alrawi / badthings-tools Goto Github PK

(base) thematch@thematch-QiTianM650-N000:~/dynamic/bin$ sudo docker run -it --rm -v $PWD/bins:/br2/bins --privileged arm-qemu:1.0-uclibc -i /br2/bins/0a00d8f8598188451c8b23b65666ad579013ee062652a3fbc0efc75141df020d.bin -r abc.exe -t 35
2023-12-07 13:22:25 INFO: Full file path to analyze:
/br2/bins/0a00d8f8598188451c8b23b65666ad579013ee062652a3fbc0efc75141df020d.bin
2023-12-07 13:22:25 INFO: Analysis timeout: 35 sec
2023-12-07 13:22:25 INFO: Binary file renamed from 0a00d8f8598188451c8b23b65666ad579013ee062652a3fbc0efc75141df020d.bin
to abc.exe
2023-12-07 13:22:25 INFO: Running system call tracing
2023-12-07 13:22:25 INFO: Full analysis timeout disabled
2023-12-07 13:22:25 INFO: Preping rootfs for analysis
2023-12-07 13:22:25 INFO: Mounting rootfs
2023-12-07 13:22:28 INFO: Copying binary into rootfs
2023-12-07 13:22:28 INFO: Unmounting rootfs
2023-12-07 13:22:28 INFO: Starting analysis VM...
VNC server running on 127.0.0.1:5900
2023-12-07 13:22:28 INFO: Analysis VM started, waiting on guest to boot
ssh_exchange_identification: Connection closed by remote host
2023-12-07 13:22:33 DEBUG: Guest not responding, sleeping and checking later
2023-12-07 13:22:43 DEBUG: Checking guest...
ssh: connect to host 127.0.0.1 port 22: Connection timed out
2023-12-07 13:22:48 DEBUG: Guest not responding, sleeping and checking later
2023-12-07 13:22:58 DEBUG: Checking guest...
ssh: connect to host 127.0.0.1 port 22: Connection timed out
2023-12-07 13:23:03 DEBUG: Guest not responding, sleeping and checking later
2023-12-07 13:23:13 DEBUG: Checking guest...
ssh: connect to host 127.0.0.1 port 22: Connection timed out
2023-12-07 13:23:18 DEBUG: Guest not responding, sleeping and checking later

why ssh timed out？

Thanks for sharing the usage of docker images in details. However, the system call trace files are all empty when I analyze the binary given by the guidance (4c962e8714a622d114a6b083e5eb9b2699bff4f4f04efd669020fb2d6f158e1e). The results are shown below:

How to solve this problem? Thank you!

For m68k architecture, the vm start script and dockerfile are not found.

Would it be possible to open-source the Dockerfiles used to build the dynamic analysis images (currently hosted on Dropbox)? This would ensure reproducibility, in case Dropbox decides to take the files down for some reason, and promote open science.