Somebody can help me manage an old research project

aleffdocker · November 14, 2022, 8:44am

Hello everybody, I’m trying to run the docker image of an old research project shared on Github at this link [1].
As you can see the project is dated at 3 years ago so I’m not sure that it works actually but I should use it with the intent to implement a simulation of an another one research project named “Extract Me If You Can: Abusing PDF Parser in Malware Detectors” as you can see in the following sub section [2].

For now i have download the repository (cloning it) and in the sub directory DECAF/docker i have run docker volume create decafvolume and then docker build -t decaf ./decaf/. For the following command Copy the guest image to docker volume decafvolume I don’t know what i should to do, so if somebody know what it mean can explain me?

However I don’t know if the previous commands was completes well, exist a method that permit me to check it?

Thanks for the help

[1] DECAF/docker at master · decaf-project/DECAF · GitHub
[2] GitHub - decaf-project/DECAF: DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.

rimelek · November 14, 2022, 9:49pm

I am not sure I understand it either. It probably means you should copy a qemu image to a volume, but first you need to start container which mounts that volume and you can use docker cp to copy the qemu image into the container. If the destination path is under mount point of the volume, then you copied it to the volume.

Otherwise you would need to copy to the source folder on the host, which is not recommended and you could not always do it.

The other interesting thing is that the volume is mounted to the /app folder in the container, which I guess contains the app itself, but at least some libraries.

I didn’t read everything and I don’t know anything about decaf, so it is possible that this is the reason why I don’t understand, but I feel it would be better if you could open an issue on GitHub to ask the author to clarify that part of the readme. For the 2. item in the list after that “Copy the guest image” line is “Start the docker”.

Docker is already running. You start the container.

update:

And the first sentence is

We use docker volume to share files between docker images and the host system.

In fact, they use it to share files between the host and docker “containers”. Not docker images.