-
Notifications
You must be signed in to change notification settings - Fork 4
/
autodyne-0.5b.sh
147 lines (120 loc) · 4.46 KB
/
autodyne-0.5b.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/usr/bin/env bash
# Autodyne
# CompSec Direct
# Version 0.5b
# Authors: Charles Boyd, DJ Forbes, jfersec
# Date: Oct 23 2023
# Desired Invocation: ./autodyne-0.5b.sh foo samples/1.bin // where foo is the manufacturer and samples/1.bin is relative path to files
# Docker invocation: docker run --privileged -v /home/ubuntu/samples:/opt/firmadyne/samples -v /home/ubuntu/sample-out:/opt/firmadyne/samples-out/ -dit firmadyne /opt/firmadyne/autodyne-0.5b.sh
args=("$@")
Manufacturer=${1}
FW=/opt/firmadyne/samples/${2}
BASENAME=$(basename $FW)
FPATH=/opt/firmadyne
echo "Changing Directory..."
cd /opt/firmadyne
echo "Setting $Manufacturer for $FW"
echo "Here is basename $BASENAME"
setup() {
if [ -f /etc/autodyne-cfg.sh ];
then
. /etc/autodyne-cfg.sh
else
echo "WARN: no config file to load at /etc/autodyne-cfg.sh"
fi
#check if a pgpass file is set, if not, create it
if [ -f "/root/.pgpass" ];
then
echo "Pass is already set, continuing...."
else
#echo "*.*.*.*.:firmadyne" >> /root/.pgpass
echo "*:*:*:firmadyne:firmadyne" >> /root/.pgpass
echo "*:*:*:firmadyne:firmadyne" >> /home/firmadyne/.pgpass
chmod 600 /root/.pgpass
PGPASSFILE=/root/.pgpass
fi
if [ ! -f ${FW} ];
then
echo "${FW} does not exist or is not readable, exiting"
exit -1
fi
if [ -z ${Manufacturer} ];
then
"Manufacturer not provided."
$Manufacturer=unknown
fi
}
run_extractor() {
python3 ./sources/extractor/extractor.py -b $Manufacturer -sql ${FIRMADYNE_POSTGRES_HOST} -np -nk "$FW" images | tee /opt/firmadyne/samples-out/$BASENAME-extractor-output
}
get_image_id() {
local ImageID=$(grep "Database Image ID:" /opt/firmadyne/samples-out/$BASENAME-extractor-output | cut -d: -f2 | sed 's/ //g')
if [[ "$ImageID" -lt 0 ]]; then
echo "Did not read in ImageID"
echo $ImageID
exit
fi
echo $ImageID
}
get_arch() {
local ImageID=$1
DefaultArch=mipseb
local ReadArch=$(./scripts/getArch.sh $FPATH/images/${ImageID}.tar.gz | tee /opt/firmadyne/samples-out/$BASENAME-getArch-output)
local Arch=$(echo ${ReadArch} | cut -d: -f2 | sed 's/ //g')
if [ ! -z "$Arch" ]; then
echo "successfully inferred architecture"
echo "$Arch" | tee /opt/firmadyne/samples-out/$BASENAME-getArch-output
else
echo "default architecture guessed"
echo "$DefaultArch" | tee /opt/firmadyne/samples-out/$BASENAME-getArch-output
fi
}
tar2db() {
local ImageID=$1
./scripts/tar2db.py -i $ImageID -f $FPATH/images/${ImageID}.tar.gz
}
make_image() {
local ImageID=$1
# Either call get_arch() or store value for arch somewhere else
Arch=$(cat /opt/firmadyne/samples-out/$BASENAME-getArch-output)
echo "$Arch was here in make image"
# local Arch=$(./scripts/getArch.sh ./images/${ImageID}.tar.gz | cut -d: -f2 | sed -e 's/ //g')
# store make image output for creation of docker image
# has issues when not enough loop devices are available
./scripts/makeImage.sh $ImageID $Arch |& tee /opt/firmadyne/samples-out/$BASENAME-makeImage-output
}
infer_network() {
local ImageID=$1
# local Arch=$(./scripts/getArch.sh ./images/${ImageID}.tar.gz | cut -d: -f2 | sed -e 's/ //g')
Arch=$(cat /opt/firmadyne/samples-out/$BASENAME-getArch-output)
echo "$Arch was here in infer_network"
./scripts/inferNetwork.sh $ImageID $Arch |& tee /opt/firmadyne/samples-out/$BASENAME-inferNetwork-output
local NICS=$(grep "Interfaces:" /opt/firmadyne/samples-out/$BASENAME-inferNetwork-output | cut -d: -f2 | cut -d, -f2 | sed 's/)]//g' | sed "s/'//g" | sed 's/ //g')
# store nic info for scanning
echo $NICS
}
start_emulator() {
local ImageID=$1
tmux new-session -d -s "ImageID $ImageID" ./scratch/$ImageID/run.sh
tail -f /dev/null
}
process_firmware() {
local ImageID=$(get_image_id)
Arch=$(get_arch ${ImageID})
echo "ImageID: $ImageID"
echo "Arch: $Arch"
echo "Extracting filesystem and building QEMU image for sample $ImageID..."
tar2db $ImageID && make_image $ImageID $Arch && infer_network $ImageID $Arch
echo "starting emulator for sample $ImageID..."
start_emulator $ImageID
}
destroy_loops() {
LOOPS=$(losetup -a | grep firmadyne | cut -d: -f1 )
if [ -n "$LOOPS" ]; then
for loop in $LOOPS; do
echo "Deleting $loop loop device"
losetup -d $loop || echo "Delete failed"
done
fi
}
setup && run_extractor && process_firmware