Commit aa2cb4a7 authored by Jason Hiser's avatar Jason Hiser 🚜

updated readme, docker nightly build, weekly deploy

parent 54812e2e
Pipeline #2677 passed with stages
in 7 minutes and 37 seconds
# The IRDB Cookbook
This project is the "Cookbook" for building an IRDB transform.
## Description
This project is the "cookbook" for building an IRDB transform -- as in, it is designed to be recipes you can build from.
Included are three sample transforms:
1. initialize\_stack -- intialize a stack frame upon entry to a function.
This transform may be useful to prevent attacks that leverage uninit'd data on the stack.
This transform may be useful to prevent attacks that leverage uninitialized data on the stack.
1. stack\_stamp -- "Stamp" return addresses passed to
functions by xoring the return value with a random value. This transform
may be useful to prevent attacks that overwrite a return address, a classic attack vector.
......@@ -11,23 +14,42 @@ may be useful to prevent attacks that overwrite a return address, a classic atta
in a program do not contain a useful value, and "kill" the register by writing a random value to it.
This transform is only useful for demonstration and testing.
To build this, one must:
## Obtaining and building the cookbook
### Docker
The easiest way to test these transforms is to use Zephyr's docker registry:
```
docker run git.zephyr-software.com:4567/opensrc/irdb-sdk/zipr-dev <args>
```
The recommended value for `<args>` is `help`. Once logged into the docker image, you can `cd irdb-cookbook-examples` and run `scons`.
### Manually
To build these examples by manually, one must:
1. Download the IRDB SDK and set the IRDB\_SDK environment variable appropriately. The IRDB SDK can be found [here](https://git.zephyr-software.com/opensrc/irdb-sdk).
1. Download the IRDB libraries and set IRDB\_LIBS environment variable appropriately. Documentation on obtaining the IRDB libraries is not yet available.
1. Download the IRDB libraries and set IRDB\_LIBS environment variable appropriately. Documentation on obtaining the IRDB libraries is not yet
available, however, they are available in the highly recommended docker image.
1. Install g++ and scons.
1. Type `scons` to perform the build.
To use these transforms, one should:
1. Set the `PSPATH` environment variable to include `$COOKBOOK_HOME/plugins_install`, e.g. in `bash`:
```
export PSPATH=$PSPATH:$COOKBOOK_HOME/plugins_install
```
This step can be achieved by `source set_env_vars` in bash, or the equivilent in your shell. Reviewing `set_env_vars` is recommended for additional education.
1. Install and run `ps_zipr.sh` with the proper step enabled, e.g.:
/path/to/ps_zipr.sh --step stack_stamp /bin/ls ./ls.stamped
## Running the Cookbook Examples
To use these transforms, one should:
1. Install and run `pszr` with the proper step enabled, e.g.:
/path/to/pszr --step stack_stamp /bin/ls ./ls.stamped
```
Documentation on obtaining, building and running ps_zipr is not yet available.
Documentation on obtaining, building and running pszr without docker is not yet available.
#/bin/bash
export PS_PATH=git.zephyr-software.com:4567/opensrc/irdb-sdk/
export PS_TAG=zipr-dev:latest
export DOCKER_PS=${PS_PATH}${PS_TAG}
do_docker_clean()
{
if [[ $CICD_WEEKLY == 1 ]]; then
docker system prune -a -f
fi
}
do_login()
{
# login to gitlab's docker registry as gitlab-user
docker login $PS_PATH -u gitlab-runner -p 84MyuSuDo4kQat4GZ_Zs 2> /dev/null
}
do_build_image()
{
#
# Re-install peasoup without ida.
#
# cd the docker dir so we can move files
cd docker-zipr-dev
# copyo irdb-sdk and cookbook_home (excluding git and testing files, etc)
time rsync -a --exclude='.git' --exclude 'cicd_testing' $PEASOUP_HOME/irdb-sdk .
time rsync -a --exclude='.git' --exclude 'cicd_testing' --exclude '*.exe' --exclude '*.so' $COOKBOOK_HOME/ irdb-cookbook-examples
# if we fail here, continue on so we put "install" back in the right place.
# the test should stop this
ls -lF
docker build -t $DOCKER_PS . || true
}
do_push()
{
if [[ $CICD_WEEKLY == 1 ]]; then
docker push ${DOCKER_PS}
fi
}
do_logout()
{
docker logout $PS_PATH
}
main()
{
if [[ -z $PEASOUP_HOME ]]; then
cd /tmp/peasoup_test
source set_env_vars
fi
set -e
if [[ -z $PEASOUP_HOME ]] ; then
cd $CICD_MODULE_WORK_DIR/cookbook_test
source set_env_vars
cd /tmp/cookbook_tmp
source set_env_vars
cd cicd_testing
fi
do_docker_clean
do_login
do_build_image
do_push
do_logout
}
main "$@"
FROM git.zephyr-software.com:4567/opensrc/irdb-sdk/zipr-bin:latest
RUN sudo apt-get update && sudo apt install scons -y
COPY irdb-sdk /home/zuser/irdb-sdk
COPY irdb-cookbook-examples /home/zuser/irdb-cookbook-examples
RUN sudo chown zuser:zuser -R irdb*
ENV IRDB_LIBS=/opt/ps_zipr/irdb-libs/lib
ENV IRDB_SDK=/home/zuser/irdb-sdk
ENV COOKBOOK_HOME=/home/zuser/irdb-cookbook-examples
ENV PSPATH=/opt/ps_zipr/irdb-libs/plugins_install:/home/zuser/irdb-cookbook-examples/plugins_install
#/bin/bash
print_usage()
{
echo ""
echo " This docker container is made available to the public by Zephyr Software "
echo " (contact: jwd@zephyr-software.com) under the Creative Commons Attribution- "
echo " NonCommercial license (CC BY-NC). "
echo ""
echo " Linux, Gcc, and other relevant open source projects are licensed under their "
echo " own license and are exempt from this license statement. "
echo ""
echo "IRDB toolchain subcommands:"
echo ""
echo " iagree Accept the creative commons non-commercial license and login."
echo " help Print this menu."
echo ""
}
function is_in_activation
{
service "$1" status
activation=$(service "$1" status | grep "Active: activation" )
if [ -z "$activation" ]; then
true;
else
false;
fi
return $?;
}
main()
{
local res=0
export USER=root;
cd /opt/ps_zipr
source ./set_env_vars
cd /home/zuser
subcommand=$1
shift
echo "Arguments are: $@"
case "$subcommand" in
iagree)
echo
echo Welcome to the IRDB toolchain docker image!
echo
echo "Setting up postgres..."
echo
service postgresql start
echo
echo 'The IRDB toolchain is setup and ready to run.'
echo 'You could start your first experiment with:'
echo
echo 'zuser@a3fc1666aaa4:~$ pszr /bin/ls ./ls.p1 -c p1transform'
echo 'Using Zipr backend.'
echo 'Detected ELF shared object.'
echo 'Performing step rida [dependencies=mandatory] ...Done. Successful.'
echo 'Performing step pdb_register [dependencies=mandatory] ...Done. Successful.'
echo 'Performing step fill_in_cfg [dependencies=unknown] ...Done. Successful.'
echo 'Performing step fill_in_indtargs [dependencies=unknown] ...Done. Successful.'
echo 'Performing step fix_calls [dependencies=unknown] ...Done. Successful.'
echo 'Performing step p1transform [dependencies=unknown] ...Done. Successful.'
echo 'Performing step zipr [dependencies=none] ...Done. Successful.'
echo 'zuser@a3fc1666aaa4:~$ ./ls.p1 -l '
echo ' < ls output > '
echo 'zuser@a3fc1666aaa4:~$ readelf -l /bin/ls ./ls.p1 '
echo
bash
res=0
;;
help)
print_usage
exit 0
;;
*)
print_usage
echo
echo "Unknown subcommand: '$subcommand'"
echo
exit 1
;;
esac
if [[ $res != 0 ]]; then
echo
echo Subcommand failed. Logs were printed.
exit 1
fi
exit 0
}
main "$@"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment