search

pr0v3rbs / FirmAE

Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
MIT License
603 stars 117 forks source link

When I debug the firmware in docker, a very large log file appears in my host's scratch folder. #43

Closed s1vona closed 1 year ago

s1vona commented 1 year ago

I run the command sudo ./docker-helper.py -ed wr940nv6_us_211111.bin and get a docker shell. Then I go to FirmAE folder and run the command sudo ./run.sh -c tplink wr940nv6_us_211111.bin and sudo ./run.sh -d tplink wr940nv6_us_211111.bin .

After minutes, I found my host disk was full. After checking, I got this:

$ du -h ./scratch --max-depth=1 
303M    ./scratch/2
102M    ./scratch/1
16G ./scratch

$ ls -lh ./scratch
total 16G
drwxrwxrwx 3 root root 4.0K 8月  11 12:57 1
drwxrwxrwx 3 root root 4.0K 8月   9 17:42 2
-rw-r--r-- 1 root root  16G 8月  11 13:19 wr940nv6_us_211111.bin.log

Maybe in the file wr940nv6_us_211111.bin.log is all of this:

$ head -50 wr940nv6_us_211111.bin.log
[*] /work/firmwares/wr940nv6_us_211111.bin emulation start!!!
[*] extract done!!!
[*] get architecture done!!!
[*] /work/firmwares/wr940nv6_us_211111.bin already succeed emulation!!!

[IID] 1
[MODE] debug
[+] Network reachable on 192.168.0.1!
[+] Web service on 192.168.0.1
[+] Run debug!
Creating TAP device tap1_0...
Set 'tap1_0' persistent and owned by uid 0
Bringing up TAP device...
Starting emulation of firmware... 192.168.0.1 true true 126.927614079 230.085847769
[*] firmware - wr940nv6_us_211111
[*] IP - 192.168.0.1
[*] connecting to netcat (192.168.0.1:31337)
[+] netcat connected
------------------------------
|       FirmAE Debugger      |
------------------------------
1. connect to socat
2. connect to shell
3. tcpdump
4. run gdbserver
5. file transfer
6. exit
> 

------------------------------
|       FirmAE Debugger      |
------------------------------
1. connect to socat
2. connect to shell
3. tcpdump
4. run gdbserver
5. file transfer
6. exit
> 

$ tail scratch/wr940nv6_us_211111.bin.log 
------------------------------
|       FirmAE Debugger      |
------------------------------
1. connect to socat
2. connect to shell
3. tcpdump
4. run gdbserver
5. file transfer
6. exit
> %

And I can't connect to shell in docker mode. Hope to fix these bugs. Thanks.

pr0v3rbs commented 1 year ago

Thank you for your issue.

I'm fixing it now.