search

aws / amazon-freertos

DEPRECATED - See README.md
https://aws.amazon.com/freertos/
MIT License
2.54k stars 1.1k forks source link

ESP32 compiled binary shows absolute file path when walked through using binwalk #3539

Open vineet288818 opened 2 years ago

vineet288818 commented 2 years ago

We are evaluating the binary generated for ESP32. The binary when run through binwalk shows absolute file paths for the files.

ENVIRONMENT : AFR version : 202012

**Here is a sample of the file paths seen

264372 0x408B4 Unix path: /home/ubuntu/ic/code/freertos/freertos_kernel/stream_buffer.c 266912 0x412A0 Unix path: /home/ubuntu/ic/code/freertos/vendors/espressif/esp-idf/components/soc/esp32/rtc_time.c 268392 0x41868 Unix path: /home/ubuntu/ic/code/freertos/vendors/espressif/esp-idf/components/soc/src/memory_layout_utils.c 268844 0x41A2C Unix path: /home/ubuntu/ic/code/freertos/vendors/espressif/esp-idf/components/vfs/vfs.c 270360 0x42018 Unix path: /home/ubuntu/ic/code/freertos/vendors/espressif/esp-idf/components/efuse/src/esp_efuse_utility.c 271032 0x422B8 Unix path: /home/ubuntu/ic/code/freertos/vendors/espressif/esp-idf/components/app_update/esp_ota_ops.c 272144 0x42710 Unix path: /home/ubuntu/ic/code/freertos/vendors/espressif/esp-idf/components/spi_flash/flash_mmap.c 272420 0x42824 Unix path: /home/ubuntu/ic/code/freertos/vendors/espressif/esp-idf/components/spi_flash/partition.c 278932 0x44194 Unix path: /home/ubuntu/ic/code/freertos/vendors/espressif/esp-idf/components/lwip/lwip/src/core/tcp_in.c 279948 0x4458C Unix path: /home/ubuntu/ic/code/freertos/vendors/espressif/esp-idf/components/lwip/lwip/src/core/tcp_out.c**

How can we turn off inclusion of absolute file paths in the binary.

mahavirj commented 1 year ago

@vineet288818

Can you please try enabling following config options:

Please see previous discussion on this topic at https://github.com/espressif/esp-idf/issues/6306 and https://github.com/espressif/esp-idf/issues/5873

dachalco commented 1 year ago

Hi @vineet288818 The amazon-freertos logging stack, for this release, should already be removing full paths from logs and only displaying the filename. Please review Mahavir's suggestion for the esp-idf portion.

Additionally, you can edit the amazon-freertos logging output in logging_stack.h. For example, this would completely redact filenames from amazon-freertos logging:

--- a/libraries/logging/include/logging_stack.h
+++ b/libraries/logging/include/logging_stack.h
@@ -42,11 +42,8 @@

 /* Macro to extract only the file name from file path to use for metadata in
  * log messages. */
-#ifdef _MSC_VER
-    #define FILENAME           ( strrchr( __FILE__, '\\' ) ? strrchr( __FILE__, '\\' ) + 1 : __FILE__ )
-#else
-    #define FILENAME           ( strrchr( __FILE__, '/' ) ? strrchr( __FILE__, '/' ) + 1 : __FILE__ )
-#endif
+#define FILENAME           "<redacted>"
+
EI-viren-moradiya commented 1 year ago

Hi @mahavirj and @dachalco

We are evaluating the binary generated for ESP32. ENVIRONMENT : AFR version : 202012 By applying both the solutions I am not seeing any success in result of binwalk.

ESP32 sdkconfig changes as suggested by @mahavirj CONFIG_OPTIMIZATION_ASSERTIONS_DISABLED=y CONFIG_FREERTOS_ASSERT_DISABLE=y

FreeRTOS changes as suggested by @dachalco / Macro to extract only the file name from file path to use for metadata in log messages. /

//#ifdef _MSC_VER // #define FILENAME ( strrchr( FILE, '\' ) ? strrchr( FILE, '\' ) + 1 : FILE ) //#else // #define FILENAME ( strrchr( FILE, '/' ) ? strrchr( FILE, '/' ) + 1 : FILE ) //#endif

define FILENAME ""

With these changes do we need to make any other configuration? Help us here to turn off inclusion of absolute file path in binary file.

Here are the logs of binwalk output: 304 0x130 Unix path: /media/sf_Pentair/IC/ic/code/src/app/common/appUtils.c 3684 0xE64 Unix path: /media/sf_Pentair/IC/ic/code/src/app/common/debugLog.c 28028 0x6D7C Unix path: /media/sf_Pentair/IC/ic/code/src/drivers/esp32/hal/halNvs.c 83992 0x14818 Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/esp-idf/components/heap/heap_caps.c 112244 0x1B674 Unix path: /home/ubuntu/afr_gen/code/src/app/connectivity/awsOta.c 119256 0x1D1D8 Unix path: /home/ubuntu/afr_gen/code/src/app/connectivity/connectivity.c 128500 0x1F5F4 Unix path: /home/ubuntu/afr_gen/code/src/app/connectivity/data.c 133712 0x20A50 Unix path: /home/ubuntu/afr_gen/code/src/app/connectivity/ota/ota.c 136648 0x215C8 Unix path: /home/ubuntu/afr_gen/code/src/app/connectivity/ota/ota_base64.c 137384 0x218A8 Unix path: /home/ubuntu/afr_gen/code/src/app/connectivity/ota/ota_interface.c 147940 0x241E4 Unix path: /home/ubuntu/afr_gen/code/src/app/connectivity/awsMqtt.c 155756 0x2606C Unix path: /home/ubuntu/afr_gen/code/src/app/connectivity/iot_wifi.c 187712 0x2DD40 Unix path: /media/sf_Pentair/IC/ic/code/freertos/libraries/coreMQTT/source/core_mqtt.c 194284 0x2F6EC Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/boards/esp32/ports/ble/nimble/iot_ble_hal_comm 194740 0x2F8B4 Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/boards/esp32/ports/ble/nimble/iot_ble_hal_gatt 195304 0x2FAE8 Unix path: /media/sf_Pentair/IC/ic/code/freertos/libraries/3rdparty/tinycbor/src/cbor.h 199144 0x309E8 Unix path: /media/sf_Pentair/IC/ic/code/freertos/libraries/abstractions/backoff_algorithm/source/backoff_algorith 212220 0x33CFC Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/boards/esp32/ports/pkcs11/core_pkcs11_pal.c 247684 0x3C784 Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/esp-idf/components/soc/esp32/rtc_time.c 249196 0x3CD6C Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/esp-idf/components/soc/src/memory_layout_utils 249680 0x3CF50 Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/esp-idf/components/vfs/vfs.c 251916 0x3D80C Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/esp-idf/components/bootloader_support/src/boot 253156 0x3DCE4 Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/esp-idf/components/app_update/esp_ota_ops.c 254196 0x3E0F4 Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/esp-idf/components/spi_flash/flash_mmap.c 254504 0x3E228 Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/esp-idf/components/spi_flash/partition.c 261372 0x3FCFC Unix path: /media/sf_Pentair/IC/ic/code/freertos/vendors/espressif/esp-idf/components/lwip/lwip/src/core/tcp_in.c

Skptak commented 1 year ago

Hey, @EI-viren-moradiya thanks for bringing this issue up. I was wondering if you could possibly supply your build command, the version of binwalk you're using, and then the binwalk command you are using to see this output. I believe this information would help myself and others in assisting you with this problem. Thanks in advance!

EI-viren-moradiya commented 1 year ago

Hi @Skptak,

Below is the build command which I am using to generate the firmware binary.

Generate Build files

cmake -S ../ -B ../code/build -DIDF_SDKCONFIG_DEFAULTS=../code/config/sdkconfig -DCMAKE_TOOLCHAIN_FILE=../code/freertos/tools/cmake/toolchains/xtensa-esp32.cmake

Build the project

make all

Binwalk version $ binwalk --help Binwalk v2.1.1 Craig Heffner, http://www.binwalk.org

Command to see the output: binwalk ic.bin

Let us know if you need any other details to understand the problem.

Thank you!

dachalco commented 1 year ago

@EI-viren-moradiya

The linked IDF issues make some mention of it, but the config doesn't cover all uses of __FILE__ as some software is submoduled and not owned by IDF.

Could you do a diff of the binwalk output before and after setting those sdkconfigs? I'm noticing that there are still issues with various other stack's assertions that still use __FILE__. For example LWIP_ASSERT. Could you redefine LWIP_ASSERT to not use __FILE__ -- or at least shorten/change to your liking -- and confirm it removes the LWIP file paths from the binary at least? Removing the other full paths will be similar.