mcdruid/compile_lime_vol.sh

## compile_lime_vol.sh
#!/bin/bash

# todo: https://stackoverflow.com/questions/24987542/is-there-a-link-to-github-for-downloading-a-file-in-the-latest-release-of-a-repo
lime_release="1.8"
lime_tarball="https://github.com/504ensicsLabs/LiME/archive/v${lime_release}.tar.gz"
volatility_zip="https://github.com/volatilityfoundation/volatility/archive/master.zip"

# Preflight check
if [ "$(dpkg -l | grep -w 'build-essential\|dwarfdump\| zip' | wc -l)" -lt 3 ]
then
  echo "# At least one dependency seems to be missing - bailing out."
  echo "# required: build-essential dwarfdump zip"
  exit
fi

if [ -z "${1}" ]
then
  echo -e "Usage:\n${0} kernel-version\ne.g. ${0} 4.4.0-1052-aws\ne.g. ${0} \$(uname -r)"
  exit
fi
kernel=${1}

# Validate / sanity check $kernel
valid_kernel () {
  if [ -z "$(echo "$1" | grep -v '\s' | grep '^[0-9]*\.[0-9]*\.[0-9]*-[0-9]*-[a-z]*$')" ]
  then
    return 1
  else
    return 0
  fi
}

if valid_kernel ${kernel}
then
  echo "# ${kernel} looks valid - proceeding..."
else
  echo "# ${kernel} looks invalid - bailing out."
  exit
fi

echo "# Compiling LiME module for kernel ${kernel}"

#sudo apt-get update
headers_package="linux-headers-${kernel}"
if [ -z "$(apt-cache search ${headers_package})" ]
then
  echo "# No apt package found matching ${headers_package} - bailing out."
  exit
fi

#echo "# Installing ${headers_package}"
#sudo apt-get install $headers_package build-essential zip dwarfdump
# todo: pre-flight check to verify we have "build-essential zip dwarfdump"

# make a temp directory to work in
workdir=$(mktemp -d "/tmp/lime-${kernel}-XXXXXX")
cd ${workdir}
echo "# Working in $(pwd)"

echo "# Downloading kernel headers package"
kernel_headers_url="http://archive.ubuntu.com/ubuntu/$(apt-cache show linux-headers-${kernel} | grep Filename | awk '{ print $2 }')"
kernel_headers_deb="$(basename ${kernel_headers_url})"
kernel_headers_dir="kernel_headers_${kernel_headers_deb}"
debs_to_install="${kernel_headers_deb}"

echo "# Checking dependencies"
dependent_package="$(apt-cache show linux-headers-${kernel} | grep Depends | awk '{ print $2 }' | sed 's/,$//')"
if [ -n $(echo ${dependent_package} | grep '^linux-headers-[0-9a-z\.-]*$') ]
then
  echo "# ...also downloading ${dependent_package}"
  dependent_package_url="http://archive.ubuntu.com/ubuntu/$(apt-cache show ${dependent_package} | grep Filename | awk '{ print $2 }')"
  dependent_package_deb="$(basename ${dependent_package_url})"
  wget ${dependent_package_url}
  debs_to_install="${dependent_package_deb} ${debs_to_install}"
fi

wget ${kernel_headers_url}

#echo "# Creating fakechroot for installation of packages"
#fakechroot fakeroot debootstrap xenial ${workdir}/fake_chroot
#chroot_command="fakechroot fakeroot chroot ${workdir}/fake_chroot"
#cp -av ${debs_to_install} ${workdir}/fake_chroot/tmp

echo "# Extracting kernel headers"
for deb in ${debs_to_install}
do
  dpkg -x ${deb} ${kernel_headers_dir}
done


echo "# Downloading LiME and compiling the kernel module"
wget ${lime_tarball}
tar zxvf "v${lime_release}.tar.gz"
cd "LiME-${lime_release}/src"
#make -C ${workdir}/fake_chroot/usr/src/linux-headers-${kernel} M=$(pwd) modules
make -C ${workdir}/${kernel_headers_dir}/usr/src/linux-headers-${kernel} M=$(pwd) modules
mv lime.ko lime-${kernel}.ko
lime_kernel_module="${workdir}/LiME-${lime_release}/src/lime-${kernel}.ko"

# now for Volatilty
cd ${workdir}

echo -e "\n# Downloading System.map for this kernel image"
kernel_image_url="http://archive.ubuntu.com/ubuntu/$(apt-cache show linux-image-${kernel} | grep Filename | awk '{ print $2 }')"
kernel_image="$(basename $kernel_image_url)"
kernel_dir="extracted_kernel_image_${kernel}"

wget ${kernel_image_url}
dpkg -x ${kernel_image} ${kernel_dir}
system_map=$(ls ${kernel_dir}/boot/System*)

echo "# Preparing Volatility profile"
wget ${volatility_zip}
unzip master.zip
cd volatility-master/tools/linux
#make -C /lib/modules/$kernel/build CONFIG_DEBUG_INFO=y M=$(pwd) modules
#make -C ${workdir}/fake_chroot/usr/src/linux-headers-${kernel} CONFIG_DEBUG_INFO=y M=$(pwd) modules
make -C ${workdir}/${kernel_headers_dir}/usr/src/linux-headers-${kernel} CONFIG_DEBUG_INFO=y M=$(pwd) modules
dwarfdump -di module.ko > module.dwarf

cd ${workdir}
vol_profile="ubuntu-${kernel}.zip"
zip -j volatility-master/volatility/plugins/overlays/linux/${vol_profile} volatility-master/tools/linux/module.dwarf ${system_map}

echo -e "\n### Compiled LiME kernel module: ${lime_kernel_module}"
echo -e "### Prepared Volatility profile: ${workdir}/volatility-master/volatility/plugins/overlays/linux/${vol_profile}"
	#!/bin/bash

	# todo: https://stackoverflow.com/questions/24987542/is-there-a-link-to-github-for-downloading-a-file-in-the-latest-release-of-a-repo
	lime_release="1.8"
	lime_tarball="https://github.com/504ensicsLabs/LiME/archive/v${lime_release}.tar.gz"
	volatility_zip="https://github.com/volatilityfoundation/volatility/archive/master.zip"

	# Preflight check
	if [ "$(dpkg -l \| grep -w 'build-essential\\|dwarfdump\\| zip' \| wc -l)" -lt 3 ]
	then
	echo "# At least one dependency seems to be missing - bailing out."
	echo "# required: build-essential dwarfdump zip"
	exit
	fi

	if [ -z "${1}" ]
	then
	echo -e "Usage:\n${0} kernel-version\ne.g. ${0} 4.4.0-1052-aws\ne.g. ${0} \$(uname -r)"
	exit
	fi
	kernel=${1}

	# Validate / sanity check $kernel
	valid_kernel () {
	if [ -z "$(echo "$1" \| grep -v '\s' \| grep '^[0-9]\.[0-9]\.[0-9]-[0-9]-[a-z]*$')" ]
	then
	return 1
	else
	return 0
	fi
	}

	if valid_kernel ${kernel}
	then
	echo "# ${kernel} looks valid - proceeding..."
	else
	echo "# ${kernel} looks invalid - bailing out."
	exit
	fi

	echo "# Compiling LiME module for kernel ${kernel}"

	#sudo apt-get update
	headers_package="linux-headers-${kernel}"
	if [ -z "$(apt-cache search ${headers_package})" ]
	then
	echo "# No apt package found matching ${headers_package} - bailing out."
	exit
	fi

	#echo "# Installing ${headers_package}"
	#sudo apt-get install $headers_package build-essential zip dwarfdump
	# todo: pre-flight check to verify we have "build-essential zip dwarfdump"

	# make a temp directory to work in
	workdir=$(mktemp -d "/tmp/lime-${kernel}-XXXXXX")
	cd ${workdir}
	echo "# Working in $(pwd)"

	echo "# Downloading kernel headers package"
	kernel_headers_url="http://archive.ubuntu.com/ubuntu/$(apt-cache show linux-headers-${kernel} \| grep Filename \| awk '{ print $2 }')"
	kernel_headers_deb="$(basename ${kernel_headers_url})"
	kernel_headers_dir="kernel_headers_${kernel_headers_deb}"
	debs_to_install="${kernel_headers_deb}"

	echo "# Checking dependencies"
	dependent_package="$(apt-cache show linux-headers-${kernel} \| grep Depends \| awk '{ print $2 }' \| sed 's/,$//')"
	if [ -n $(echo ${dependent_package} \| grep '^linux-headers-[0-9a-z\.-]*$') ]
	then
	echo "# ...also downloading ${dependent_package}"
	dependent_package_url="http://archive.ubuntu.com/ubuntu/$(apt-cache show ${dependent_package} \| grep Filename \| awk '{ print $2 }')"
	dependent_package_deb="$(basename ${dependent_package_url})"
	wget ${dependent_package_url}
	debs_to_install="${dependent_package_deb} ${debs_to_install}"
	fi

	wget ${kernel_headers_url}

	#echo "# Creating fakechroot for installation of packages"
	#fakechroot fakeroot debootstrap xenial ${workdir}/fake_chroot
	#chroot_command="fakechroot fakeroot chroot ${workdir}/fake_chroot"
	#cp -av ${debs_to_install} ${workdir}/fake_chroot/tmp

	echo "# Extracting kernel headers"
	for deb in ${debs_to_install}
	do
	dpkg -x ${deb} ${kernel_headers_dir}
	done


	echo "# Downloading LiME and compiling the kernel module"
	wget ${lime_tarball}
	tar zxvf "v${lime_release}.tar.gz"
	cd "LiME-${lime_release}/src"
	#make -C ${workdir}/fake_chroot/usr/src/linux-headers-${kernel} M=$(pwd) modules
	make -C ${workdir}/${kernel_headers_dir}/usr/src/linux-headers-${kernel} M=$(pwd) modules
	mv lime.ko lime-${kernel}.ko
	lime_kernel_module="${workdir}/LiME-${lime_release}/src/lime-${kernel}.ko"

	# now for Volatilty
	cd ${workdir}

	echo -e "\n# Downloading System.map for this kernel image"
	kernel_image_url="http://archive.ubuntu.com/ubuntu/$(apt-cache show linux-image-${kernel} \| grep Filename \| awk '{ print $2 }')"
	kernel_image="$(basename $kernel_image_url)"
	kernel_dir="extracted_kernel_image_${kernel}"

	wget ${kernel_image_url}
	dpkg -x ${kernel_image} ${kernel_dir}
	system_map=$(ls ${kernel_dir}/boot/System*)

	echo "# Preparing Volatility profile"
	wget ${volatility_zip}
	unzip master.zip
	cd volatility-master/tools/linux
	#make -C /lib/modules/$kernel/build CONFIG_DEBUG_INFO=y M=$(pwd) modules
	#make -C ${workdir}/fake_chroot/usr/src/linux-headers-${kernel} CONFIG_DEBUG_INFO=y M=$(pwd) modules
	make -C ${workdir}/${kernel_headers_dir}/usr/src/linux-headers-${kernel} CONFIG_DEBUG_INFO=y M=$(pwd) modules
	dwarfdump -di module.ko > module.dwarf

	cd ${workdir}
	vol_profile="ubuntu-${kernel}.zip"
	zip -j volatility-master/volatility/plugins/overlays/linux/${vol_profile} volatility-master/tools/linux/module.dwarf ${system_map}

	echo -e "\n### Compiled LiME kernel module: ${lime_kernel_module}"
	echo -e "### Prepared Volatility profile: ${workdir}/volatility-master/volatility/plugins/overlays/linux/${vol_profile}"