Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compiling for PE and IMPHASH - Openssl #11

Open
wizardlevel9 opened this issue Oct 11, 2020 · 4 comments
Open

Compiling for PE and IMPHASH - Openssl #11

wizardlevel9 opened this issue Oct 11, 2020 · 4 comments

Comments

@wizardlevel9
Copy link

wizardlevel9 commented Oct 11, 2020
edited
Loading

Linux Build (Debian 9, Debian 10 and Ubuntu 20.04)
When following the instructions to use ./configure --without-crypto
Result = Not being able to use rules with HASH and/or IMPHASH.

I have sucessfully compiled yara with cryto enabled but when i try to compile kraken, I get multiple errors, which i belive are associated with linking to openssl libraries:

/usr/bin/ld: /usr/local/lib/libyara.a(pe.o): in function imphash': pe.c:(.text+0x11ee): undefined reference to MD5_Init'

Is there a way to resolve this, so i can use PE and IMHASH yara rules?

NOTE: I'm also using yara 4.0.1. When I use the same signatures on my MacOS (using the instructions you provided), it builds successfully and I can use rules with HASH and IMPHASH.

When I follow the instructions you provided but use rules with PE and IMPASH I get this when I try to compile using:
BACKEND=test.com RULES=signature-base/yara/ make linux

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x4b2b42]

goroutine 1 [running]:
github.com/hillu/go-yara/v4.(*Rules).Save.func2(0x0, 0xf368c0, 0xf368c0)
/root/go/pkg/mod/github.com/hillu/go-yara/[email protected]/rules.go:184 +0x22
github.com/hillu/go-yara/v4.(*Rules).Save(0x0, 0x4e234d, 0x5, 0x0, 0x0)
/root/go/pkg/mod/github.com/hillu/go-yara/[email protected]/rules.go:184 +0x8c
main.main()
/root/kraken/compiler/main.go:78 +0x16f
make: *** [Makefile:38: rules-compiler] Error 2

It might also be that the linux build does not include hash as a module during "make", whilst in the other builds (MacOS and Windows), hash is made as a module.

Any help you can provide to help me get this working on Linux would be greatly appreciated.

Thanks in advance.
@hillu
Copy link
Contributor

hillu commented Nov 18, 2020

On Windows, getting rid of --without-crypto should do the trick because YARA can use Windows CryptoAPI for the hash functions. (The only thing that is going to be missing in that case are the Authenticode-related signature functions.)

@N0body007
Copy link

On Windows, getting rid of --without-crypto should do the trick because YARA can use Windows CryptoAPI for the hash functions. (The only thing that is going to be missing in that case are the Authenticode-related signature functions.)

Hello, I met the same problem.When I built on Ubuntu 20.04, I got the errors like followings. I also followed the instructions to use ./configure --without-crypto. Could you give me some advice to fix this problem? Thanks in advance.
Errors:
/usr/local/go/pkg/tool/linux_amd64/link: running gcc failed: exit status 1
/usr/bin/ld: /usr/local/lib/libyara.a(pe.o): in function imphash': pe.c:(.text+0x11ee): undefined reference to MD5_Init'
/usr/bin/ld: pe.c:(.text+0x135a): undefined reference to MD5_Update' /usr/bin/ld: pe.c:(.text+0x13b2): undefined reference to MD5_Final'
/usr/bin/ld: /usr/local/lib/libyara.a(pe.o): in function _parse_pkcs7': pe.c:(.text+0x2c6c): undefined reference to EVP_sha1'
/usr/bin/ld: pe.c:(.text+0x2cac): undefined reference to PKCS7_get0_signers' /usr/bin/ld: pe.c:(.text+0x2ce6): undefined reference to OPENSSL_sk_num'
/usr/bin/ld: pe.c:(.text+0x2d0c): undefined reference to OPENSSL_sk_value' ... /usr/bin/ld: /usr/local/lib/libyara.a(hash.o): in function data_md5':
hash.c:(.text+0x115c): undefined reference to MD5_Init' /usr/bin/ld: hash.c:(.text+0x1329): undefined reference to MD5_Update'
/usr/bin/ld: hash.c:(.text+0x13ee): undefined reference to MD5_Final' /usr/bin/ld: /usr/local/lib/libyara.a(hash.o): in function data_sha1':
hash.c:(.text+0x1594): undefined reference to SHA1_Init' /usr/bin/ld: hash.c:(.text+0x1757): undefined reference to SHA1_Update'
/usr/bin/ld: hash.c:(.text+0x180e): undefined reference to `SHA1_Final'
collect2: error: ld returned 1 exit status

@hillu
Copy link
Contributor

hillu commented Jan 26, 2022

@Jacob-Dong I cannot tell you anything other than to remove the --without-crypto switch. And you'll have to rebuild YARA, of course. (The Makefile does not take care of that automatically.)

@N0body007
Copy link

I cannot tell you anything other than to remove the --without-crypto switch. And you'll have to rebuild YARA, of course. (The Makefile does not take care of that automatically.

Thank you for your reply.I have fixed this problem.The reason why I got this error is that I didn't get the envionment variables right.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hillu @N0body007 @wizardlevel9