search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.53k stars 1.7k forks source link

NetlogFile files uploaded are converted to Unix end of line #3098

Open Tigzy opened 4 years ago

Tigzy commented 4 years ago

Hello I have a problem I can't solve on Windows 10. All my files sent from guest to host (screenshots, custom files) are converted from \n to \r\n, even when they are binary. This makes the screenshots corrupted, as well as my custom report ZIP files.

I tried looking into the code, but the open() calls are properly set for binary mode. I've added some filter with logs on socket send and receive, and it looks like the conversion happens in between.

2020-09-07 15:44:33,269 [cuckoo.core.resultserver] DEBUG: Task #187: File upload for 'shots/0001.jpg' 2020-09-07 15:44:33,276 [cuckoo.core.resultserver] DEBUG: Found linux EOF in data @ 1087 2020-09-07 15:44:33,296 [cuckoo.core.resultserver] DEBUG: Found linux EOF in data @ 1572 2020-09-07 15:44:33,298 [cuckoo.core.resultserver] DEBUG: Found linux EOF in data @ 1384

Any help regarding this ?

Tigzy commented 4 years ago

So I found my issue, and it's indeed a Cuckoo bug on Windows. Per the doc: https://docs.python.org/3/library/os.html#os.open

In particular, on Windows adding O_BINARY is needed to open files in binary mode.

The fix would be (for Windows, I'm unsure how you want to filter it) to replace in /common/files.py:

def open_exclusive: 
...
fd = os.open(path, os.O_CREAT|os.O_EXCL|os.O_WRONLY, 0644)
by 
fd = os.open(path, os.O_CREAT|os.O_EXCL|os.O_WRONLY|os.O_BINARY, 0644)