) karonte@958e90214ea2:/data$
Not sure about it, but maybe fails the ./extract_here.sh on non-tar files? From a brief look on the code in tool/utils.py it seems so.
Could you also check if binwalk is available in the docker container? As stated above, it seems missing. Also from the Docker digest I can't find any reference to an installation, see https://hub.docker.com/layers/badnack/karonte/latest/images/sha256-5eaca547bf978112fa4fe71e4d057d49e8a1269a8baf8ec36aefacb41bcc19f7
badnack commented
It might be that binwalk is not present in the docker, as you said before.
Try to install it and run it again.
…On Fri, Jan 3, 2020, 12:48 PM r0pb3rt ***@***.***> wrote:
I've retried with a ARM based model (Netgear R7800), without success:
karonte/firmware$ wget http://www.downloads.netgear.com/files/GDC/R7800/R7800-V1.0.2.68.zip
karonte/firmware$ unzip R7800-V1.0.2.68.zip
Archive: R7800-V1.0.2.68.zip
inflating: R7800-V1.0.2.68.img
inflating: R7800-V1.0.2.68_Release_Notes.html
karonte/firmware$ nano fw.json
karonte/firmware$ cat fw.json
{
"bin": [],
"pickle_parsers": "",
"stats": "True",
"data_keys": [],
"base_addr": "",
"eg_source_addr": "",
"fw_path": "./firmware/R7800-V1.0.2.68.img",
"angr_explode_bins": [],
"glob_var": [],
"arch": "",
"only_string": ""
}
karonte/firmware$ cd ..
karonte$ docker run -it -v `pwd`:/data badnack/karonte /bin/bash
(karonte) ***@***.***:~$ cd /data/
(karonte) ***@***.***:/data$ ls firmware/
R7800-V1.0.2.68.img R7800-V1.0.2.68.zip R7800-V1.0.2.68_Release_Notes.html fw.json
(karonte) ***@***.***:/data$ python2 tool/karonte.py firmware/fw.json
/home/karonte/.virtualenvs/karonte/local/lib/python2.7/site-packages/cffi/cparser.py:164: UserWarning: Global variable 'r' in cdef(): for consistency with C it should have a storage class specifier (usually 'extern')
"(usually 'extern')" % (decl.name,))
INFO | 2020-01-03 08:19 | Karonte | Logging at: /tmp/Karonte.txt_50
INFO | 2020-01-03 08:19 | Karonte | Firmware directory: /tmp/fw/R7800-V1.0.2.68.img._unpacked
INFO | 2020-01-03 08:19 | Karonte | Candidates pickled in /tmp/karonte/pickles/parser//_tmp_fw_R7800-V10268img_unpacked.pk
ERROR | 2020-01-03 08:19 | Karonte | No border binaries found, exiting...
INFO | 2020-01-03 08:19 | Karonte | Finished, results in /tmp/Karonte.txt_50
0
(karonte) ***@***.***:/data$ cat /tmp/Karonte.txt_50
Logging started. Time: 1578039596.3
Border Binaries Sesults
==============
Total firmware Binaries: 0
Total Basic block in the firmware sample: 0
Parser time 0.000607967376709 seconds
Border binary finder module did not find any border binaries.
==============
Analysis Terminated.
(karonte) ***@***.***:/data$
Not sure about it, but maybe fails the ./extract_here.sh on non-tar
files? From a brief look on the code in tool/utils.py it seems so.
Could you also check if binwalk is available in the docker container? As
stated above, it seems missing. Also from the Docker digest I can't find
any reference to an installation, see
https://hub.docker.com/layers/badnack/karonte/latest/images/sha256-5eaca547bf978112fa4fe71e4d057d49e8a1269a8baf8ec36aefacb41bcc19f7
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#2?email_source=notifications&email_token=AAH5GZCHV2Q6VGOMRFRHWDTQ34QXDA5CNFSM4KB5ES4KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIA6XGY#issuecomment-570551195>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAH5GZCSZQNCBCAJZPRS7TLQ34QXDANCNFSM4KB5ES4A>
.
badnack commented
I've added binwalk