Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check SHA1 hash of windows 10 iso before redownloading #171

Open
Heasleys opened this issue Sep 25, 2024 · 2 comments
Open

Check SHA1 hash of windows 10 iso before redownloading #171

Heasleys opened this issue Sep 25, 2024 · 2 comments
Labels
improvement Existing functionality that needs improvements

Comments

@Heasleys
Copy link

Feature

_Is your feature request related to a problem? Please describe.
When running the quickstart bash file, I encountered an issue where the quickstart failed after downloading the iso file. There was an issue with virtualization, so the bash file failed. When re-running the quickstart file, when it got to the section where it downloads the win10 iso, it started downloading the iso again and overwrote the previously downloaded iso. My download speed is quite slow at times, so downloading the iso takes nearly an hour.

Proposed solution

_Describe the solution you'd like.
My proposed solution is to check the sha1 hash of the previously downloaded iso against the known sha1 provided in the forked cert-ee/vmcloak (ce8005a659e8df7fe9b080352cb1c313c3e9adce).

_Describe alternatives you've considered
There may be a time when other iso's are available to download for Cuckoo3. I have modified the quickstart for my use case to have the hardcoded sha1 hash, but a more modular solution may be needed later.

Additional context

_Additional context
These are the lines of code I have added for the quickstart file I modified.

Line 14: Add variable for win10 sha1 hash.

win10_sha1="ce8005a659e8df7fe9b080352cb1c313c3e9adce"

Lines 357 - 368: Check if the win10x64.iso file exists. If it does not exist, download the image. If it does exist, check the calculated hash against known hash. If they match, skip download. If they do not match, download and overwrite the image.

	if [ ! -f "/home/$username/win10x64.iso" ]; then
		run_as_cuckoo "$username" "$(download_images_for "$username")"
	else
		echo "/home/$username/win10x64.iso file exists. Checking sha1 hash..."
		if [[ $(sha1sum "/home/$username/win10x64.iso" | awk '{print $1}') == "$win10_sha1" ]]; then
			echo "hash matches, skipping download"
		else
			echo "hash does not match, downloading iso"
			run_as_cuckoo "$username" "$(download_images_for "$username")"
		fi
	fi
@cert-ee-raidar cert-ee-raidar added the improvement Existing functionality that needs improvements label Sep 26, 2024
@cert-ee-raidar
Copy link
Contributor

cert-ee-raidar commented Sep 26, 2024
edited
Loading

@Heasleys,

Thank you for the proposal.

This issue will be resolved once we begin using Ansible instead of raw bash.

We hope to complete this in November.

In the meantime, you can use VMCloak to download ISO files outside of the quickstart script.

Check out Downloading an Image from our documentation.

@cert-ee-raidar
Copy link
Contributor

cert-ee-raidar commented Sep 26, 2024
edited
Loading

But I will add it to VMCloak as an improvement.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
improvement Existing functionality that needs improvements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Heasleys @cert-ee-raidar