search

pr0v3rbs / FirmAE

Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
MIT License
603 stars 117 forks source link

Python errors during analysis phase #68

Open h00die-gr3y opened 10 months ago

h00die-gr3y commented 10 months ago

Hi there, Installed FirmAE on Kali Linux.

Linux cerberus 5.15.44-Re4son-v8l+ #1 SMP PREEMPT Debian kali-pi (2022-07-03) aarch64 GNU/Linux

Got these pythons errors during analysis phase with routersploit. Reports get generated but I guess on partly. Any idea what is wrong here?

# ./run.sh -a auto /root/FirmAE/firmwares/WNAP320_Firmware_Version_2.0.3.zip
[*] /root/FirmAE/firmwares/WNAP320_Firmware_Version_2.0.3.zip emulation start!!!
[*] extract done!!!
[*] get architecture done!!!
[*] /root/FirmAE/firmwares/WNAP320_Firmware_Version_2.0.3.zip already succeed emulation!!!

[IID] 2
[MODE] analyze
[+] Network reachable on 192.168.0.100!
[+] Web service on 192.168.0.100
[*] Waiting web service...
Creating TAP device tap2_0...
Set 'tap2_0' persistent and owned by uid 0
Bringing up TAP device...
Starting emulation of firmware... 192.168.0.100 true true 41.009137557 70.115640078
[+] start pentest!
[*] FirmAE web server initializer
Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-11 22:02 UTC
Nmap scan report for 192.168.0.100
Host is up (0.0054s latency).
Not shown: 997 closed tcp ports (reset)
PORT    STATE SERVICE  VERSION
22/tcp  open  ssh      Dropbear sshd 0.51 (protocol 2.0)
80/tcp  open  http     lighttpd 1.4.18
443/tcp open  ssl/http lighttpd 1.4.18
MAC Address: 52:54:00:12:34:56 (QEMU virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.59 seconds
[*] fuzzer
[*] rsf
Traceback (most recent call last):
  File "/root/FirmAE/analyses/routersploit/routersploit/interpreter.py", line 411, in command_run
    self.current_module.run()
  File "/root/FirmAE/analyses/routersploit/routersploit/modules/scanners/autopwn.py", line 81, in run
    self.run_threads(self.threads, self.exploits_target_function, data)
  File "/root/FirmAE/analyses/routersploit/routersploit/core/exploit/exploit.py", line 114, in run_threads
    while thread.isAlive():
          ^^^^^^^^^^^^^^
AttributeError: 'Thread' object has no attribute 'isAlive'. Did you mean: 'is_alive'?

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/root/FirmAE/analyses/routersploit/./rsf.py", line 38, in <module>
    routersploit(sys.argv[1])
  File "/root/FirmAE/analyses/routersploit/./rsf.py", line 33, in routersploit
    rsf.run_command('run')
  File "/root/FirmAE/analyses/routersploit/routersploit/interpreter.py", line 324, in run_command
    command_handler(args)
  File "/root/FirmAE/analyses/routersploit/routersploit/core/exploit/utils.py", line 177, in wrapper
    return fn(self, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/FirmAE/analyses/routersploit/routersploit/interpreter.py", line 416, in command_run
    print_error(traceback.format_exc(sys.exc_info()))
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/traceback.py", line 187, in format_exc
    return "".join(format_exception(*sys.exc_info(), limit=limit, chain=chain))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/traceback.py", line 139, in format_exception
    te = TracebackException(type(value), value, tb, limit=limit, compact=True)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/traceback.py", line 692, in __init__
    self.stack = StackSummary._extract_from_extended_frame_gen(
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/traceback.py", line 409, in _extract_from_extended_frame_gen
    if limit >= 0:
       ^^^^^^^^^^
TypeError: '>=' not supported between instances of 'tuple' and 'int'
Exception ignored in: <module 'threading' from '/usr/lib/python3.11/threading.py'>
Traceback (most recent call last):
  File "/usr/lib/python3.11/threading.py", line 1583, in _shutdown
    lock.acquire()
KeyboardInterrupt:
[*] analyzer finished
./analyses_all.sh: line 33: analyses_log/firmwares/2/result: No such file or directory
pr0v3rbs commented 6 months ago

It looks like a problem with the customized routersploit, I will check it and update it.