search

ucsb-seclab / karonte

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware
BSD 2-Clause "Simplified" License
384 stars 61 forks source link

how to use karonte-viz #21

Open Nicholas-wei opened 8 months ago

Nicholas-wei commented 8 months ago

I want to use karonte-viz, but the should be a json file, the results provided by karonte is not a json file I used the command python viz-results.py <PATH_TO_KARONTE_LOG_FILE> the result is

python viz-results.py ../result/FIR868LB1_FW200KR-K07.log
Traceback (most recent call last):
  File "viz-results.py", line 380, in <module>
    main()
  File "viz-results.py", line 371, in main
    res = parse_json_log(raw_data)
  File "viz-results.py", line 42, in parse_json_log
    data = json.loads(content)
  File "/home/iot/micromamba/envs/karonte/lib/python3.7/json/__init__.py", line 348, in loads
    return _default_decoder.decode(s)
  File "/home/iot/micromamba/envs/karonte/lib/python3.7/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/home/iot/micromamba/envs/karonte/lib/python3.7/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

My log file's(FIR868LB1_FW200KR-K07.log)content looks like this, which is provided by karonte.py

Logging started. Time: 1704270162.27

===================== Start Info path =====================
Binary: /home/karonte/karonte/firmware/d-link/firmae/DIR868LB1_FW200KR-K07/_DIR868LB1_FW200KR-K07.bin.extracted/squashfs-root/htdocs/cgibin: 
Plugin responsible to propagate the data: environment
Key: REQUEST_URI, Sink address: 0x17650, time: 21954.0085669 sec

Path 
----------------
0x17374 -> 0x173c0 -> 0x173d8 -> 0x173e4 -> 0x173f4 -> 0x17404 -> 0x17414 -> 0x17424 -> 0x94b0 -> 0x1000108L -> 0x17438 -> 0x17460 -> 0x1746c -> 0x17484 -> 0x97e0 -> 0x1000320L -> 0x17490 -> 0x174a0 -> 0x9594 -> 0x1000198L -> 0x174b4 -> 0x174cc -> 0x174e0 -> 0x1751c -> 0x17538 -> 0x97e0 -> 0x1000320L -> 0x1754c -> 0x17570 -> 0x95b8 -> 0x10001b0L -> 0x175a4 -> 0x175b0 -> 0x175dc -> 0x175e8 -> 0x93cc -> 0x1000070L -> 0x175f4 -> 0x9714 -> 0x1000298L -> 0x17610 -> 0x17624 -> 0x1763c -> 0x93cc -> 0x1000070L

Fully tainted conditions 
----------------
===================== End Info path =====================
(emitted)

btw, is there any way to obtain a list of broader binaries and IPC binaries discovered by karonte? the log file seems dosen't contain these

OverVIEW0 commented 2 months ago

Hello, I have the same question, has it been solved? The result looks like only the key data transfer path?