[panda-users] Issues with tainting

Simone Mazzoni simone.mazzoni13 at gmail.com
Mon Mar 2 06:24:31 EST 2015 

Hello Federico,

I’m not sure if this is the problem, but try to execute panda writing the panda plugins all after one -panda command

like this —> -panda "stringsearch;taint:tainted_instructions=1;tstringsearch”

Do not forget the quotes. Every plugin should be separated by a semicolon as I show you.
Try this, because my guess is that panda was using only the first plugin.

Cheers,
- Simone
-----------------------------------------------------
Simone Mazzoni
Cell: 340 5210441
E-Mail: simone.mazzoni13 at gmail.com
skype: mazzoni.s

> Il giorno 02/mar/2015, alle ore 10:50, Federico fox Scrinzi <fox91 at anche.no> ha scritto:
> 
> Hello,
> I am trying to use the taint plugin of PANDA to find which part of a 
> program is processing and encrypting my input.
> I did some tests using a DES [1] and a SHA1 [2] implementation from 
> Github on a Debian VM. I basically recorded the encryption or the 
> hashing of two strings and then used the tstringsearch plugin to taint 
> those strings and locate the instructions that processed it.
> 
> I used the following command:
> 
> ~/git/panda/qemu/x86_64-softmmu/qemu-system-x86_64 -hda 
> debian_squeeze_amd64_standard_panda.qcow2 -m 1024 -net nic,model=e1000 
> -net user -redir tcp:2222::22 -replay <REPLAYNAME> -display none -panda 
> callstack_instr -panda stringsearch -panda taint:tainted_instructions=1 
> -panda tstringsearch
> 
> I tried both with taint and taint2 but the result does not change: in 
> all my tests I get string matches for my input string but no messages 
> about tainting or tainted instructions. Also no output of tainted 
> instructions. Because of this issue 
> https://github.com/moyix/panda/issues/49 I also tried older version of 
> PANDA as well as the current one. I also recorded multiple executions 
> but the result is the same.
> 
> If you would like to reproduce my experiment I uploaded one of my traces 
> about DES encryption on rrshare (http://www.rrshare.org/detail/48/). I 
> would expect that the tstringsearch plugin finds the instructions that 
> constitute the encryption process when I feed the plaintext or the key 
> to it.
> 
> 
> Am I missing something? Any help is appreciated.
> Thank you very much!
> 
> 
> Cheers,
> Federico
> 
> 
> [1] https://github.com/tarequeh/DES
> [2] https://github.com/B-Con/crypto-algorithms
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/mailman/private/panda-users/attachments/20150302/a5fc7f6d/attachment.htm

More information about the panda-users mailing list