[panda-users] assertion failure during replay

Qian, Feng fengqian at indiana.edu
Fri Jun 26 16:15:50 EDT 2015 

Thank you for the reply. This morning I realized this issue and successfully reproduced your tutorial using Ubuntu 14.04 as the guest OS.

There is one remaining issue though: your findkey plugin consumes a huge amount of memory (one extreme case shown below):

test123:     9056998 (  1.01%) instrs.  198.93 sec.  1.56 GB ram.
test123:    18041970 (  2.00%) instrs.  423.93 sec.  2.50 GB ram.
test123:    27291006 (  3.03%) instrs.  604.80 sec.  3.25 GB ram.
test123:    36177664 (  4.02%) instrs.  816.47 sec.  4.13 GB ram.
test123:    45052836 (  5.00%) instrs. 1043.95 sec.  5.07 GB ram.
test123:    54434682 (  6.04%) instrs. 1250.45 sec.  5.94 GB ram.
test123:    63058515 (  7.00%) instrs. 1418.21 sec.  6.63 GB ram.
test123:    72069721 (  8.00%) instrs. 1609.64 sec.  7.40 GB ram.

I haven't yet dig into the plugin's source code, but is this the expected behavior or some kind of bug? 
Intuitively, I can understand why it is very slow (due to the expensive crypto operations) but I cannot understand why it needs so much memory.

Thanks,
Feng

________________________________________
From: mooyix at gmail.com [mooyix at gmail.com] on behalf of Brendan Dolan-Gavitt [brendandg at gatech.edu]
Sent: Friday, June 26, 2015 4:06 PM
To: Qian, Feng
Cc: panda-users at mit.edu
Subject: Re: [panda-users] assertion failure during replay

Hi,

Unfortunately recording under kvm is not supported. The mechanisms
used by KVM are quite different from under TCG, so a significant
amount of work would be required to implement this. Just to name one
tricky thing, our replay mechanism depends on knowing the precise
instruction count for each interrupt, DMA, etc, which is much harder
to achieve under KVM.

One thing you can do is get the virtual machine set up under KVM, and
then reboot with TCG to make the actual recording. It's not perfect,
but so far this has been sufficient for our purposes.

-Brendan

On Thu, Jun 25, 2015 at 3:52 PM, Qian, Feng <fengqian at indiana.edu> wrote:
> Hello,
>
> I am a new user to Panda, and I am reproducing the SSL/TLS key extraction
> experiment by following this tutorial:
> https://github.com/moyix/panda/blob/master/docs/panda_ssltut.md
>
> I'm using Ubuntu 14.10 as the guest OS in QEMU. In the key searching phase,
> I got an assertion failure in kvm.c (see below). My recording was
> successfully made with KVM turned on (otherwise it was unacceptably slow).
>
> Thanks for help,
> Feng
>
>
>
>
> root at fengqian-MacBookPro:/home/fengqian/qemu# cat ./replay.sh
> #!/bin/bash
>
> echo "begin_replay ssltut" | ./qemu -m 2048 -hda ubuntu.img -net user -net
> nic,model=e1000 -monitor stdio -vnc :0 -panda-plugin
> /home/fengqian/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_callstack_instr.so
> -panda-plugin
> /home/fengqian/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_keyfind.so
> -enable-kvm
>
> root at fengqian-MacBookPro:/home/fengqian/qemu# ./replay.sh
> adding
> /home/fengqian/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_callstack_instr.so
> to panda_plugin_files 0
> adding
> /home/fengqian/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_keyfind.so
> to panda_plugin_files 1
> loading
> /home/fengqian/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_callstack_instr.so
> Initializing plugin callstack_instr
> Success
> loading
> /home/fengqian/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_keyfind.so
> Initializing plugin keyfind
> Couldn't open keyfind_candidates.txt; no key tap candidates defined.
> We will proceed, but it may be SLOW.
> Unknown key: Ciphersuite
> Unknown key: Session-ID
> Success
> QEMU 1.0,1 monitor - type 'help' for more information
> (qemu) begin_replay ssltut
> (qemu) loading snapshot
> qemu: /home/fengqian/panda-master/qemu/target-i386/kvm.c:1421:
> kvm_arch_put_registers: Assertion `cpu_is_stopped(env) ||
> qemu_cpu_is_self(env)' failed.
> ./replay.sh: line 3:  6326 Done                    echo "begin_replay
> ssltut"
>       6327 Aborted                 (core dumped) | ./qemu -m 2048 -hda
> ubuntu.img -net user -net nic,model=e1000 -monitor stdio -vnc :0
> -panda-plugin
> /home/fengqian/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_callstack_instr.so
> -panda-plugin
> /home/fengqian/panda-master/qemu/x86_64-softmmu/panda_plugins/panda_keyfind.so
> -enable-kvm
>
>
>
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users
>

More information about the panda-users mailing list