search

pr0v3rbs / FirmAE

Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
MIT License
602 stars 117 forks source link

The Cisco device could not be extracted #74

Open ojuanjo opened 6 months ago

ojuanjo commented 6 months ago

When I go to emulate a Cisco device, it shows file extraction issue, how can this be fixed:

/FirmAE# ./run.sh -c cisco firmwares/cat9k_iosxe.17.11.01.SPA.bin [*] firmwares/cat9k_iosxe.17.11.01.SPA.bin emulation start!!! Traceback (most recent call last): File "./sources/extractor/extractor.py", line 780, in main() File "./sources/extractor/extractor.py", line 777, in main extract.extract() File "./sources/extractor/extractor.py", line 203, in extract self._extract_item(item) File "./sources/extractor/extractor.py", line 211, in _extract_item ExtractionItem(self, path, 0, None, self.debug).extract() File "./sources/extractor/extractor.py", line 474, in extract self._check_recursive(module, entry) File "./sources/extractor/extractor.py", line 730, in _check_recursive if new_item.extract(): File "./sources/extractor/extractor.py", line 474, in extract self._check_recursive(module, entry) File "./sources/extractor/extractor.py", line 729, in _check_recursive self.debug) File "./sources/extractor/extractor.py", line 244, in init host=self.extractor.database) File "/usr/local/lib/python3.6/dist-packages/psycopg2/init.py", line 122, in connect conn = _connect(dsn, connection_factory=connection_factory, **kwasync) KeyboardInterrupt

pr0v3rbs commented 6 months ago

It seems your PostgreSQL service has not started (the psycopg2 connection failed), check out your PostgreSQL service.

ojuanjo commented 6 months ago

But simulating another device (in your dataset) doesn't have this problem, it's not in your experimental dataset, and I didn't create a separate database, I don't know what the database it is connected to, and I don't quite understand how to check it to fix it

pr0v3rbs commented 3 months ago

I checked your cisco firmware, and the size of the firmware is extremely large. The FirmAE extracts firmware leveraging the binwalk with custom codes, however, because of the large file size, the timeout is occurred. (https://github.com/pr0v3rbs/FirmAE/blob/master/run.sh#L107-L109)

You can increase the time to wait until successfully extract the file-system from the firmware, or you can just make your own custom firmware file from the original firmware. And run with custom firmware.