Modify build_unicorn_support.sh to not require root for most build st…

…eps. Now uses a git submodule, rather than wget, to download and verify unicorn integrity. Root is not required for building. sudo is used to install unicorn binaries.
Battelle · Jan 21, 2018 · fef9bad · fef9bad
1 parent 0ae301f
commit fef9bad
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 46 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "unicorn_mode/unicorn-1.0.1"]
+	path = unicorn_mode/unicorn-1.0.1
+	url = https://github.com/unicorn-engine/unicorn.git
diff --git a/unicorn_mode/.gitignore b/unicorn_mode/.gitignore
@@ -0,0 +1 @@
+env
diff --git a/unicorn_mode/README.unicorn b/unicorn_mode/README.unicorn
@@ -30,13 +30,17 @@ First, build afl as usual. This is pretty simple:
   $ make
 
 Once that completes successfully you need to build and add in the Unicorn Mode 
-features:
+features. The installation process will install Python modules. The first
+installation step will create and load a Python 2 virtualenv so that these
+do not have to be written, as root, to your filesystem.
 
   $ cd unicorn_mode
+  $ virtualenv -p python2 env
+  $ source env/bin/activate
   $ ./build_unicorn_support.sh
 
 NOTE: This script downloads the most recent Unicorn Engine stable release 
-from the Unicorn github page. If you are offline, you'll need to hack up 
+from the Unicorn github repo. If you are offline, you'll need to hack up 
 this script a little bit and supply your own copy of Unicorn's latest stable 
 release. It's not very hard, just check out the beginning of the 
 build_unicorn_support.sh script and adjust as necessary.
@@ -107,4 +111,4 @@ installation with the patched afl-unicorn version.
 
 Refer to the unicorn_mode/samples/arm_example/arm_tester.c for an example
 of how to do this properly! If you don't get this right, AFL will not 
-load any mutated inputs and your fuzzing will be useless!
+load any mutated inputs and your fuzzing will be useless!
diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh
@@ -27,19 +27,16 @@
 # You must make sure that Unicorn Engine is not already installed before
 # running this script. If it is, please uninstall it first.
 
-UNICORN_URL="https://github.com/unicorn-engine/unicorn/archive/1.0.1.tar.gz"
-UNICORN_SHA384="489f2e8d18b6be01f2975f5128c290ca0c6aa3107ac317b9b549786a0946978469683e8fa8b6dfc502f6f71242279b47"
-
 echo "================================================="
 echo "Unicorn-AFL build script"
 echo "================================================="
 echo
 
 echo "[*] Performing basic sanity checks..."
 
-if [ "$(id -u)" != "0" ]; then
+if [ "$(id -u)" = "0" ]; then
 
-   echo "[-] Error: This script must be run as root/sudo" 
+   echo "[-] Error: Do not run this script as root/sudo"
    exit 1
 
 fi
@@ -51,7 +48,7 @@ if [ ! "`uname -s`" = "Linux" ]; then
 
 fi
 
-ldconfig -p | grep libunicorn > /dev/null;
+/sbin/ldconfig -p | grep libunicorn > /dev/null;
 if [ $? -eq 0 ]; then
 
   echo -n "[?] Unicorn Engine appears to already be installed on the system. Continuing will overwrite the existing installation. Continue (y/n)?"
@@ -108,45 +105,16 @@ fi
 
 echo "[+] All checks passed!"
 
-ARCHIVE="`basename -- "$UNICORN_URL"`"
-
-CKSUM=`sha384sum -- "$ARCHIVE" 2>/dev/null | cut -d' ' -f1`
-
-if [ ! "$CKSUM" = "$UNICORN_SHA384" ]; then
-
-  echo "[*] Downloading Unicorn v1.0.1 from the web..."
-  rm -f "$ARCHIVE"
-  sudo -u ${USERNAME} wget -O "$ARCHIVE" -- "$UNICORN_URL" || exit 1
-
-  CKSUM=`sha384sum -- "$ARCHIVE" 2>/dev/null | cut -d' ' -f1`
-
-fi
-
-if [ "$CKSUM" = "$UNICORN_SHA384" ]; then
-
-  echo "[+] Cryptographic signature on $ARCHIVE checks out."
-
-else
-
-  echo "[-] Error: signature mismatch on $ARCHIVE (perhaps download error?)."
-  exit 1
-
-fi
-
-echo "[*] Uncompressing archive (this will take a while)..."
-
-rm -rf "unicorn-1.0.1" || exit 1
-sudo -u ${USERNAME} tar xzf "$ARCHIVE" || exit 1
-
-echo "[+] Unpacking successful."
+echo "[*] Updating git submodule for unicorn..."
 
-rm -rf "$ARCHIVE" || exit 1
+git submodule init
+git submodule update
 
 echo "[*] Applying patches..."
 
-sudo -u ${USERNAME} patch -p0 <patches/config.diff || exit 1
-sudo -u ${USERNAME} patch -p0 <patches/cpu-exec.diff || exit 1
-sudo -u ${USERNAME} patch -p0 <patches/translate-all.diff || exit 1
+patch -p0 <patches/config.diff || exit 1
+patch -p0 <patches/cpu-exec.diff || exit 1
+patch -p0 <patches/translate-all.diff || exit 1
 
 echo "[+] Patching done."
 
@@ -161,13 +129,13 @@ echo "[+] Configuration complete."
 
 echo "[*] Attempting to build Unicorn (fingers crossed!)..."
 
-sudo -u ${USERNAME} make || exit 1
+make || exit 1
 
 echo "[+] Build process successful!"
 
 echo "[*] Installing patched unicorn binaries to local system..."
 
-make install || exit 1
+sudo make install || exit 1
 
 echo "[+] Unicorn installed successfully."
 

diff --git a/unicorn_mode/unicorn-1.0.1 b/unicorn_mode/unicorn-1.0.1