The operation-mango-public from sefcom

Can you provide the list of CVEs found by operation mango

Hello author:
Can you provide the list of CVEs found by operation mango? Just in the form of CVE-XXXX-XXXX

Mango fails to start with "Unable to find a loader backend" error

While trying to run Mango against a firmware image (Netgear R7000 router) it fails during startup with the following error:

root@28662db50d47:/operation-mango# mango /analysis/R7000-V1.0.11.216_10.2.122.chk --results /analysis/R7000 --concise
Traceback (most recent call last):
  File "/usr/local/bin/mango", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/operation-mango/package/argument_resolver/analysis/mango.py", line 767, in main
    analyzer = MangoAnalysis(**args.__dict__)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/operation-mango/package/argument_resolver/analysis/mango.py", line 41, in __init__
    super().__init__(*args, **kwargs)
  File "/operation-mango/package/argument_resolver/analysis/base.py", line 150, in __init__
    self.project = self.init_analysis(
                   ^^^^^^^^^^^^^^^^^^^
  File "/operation-mango/package/argument_resolver/analysis/base.py", line 191, in init_analysis
    project = angr.Project(self.bin_path, auto_load_libs=False)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/angr/project.py", line 147, in __init__
    self.loader = cle.Loader(self.filename, concrete_target=concrete_target, **load_options)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/cle/loader.py", line 188, in __init__
    self.initial_load_objects = self._internal_load(
                                ^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/cle/loader.py", line 782, in _internal_load
    obj = self._load_object_isolated(main_spec)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/cle/loader.py", line 978, in _load_object_isolated
    raise CLECompatibilityError(
cle.errors.CLECompatibilityError: Unable to find a loader backend for /analysis/R7000-V1.0.11.216_10.2.122.chk.  Perhaps try the 'blob' loader?

Your paper mentions "Mango takes a firmware image as input, uses exist�ing tools (such as binwalk [2]) to unpack the firmware sample,
and finds all ELF executables" so I am assuming I don't need to unpack the image first, correct? The firmware image is fairly standard:

emba@emba:~$ binwalk R7000-V1.0.11.216_10.2.122.chk

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
58            0x3A            TRX firmware header, little endian, image size: 30666752 bytes, CRC32: 0xF6BF3E6A, flags: 0x0, version: 1, header size: 28 bytes, loader offset: 0x1C, linux kernel offset: 0x21E5A8, rootfs offset: 0x0
86            0x56            LZMA compressed data, properties: 0x5D, dictionary size: 65536 bytes, uncompressed size: 5436480 bytes
2221538       0x21E5E2        Squashfs filesystem, little endian, version 4.0, compression:xz, size: 28440547 bytes, 1868 inodes, blocksize: 131072 bytes, created: 2024-01-04 03:28:17

emba@emba:~$

I used the Docker image method from your documentation, I didn't build it by hand.

Thanks in advance!

sefcom / operation-mango-public Goto Github PK

operation-mango-public's People

Contributors

Stargazers

Watchers

Forkers

operation-mango-public's Issues

Can you provide the list of CVEs found by operation mango

Mango fails to start with "Unable to find a loader backend" error

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent