Timeout while running examples

[emilytouchingcomputers]

When running the examples from the readme Discover_And_Dump.py examples/iwconfig -D iwconfig_results and Vuln_Discover_Celery.py examples/upload.cgi -L Almond_Root/lib/ both tasks will get to ~98% before celery starts throwing errors, then the tasks fail.

ls of the folder:

(venv) mike@ubuntu:~/Desktop/Firmware_Slap$ ls
Almond_Root  examples                ghidra_9.0.4_PUBLIC_20190516.zip  iwconfig_results.pickle  README.md     venv
bin          firmware_slap           iwconfig_results.all.json         LICENSE                  requirements  Vulnerable_Pickle
build        Firmware_Slap.egg-info  iwconfig_results.all.pickle       MANIFEST.in              setup.py
dist         ghidra                  iwconfig_results.json             radare2                  setup.sh

Celery is started:

(venv) mike@ubuntu:~/Desktop/Firmware_Slap$ celery -A firmware_slap.celery_tasks worker --loglevel=info

Then,

(venv) mike@ubuntu:~/Desktop/Firmware_Slap$ Discover_And_Dump.py examples/iwconfig -D iwconfig_results
[+] Recovering Function Prototypes
analyzeHeadless /tmp/tmpcpz7vq6g project_iwconfig
    -max-cpu 1
    -import /home/mike/Desktop/Firmware_Slap/examples/iwconfig
    -scriptPath /home/mike/Desktop/Firmware_Slap/venv/lib/python3.6/site-packages/Firmware_Slap-1.0-py3.6.egg/firmware_slap/ghidra_scripts
    -preScript /home/mike/Desktop/Firmware_Slap/venv/lib/python3.6/site-packages/Firmware_Slap-1.0-py3.6.egg/firmware_slap/ghidra_scripts/SetDecompilerOptions.py
    -postScript /home/mike/Desktop/Firmware_Slap/venv/lib/python3.6/site-packages/Firmware_Slap-1.0-py3.6.egg/firmware_slap/ghidra_scripts/DumpFunctions.py "/tmp/tmpcpz7vq6g/iwconfig"
/tmp/tmpcpz7vq6g/iwconfig
[+] Analyzing 61 functions
[~] Finding all the vulnerabilities:  98%|█████████████████████████████████████████████████████████████▉ | 60/61 [00:54<00:14, 14.20s/it]```

Celery output:

-snip-
[2019-08-14 16:07:49,492: INFO/ForkPoolWorker-12] Task firmware_slap.celery_tasks.async_trace_func[5074dc82-7eca-4497-939e-16ccb81dbb57] succeeded in 6.150161330000174s: {}
[2019-08-14 16:08:33,230: WARNING/ForkPoolWorker-11] <Project /home/mike/Desktop/Firmware_Slap/examples/iwconfig>
[2019-08-14 16:08:33,230: WARNING/ForkPoolWorker-11] <SimulationManager with 17 deadended>
[2019-08-14 16:08:33,231: INFO/ForkPoolWorker-11] Task firmware_slap.celery_tasks.async_trace_func[e2d36397-f7a7-424e-aab0-1b0b5cdfc4f3] succeeded in 49.661394414999904s: {}
[2019-08-14 16:08:40,630: ERROR/MainProcess] Task handler raised error: TimeLimitExceeded(60,)
Traceback (most recent call last):
  File "/home/mike/Desktop/Firmware_Slap/venv/lib/python3.6/site-packages/billiard-3.6.1.0-py3.6.egg/billiard/pool.py", line 684, in on_hard_timeout
    raise TimeLimitExceeded(job._timeout)
billiard.exceptions.TimeLimitExceeded: TimeLimitExceeded(60,)
[2019-08-14 16:08:40,630: ERROR/MainProcess] Hard time limit (60s) exceeded for firmware_slap.celery_tasks.async_trace_func[2e688b9a-562b-4989-8798-0ed66c9c2859]
[2019-08-14 16:08:40,756: ERROR/MainProcess] Process 'ForkPoolWorker-2' pid:99169 exited with 'signal 9 (SIGKILL)'

For Vuln_Discover_Celery

(venv) mike@ubuntu:~/Desktop/Firmware_Slap$ Vuln_Discover_Celery.py examples/upload.cgi -L Almond_Root/lib/`

Celery output:

-snip-
[2019-08-14 16:03:28,460: WARNING/ForkPoolWorker-2] <SimulationManager with 1 unconstrained>
[2019-08-14 16:03:28,461: INFO/ForkPoolWorker-2] Task firmware_slap.celery_tasks.async_trace_func[d2c9db56-dc6a-48cf-838b-72f96d5ed4e1] succeeded in 2.6161688400002276s: {}
[2019-08-14 16:03:28,813: WARNING/ForkPoolWorker-4] <Project /home/mike/Desktop/Firmware_Slap/examples/upload.cgi>
[2019-08-14 16:03:28,813: WARNING/ForkPoolWorker-4] <SimulationManager with all stashes empty (1 errored)>
[2019-08-14 16:03:28,814: INFO/ForkPoolWorker-4] Task firmware_slap.celery_tasks.async_trace_func[639428ab-9492-47d1-8653-f87b54c774ce] succeeded in 0.6927038250000805s: {}
[2019-08-14 16:03:28,880: WARNING/ForkPoolWorker-6] <Project /home/mike/Desktop/Firmware_Slap/examples/upload.cgi>
[2019-08-14 16:03:28,880: WARNING/ForkPoolWorker-6] <SimulationManager with all stashes empty (1 errored)>
[2019-08-14 16:03:28,881: INFO/ForkPoolWorker-6] Task firmware_slap.celery_tasks.async_trace_func[b04f753e-2ead-4ed4-a81c-b4c5f4051b39] succeeded in 0.8522460119997959s: {}
[2019-08-14 16:04:47,808: ERROR/MainProcess] Task handler raised error: TimeLimitExceeded(120,)
Traceback (most recent call last):
  File "/home/mike/Desktop/Firmware_Slap/venv/lib/python3.6/site-packages/billiard-3.6.1.0-py3.6.egg/billiard/pool.py", line 684, in on_hard_timeout
    raise TimeLimitExceeded(job._timeout)
billiard.exceptions.TimeLimitExceeded: TimeLimitExceeded(120,)
[2019-08-14 16:04:47,810: ERROR/MainProcess] Hard time limit (120s) exceeded for firmware_slap.celery_tasks.async_trace_func[1a46c96f-c42f-43c5-923c-36e417edaa05]
[2019-08-14 16:04:47,922: ERROR/MainProcess] Process 'ForkPoolWorker-5' pid:99172 exited with 'signal 9 (SIGKILL)'
[2019-08-14 16:04:48,608: ERROR/MainProcess] Task handler raised error: TimeLimitExceeded(120,)
Traceback (most recent call last):
  File "/home/mike/Desktop/Firmware_Slap/venv/lib/python3.6/site-packages/billiard-3.6.1.0-py3.6.egg/billiard/pool.py", line 684, in on_hard_timeout
    raise TimeLimitExceeded(job._timeout)
billiard.exceptions.TimeLimitExceeded: TimeLimitExceeded(120,)
[2019-08-14 16:04:48,609: ERROR/MainProcess] Hard time limit (120s) exceeded for firmware_slap.celery_tasks.async_trace_func[659fe927-4d81-4e81-90ec-568bda8236c2]
[2019-08-14 16:04:48,712: ERROR/MainProcess] Task handler raised error: TimeLimitExceeded(120,)
Traceback (most recent call last):
  File "/home/mike/Desktop/Firmware_Slap/venv/lib/python3.6/site-packages/billiard-3.6.1.0-py3.6.egg/billiard/pool.py", line 684, in on_hard_timeout
    raise TimeLimitExceeded(job._timeout)
billiard.exceptions.TimeLimitExceeded: TimeLimitExceeded(120,)
[2019-08-14 16:04:48,713: ERROR/MainProcess] Hard time limit (120s) exceeded for firmware_slap.celery_tasks.async_trace_func[6ff27e53-f124-4d67-aa6a-d4b1e8602df7]
[2019-08-14 16:04:48,816: ERROR/MainProcess] Process 'ForkPoolWorker-8' pid:99175 exited with 'signal 9 (SIGKILL)'
[2019-08-14 16:04:48,966: ERROR/MainProcess] Process 'ForkPoolWorker-7' pid:99174 exited with 'signal 9 (SIGKILL)'
[2019-08-14 16:04:51,809: ERROR/MainProcess] Task handler raised error: TimeLimitExceeded(120,)
Traceback (most recent call last):
  File "/home/mike/Desktop/Firmware_Slap/venv/lib/python3.6/site-packages/billiard-3.6.1.0-py3.6.egg/billiard/pool.py", line 684, in on_hard_timeout
    raise TimeLimitExceeded(job._timeout)
billiard.exceptions.TimeLimitExceeded: TimeLimitExceeded(120,)
[2019-08-14 16:04:51,809: ERROR/MainProcess] Hard time limit (120s) exceeded for firmware_slap.celery_tasks.async_trace_func[f5012676-4d0d-451b-b543-28281e03add7]
[2019-08-14 16:04:51,930: ERROR/MainProcess] Process 'ForkPoolWorker-3' pid:99170 exited with 'signal 9 (SIGKILL)'

I've installed this both on my Ubuntu desktop and in a clean install Ubuntu VM (both 18.04.1) and had the same issue on both.

We've tried adjusting the timeout everywhere we can find from 120 to something larger, but it doesn't seem to make a difference.

[ChrisTheCoolHut]

Timeouts are expected! It's actually good that it timeouts.

When analyzing functions with loops there are times when the exit condition is symbolic and unless you set a timeout it will analyze it forever! This is expected behavior and the results you're looking for should show a couple overflows in the iwconfig binary.

Can you run 32bit binaries on your host machine? If not you might need to add 32bit support:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386

[emilytouchingcomputers]

Looks like I didn't have 32bit support on either of those machines - looks like it's fixed. Part of the confusion was it exiting after getting to ~98% (which seems to be the issue on #16 ). Might be worth throwing in an "ANALYSIS COMPLETED" or something.

Also, excellent work, and thank you!