search

mandiant / flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
Apache License 2.0
6.57k stars 918 forks source link

Endless errors on Windows 10 #389

Closed init5-SF closed 1 year ago

init5-SF commented 2 years ago

Very disappointing experience. I am getting this on a fully updated fresh install of Windows 10 Pro 21H2

boxstarter.log:20303:2021/11/28 12:58:57 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install vivisect
boxstarter.log:20444:[2021-11-28T12:59:52.6613924+02:00:::PID 6324] 2021/11/28 12:59:52 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : 
Failed to install libraries.python2.fireeye
boxstarter.log:20445:2021/11/28 12:59:52 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install libraries.python2.fireeye
boxstarter.log:23429:[2021-11-28T13:03:03.0521123+02:00:::PID 6324] 2021/11/28 13:03:03 [x64dbg.py.flare] chocolateyinstall.ps1 [+] ERROR : Failed to 
install x64dbg.py.flare
boxstarter.log:23430:2021/11/28 13:03:03 [x64dbg.py.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install x64dbg.py.flare
boxstarter.log:67594:[2021-11-28T13:42:59.8989511+02:00:::PID 6324] 2021/11/28 13:42:59 [vbdecompiler.flare] chocolateyinstall.ps1 [+] ERROR : Failed 
to install vbdecompiler.flare
boxstarter.log:67595:2021/11/28 13:42:59 [vbdecompiler.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install vbdecompiler.flare
boxstarter.log:69110:[2021-11-28T13:44:06.7425675+02:00:::PID 6324] 2021/11/28 13:44:06 [idr.small.flare] chocolateyinstall.ps1 [+] ERROR : Failed to 
install idr.small.flare
boxstarter.log:69111:2021/11/28 13:44:06 [idr.small.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install idr.small.flare
boxstarter.log:72573:[2021-11-28T13:46:43.4769209+02:00:::PID 6324] 2021/11/28 13:46:43 [Autopsy.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to 
install Autopsy.fireeye
boxstarter.log:72574:2021/11/28 13:46:43 [Autopsy.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install Autopsy.fireeye
boxstarter.log:77427:[2021-11-28T13:47:59.7587201+02:00:::PID 6324] 2021/11/28 13:47:59 [010editor.flare] chocolateyinstall.ps1 [+] ERROR : Failed to 
install 010editor.flare
boxstarter.log:77428:2021/11/28 13:47:59 [010editor.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install 010editor.flare
boxstarter.log:106927:[2021-11-28T14:09:44.2475987+02:00:::PID 6324] 2021/11/28 14:09:44 [nmap.flare] chocolateyinstall.ps1 [+] ERROR : Failed to 
install winpcap
boxstarter.log:106928:2021/11/28 14:09:44 [nmap.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install winpcap
boxstarter.log:130016:[2021-11-28T14:18:20.6849905+02:00:::PID 6324] 2021/11/28 14:18:20 [hashmyfiles.flare] chocolateyinstall.ps1 [+] ERROR : Failed 
to install hashmyfiles.flare
boxstarter.log:130017:2021/11/28 14:18:20 [hashmyfiles.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install hashmyfiles.flare
boxstarter.log:142851:[2021-11-28T14:22:51.4510574+02:00:::PID 6900] 2021/11/28 14:22:51 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR 
: Failed to install vivisect
boxstarter.log:142852:2021/11/28 14:22:51 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install vivisect
boxstarter.log:143020:[2021-11-28T14:23:05.8418760+02:00:::PID 6900] 2021/11/28 14:23:05 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR 
: Failed to install libraries.python2.fireeye
boxstarter.log:143021:2021/11/28 14:23:05 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install libraries.python2.fireeye
boxstarter.log:143911:[2021-11-28T14:23:18.2395064+02:00:::PID 6900] 2021/11/28 14:23:18 [x64dbg.py.flare] chocolateyinstall.ps1 [+] ERROR : Failed 
to install x64dbg.py.flare
boxstarter.log:143912:2021/11/28 14:23:18 [x64dbg.py.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install x64dbg.py.flare
boxstarter.log:144778:[2021-11-28T14:23:53.6877775+02:00:::PID 6900] 2021/11/28 14:23:53 [vbdecompiler.flare] chocolateyinstall.ps1 [+] ERROR : 
Failed to install vbdecompiler.flare
boxstarter.log:144779:2021/11/28 14:23:53 [vbdecompiler.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install vbdecompiler.flare
boxstarter.log:146297:[2021-11-28T14:24:23.7816899+02:00:::PID 6900] 2021/11/28 14:24:23 [idr.small.flare] chocolateyinstall.ps1 [+] ERROR : Failed 
to install idr.small.flare
boxstarter.log:146298:2021/11/28 14:24:23 [idr.small.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install idr.small.flare
boxstarter.log:147256:[2021-11-28T14:51:01.8241857+02:00:::PID 6900] 2021/11/28 14:51:01 [Autopsy.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed 
to install Autopsy.fireeye
boxstarter.log:147257:2021/11/28 14:51:01 [Autopsy.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install Autopsy.fireeye
boxstarter.log:148124:[2021-11-28T14:51:29.6520554+02:00:::PID 6900] 2021/11/28 14:51:29 [010editor.flare] chocolateyinstall.ps1 [+] ERROR : Failed 
to install 010editor.flare
boxstarter.log:148125:2021/11/28 14:51:29 [010editor.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install 010editor.flare
boxstarter.log:150484:[2021-11-28T14:52:02.3085756+02:00:::PID 6900] 2021/11/28 14:52:02 [hashmyfiles.flare] chocolateyinstall.ps1 [+] ERROR : Failed 
to install hashmyfiles.flare
boxstarter.log:150485:2021/11/28 14:52:02 [hashmyfiles.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install hashmyfiles.flare
boxstarter.log:164300:[2021-11-28T15:01:02.6194501+02:00:::PID 6900] 2021/11/28 15:01:02 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR 
: Failed to install vivisect
boxstarter.log:164301:2021/11/28 15:01:02 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install vivisect
boxstarter.log:165176:[2021-11-28T15:01:24.6347330+02:00:::PID 6900] 2021/11/28 15:01:24 [oledump.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed 
to install oledump.fireeye
boxstarter.log:165177:2021/11/28 15:01:24 [oledump.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install oledump.fireeye
boxstarter.log:166024:[2021-11-28T15:01:37.3692102+02:00:::PID 6900] 2021/11/28 15:01:37 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR 
: Failed to install vivisect
boxstarter.log:166025:2021/11/28 15:01:37 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install vivisect
boxstarter.log:166872:[2021-11-28T15:01:59.1032178+02:00:::PID 6900] 2021/11/28 15:01:59 [rtfdump.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed 
to install rtfdump.fireeye
boxstarter.log:166873:2021/11/28 15:01:59 [rtfdump.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install rtfdump.fireeye
boxstarter.log:167720:[2021-11-28T15:02:11.7442364+02:00:::PID 6900] 2021/11/28 15:02:11 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR 
: Failed to install vivisect
boxstarter.log:167721:2021/11/28 15:02:11 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install vivisect
boxstarter.log:168567:[2021-11-28T15:02:33.5722315+02:00:::PID 6900] 2021/11/28 15:02:33 [msoffcrypto-crack.fireeye] chocolateyinstall.ps1 [+] ERROR 
: Failed to install msoffcrypto-crack.fireeye
boxstarter.log:168568:2021/11/28 15:02:33 [msoffcrypto-crack.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install msoffcrypto-crack.fireeye
boxstarter.log:169414:[2021-11-28T15:02:46.4164954+02:00:::PID 6900] 2021/11/28 15:02:46 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR 
: Failed to install vivisect
boxstarter.log:169415:2021/11/28 15:02:46 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install vivisect
boxstarter.log:170179:[2021-11-28T15:03:01.5103939+02:00:::PID 6900] 2021/11/28 15:03:01 [oletools.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed 
to install oletools.fireeye
boxstarter.log:170180:2021/11/28 15:03:01 [oletools.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install oletools.fireeye
boxstarter.log:171026:[2021-11-28T15:03:13.9938356+02:00:::PID 6900] 2021/11/28 15:03:13 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR 
: Failed to install vivisect
boxstarter.log:171027:2021/11/28 15:03:13 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install vivisect
boxstarter.log:171884:[2021-11-28T15:03:35.3225405+02:00:::PID 6900] 2021/11/28 15:03:35 [pdfid.flare] chocolateyinstall.ps1 [+] ERROR : Failed to 
install pdfid.flare
boxstarter.log:171885:2021/11/28 15:03:35 [pdfid.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install pdfid.flare
boxstarter.log:172732:[2021-11-28T15:03:47.9313718+02:00:::PID 6900] 2021/11/28 15:03:47 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR 
: Failed to install vivisect
boxstarter.log:172733:2021/11/28 15:03:47 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install vivisect
boxstarter.log:173584:[2021-11-28T15:04:09.3384592+02:00:::PID 6900] 2021/11/28 15:04:09 [pdfparser.flare] chocolateyinstall.ps1 [+] ERROR : Failed 
to install pdfparser.flare
boxstarter.log:173585:2021/11/28 15:04:09 [pdfparser.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install pdfparser.flare
boxstarter.log:182504:[2021-11-28T15:13:31.2149769+02:00:::PID 6900] 2021/11/28 15:13:31 [MAP.flare] chocolateyinstall.ps1 [+] ERROR : Failed to 
install MAP.flare
boxstarter.log:182505:2021/11/28 15:13:31 [MAP.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install MAP.flare
boxstarter.log:190459:[2021-11-28T15:17:07.4544391+02:00:::PID 5984] 2021/11/28 15:17:07 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR 
: Failed to install vivisect
boxstarter.log:190460:2021/11/28 15:17:07 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install vivisect
boxstarter.log:190628:[2021-11-28T15:17:21.6111916+02:00:::PID 5984] 2021/11/28 15:17:21 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR 
: Failed to install libraries.python2.fireeye
boxstarter.log:190629:2021/11/28 15:17:21 [libraries.python2.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install libraries.python2.fireeye
boxstarter.log:191519:[2021-11-28T15:17:33.6996029+02:00:::PID 5984] 2021/11/28 15:17:33 [x64dbg.py.flare] chocolateyinstall.ps1 [+] ERROR : Failed 
to install x64dbg.py.flare
boxstarter.log:191520:2021/11/28 15:17:33 [x64dbg.py.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install x64dbg.py.flare
boxstarter.log:192392:[2021-11-28T15:17:46.9496237+02:00:::PID 5984] 2021/11/28 15:17:46 [vbdecompiler.flare] chocolateyinstall.ps1 [+] ERROR : 
Failed to install vbdecompiler.flare
boxstarter.log:192393:2021/11/28 15:17:46 [vbdecompiler.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install vbdecompiler.flare
boxstarter.log:193919:[2021-11-28T15:18:19.0279884+02:00:::PID 5984] 2021/11/28 15:18:19 [idr.small.flare] chocolateyinstall.ps1 [+] ERROR : Failed 
to install idr.small.flare
boxstarter.log:193920:2021/11/28 15:18:19 [idr.small.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install idr.small.flare
boxstarter.log:195717:[2021-11-28T15:31:51.8366365+02:00:::PID 5984] 2021/11/28 15:31:51 [010editor.flare] chocolateyinstall.ps1 [+] ERROR : Failed 
to install 010editor.flare
boxstarter.log:195718:2021/11/28 15:31:51 [010editor.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install 010editor.flare
boxstarter.log:196646:[2021-11-28T15:32:02.3996894+02:00:::PID 5984] 2021/11/28 15:32:02 [hashmyfiles.flare] chocolateyinstall.ps1 [+] ERROR : Failed 
to install hashmyfiles.flare
boxstarter.log:196647:2021/11/28 15:32:02 [hashmyfiles.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install hashmyfiles.flare
boxstarter.log:197564:[2021-11-28T15:32:53.1335817+02:00:::PID 5984] 2021/11/28 15:32:53 [MAP.flare] chocolateyinstall.ps1 [+] ERROR : Failed to 
install MAP.flare
boxstarter.log:197565:2021/11/28 15:32:53 [MAP.flare] chocolateyinstall.ps1 [+] ERROR : Failed to install MAP.flare
boxstarter.log:199303:[2021-11-28T15:35:03.4420538+02:00:::PID 5984] 2021/11/28 15:35:03 [HTTrack.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed 
to install malware-jail.fireeye
boxstarter.log:199304:2021/11/28 15:35:03 [HTTrack.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install malware-jail.fireeye
boxstarter.log:199569:[2021-11-28T15:35:25.3795317+02:00:::PID 5984] 2021/11/28 15:35:25 [HTTrack.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed 
to install vscode.fireeye
boxstarter.log:199570:2021/11/28 15:35:25 [HTTrack.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install vscode.fireeye
boxstarter.log:199827:[2021-11-28T15:35:47.2553199+02:00:::PID 5984] 2021/11/28 15:35:47 [HTTrack.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed 
to install apktool.flare
boxstarter.log:199828:2021/11/28 15:35:47 [HTTrack.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install apktool.flare
boxstarter.log:200086:[2021-11-28T15:36:09.1138465+02:00:::PID 5984] 2021/11/28 15:36:09 [HTTrack.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed 
to install capa.fireeye
boxstarter.log:200087:2021/11/28 15:36:09 [HTTrack.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install capa.fireeye
boxstarter.log:200345:[2021-11-28T15:36:30.9736434+02:00:::PID 5984] 2021/11/28 15:36:30 [HTTrack.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed 
to install flare-qdb.python.flare
boxstarter.log:200346:2021/11/28 15:36:30 [HTTrack.fireeye] chocolateyinstall.ps1 [+] ERROR : Failed to install flare-qdb.python.flare
MalwareMechanic commented 2 years ago

@init5-SF Currently many packages are broken as our team is limited; however, we have plans in the works to help alleviate this. We're aiming for Q1 to release our updates, apologies until then. 🙇

init5-SF commented 2 years ago

@init5-SF Currently many packages are broken as our team is limited; however, we have plans in the works to help alleviate this. We're aiming for Q1 to release our updates, apologies until then. 🙇

@MalwareMechanic thanks for the fast response! Can I run in the current install script then run the new one in Q1 to fix the missing/broken packages, or the new script will require a fresh install?

MalwareMechanic commented 2 years ago

@init5-SF The updated script will likely require a fresh install unfortunately

TheSerialLearner commented 2 years ago

I got a fresh install using the Windows Edge VMs completed today Nov 30, 2021. NOTE the build below 17763 which is 1809. Your issue might be building with 21H2. Recommend you re-try with the older version of Windows 10. Most enterprises will use a licensed Windows version so I recommend you try your license with the old one as that's what I intend to do. Good luck. It also takes a while (5-8 hours) to complete. Some interection may be necessary if it seems like it's stuck on a line.(CTRL + Z)

OS Name Microsoft Windows 10 Enterprise Evaluation Version 10.0.17763 Build 17763 Other OS Description Not Available OS Manufacturer Microsoft Corporation System Name MSEDGEWIN10 System Manufacturer VMware, Inc. System Model VMware Virtual Platform System Type x64-based PC

init5-SF commented 2 years ago

@TheSerialLearner thanks, will try that, I also took a closer look at the log file and it has a lot of 404's, some packages were not found during installation.

MalwareMechanic commented 2 years ago

Many packages have URLs that are 404'ing or returning content that doesn't match the hard-coded hash (which may be because the URL is dead/old, content is indeed updated, or defender has blocked it). In all cases the package will fail to install. So while your (@TheSerialLearner) install may have completed (it should), you're likely missing lots of packages sadly 😭 We have a solution in mind, but are awaiting some internal roadblocks before we can continue. So fingers-crossed for Q1!

TheSerialLearner commented 2 years ago

@init5-SF if you tried to set this up at work (behind firewalls/ips) then that may introduce an issue there. You might need less restriction for this.

Thanks @MalwareMechanic. Correct that I was missing a few packages like Burp which I installed manually. Visually observing the csv file I think I got about 60% of the files. Some files were not found, some failes checksum etc

k-badz commented 2 years ago

Hey @MalwareMechanic - long time no hear in this topic, I as well encountered many hash mismatch and 404 issues that hopefully would be fixed by your Q1 fixes. Could you give any update? Do you still plan to make an update in Q1 or should we expect it to be postponed? Thanks.

brootware commented 2 years ago

Hey @MalwareMechanic - long time no hear in this topic, I as well encountered many hash mismatch and 404 issues that hopefully would be fixed by your Q1 fixes. Could you give any update? Do you still plan to make an update in Q1 or should we expect it to be postponed? Thanks.

I'd also like to know what the future plans are for this. So leaving this here @MalwareMechanic .

JohnBeres commented 2 years ago

Has there been any progress on this? Really hope it's not being left in the dust...

brootware commented 2 years ago

Has there been any progress on this? Really hope it's not being left in the dust...

Hey @JohnBeres ,I was able to install it on a windows machine. So I imaged it and uploaded it onto vagrant for easier provisioning. Because the installation itself takes a really long time too. You can check out the project here https://github.com/brootware/flarevm-up

JohnBeres commented 2 years ago

Has there been any progress on this? Really hope it's not being left in the dust...

Hey @JohnBeres ,I was able to install it on a windows machine. So I imaged it and uploaded it onto vagrant for easier provisioning. Because the installation itself takes a really long time too. You can check out the project here https://github.com/brootware/flarevm-up

Hello @brootware Thank you for the reply. Unfortunately a pre-built image is not appropriate for our environment. I'm much more interested in how to get around these errors so our build can succeed.

Happy to hear what your solution was to build your virtual box for Vagrant!

Update: He has spoken!

https://twitter.com/MalwareMechanic/status/1562952356576104448?s=20&t=LaqNQnBHyantLSea-eILTA

vm-packages commented 1 year ago

Thank you for your feedback! We've been working on major updates to FLARE VM over the last year. The now revamped FLARE VM has just been released and will make the project more open and maintainable. Please check out our blog post at https://www.mandiant.com/resources/blog/flarevm-open-to-public and give the new installation a try.

If this problem still persists with the new installation, please report:

Please note that we use this message to close all legacy issues in this repository. We look forward to your feedback and support for the next generation of FLARE VM.