From 8e4af70029a4d017a425cf0ea8e056f682cc9425 Mon Sep 17 00:00:00 2001
From: Kyle Zeng <zengyhkyle@gmail.com>
Date: Mon, 22 Apr 2024 18:19:50 -0700
Subject: [PATCH] make it easier to setup a debug environment with some docker
 magic

---
 Dockerfile   |  9 +++++----
 README.md    | 25 ++++++++-----------------
 glibc_run.sh | 39 ++++++++++++++++++++++++++++++++++++++-
 3 files changed, 51 insertions(+), 22 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 834c4f8..f00dbf0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,9 @@
-# this is the dockerfile we use for testing techniques used in how2heap
-from ubuntu:24.04
+from ubuntu:20.04
 
-run apt-get update && apt-get -y install binutils git make vim gcc
+run apt-get update && apt-get install -y binutils git make vim gcc patchelf python-is-python3 python3-pip
+run pip3 install requests
 run git clone --depth 1 https://github.com/shellphish/how2heap /root/how2heap
+run git config --global --add safe.directory "*"
 
 workdir /root/how2heap
-run make
+run bash
diff --git a/README.md b/README.md
index afb0bf6..64faa41 100644
--- a/README.md
+++ b/README.md
@@ -64,31 +64,22 @@ cd how2heap
 make clean all
 ./glibc_run.sh 2.30 ./malloc_playground -u -r
 ```
+Notice that it does not work if you compile the target binary (`malloc_playground`) using glibc >= 2.34 and try to run it on glibc < 2.34 because of glibc's symbol versioning. For details, please refer to [this](https://github.com/shellphish/how2heap/issues/169).
 
 ## Complete Setup
 
-This creates a Docker-based environment to get started with `pwndbg` and `pwntools`.
+This uses Docker-based approach to prepare the needed environment
 
 ```shell
-## on your host
 git clone https://github.com/shellphish/how2heap
 cd how2heap
-git clone https://github.com/pwndbg/pwndbg
-docker build -t how2heap-pwndbg pwndbg 
-docker run -it --rm --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -v $(pwd):/io:Z --name how2heap how2heap-pwndbg
-
-## inside the docker container
-apt update
-apt -y install patchelf zstd python-is-python3 wget
-python -m pip install pwntools
-export PATH="$PATH:$(python -c 'import site; print(site.getsitepackages()[0])')/bin"
-cd /io
-git config --global --add safe.directory "*"
-make clean all
-./glibc_run.sh 2.30 ./malloc_playground -u -r
 
-## debugging
-# check modified RUNPATH and interpreter
+# the next command will prepare the target binary so it runs with
+# the expected libc version
+./glibc_run.sh 2.30 ./malloc_playground -d -p
+
+# now you can play with the binary with glibc-2.30
+# and even debug it with the correct symbols
 readelf -d -W malloc_playground | grep RUNPATH # or use checksec
 readelf -l -W malloc_playground | grep interpreter
 gdb -q -ex "start" ./malloc_playground
diff --git a/glibc_run.sh b/glibc_run.sh
index 0a0ba3e..fe59994 100755
--- a/glibc_run.sh
+++ b/glibc_run.sh
@@ -9,17 +9,20 @@ GLIBC_VERSION=''
 TARGET=''
 UPDATE=''
 RELOAD=''
+DOCKER=''
 GDB=''
 RADARE2=''
 NOT_EXECUTION=''
 FORCE_TARGET_INTERPRETER=''
+HOW2HEAP_PATH=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 
 # Handle arguments
 function show_help {
-    echo "Usage: $0 <version> <target> [-h] [-i686] [-u] [-r] [-gdb | -r2 | -p]"
+    echo "Usage: $0 <version> <target> [-h] [-i686] [-u] [-r] [-d] [-gdb | -r2 | -p]"
     echo "-i686 - use x32 bits libc"
     echo "-u - update libc list in glibc-all-in-one"
     echo "-r - download libc in glibc-all-in-one"
+    echo "-d - build the debugging environment in docker"
     echo "-gdb - start target in GDB"
     echo "-r2 - start target in radare2"
     echo "-p - just set interpreter and rpath in target without execution"
@@ -79,6 +82,32 @@ function set_rpath (){
     fi
 }
 
+function prep_in_docker () {
+	# choose the correct base ubuntu container
+	if (( $(echo "$1 > 2.33" |bc -l) ));
+	then
+		UBUNTU_VERSION="22.04"
+	else
+		UBUNTU_VERSION="20.04"
+	fi
+
+	# make sure we have access to docker
+	docker --version >/dev/null 2>&1
+	if test $? -ne 0;
+	then
+		echo "please make sure docker is installed and you have access to it first"
+		exit -1
+	fi
+
+	# build the docker image
+	sed -i "1s/.*/from ubuntu:$UBUNTU_VERSION/" Dockerfile
+	echo "building the how2heap_docker image!"
+	docker build -t how2heap_docker .
+
+	docker run --rm -it -v $HOW2HEAP_PATH:/root/how2heap how2heap_docker make clean >/dev/null
+	docker run --rm -it -v $HOW2HEAP_PATH:/root/how2heap how2heap_docker make >/dev/null
+}
+
 GLIBC_VERSION=$1
 GLIBC_MAJOR=$(echo $GLIBC_VERSION | cut -d'.' -f1)
 GLIBC_MINOR=$(echo $GLIBC_VERSION | cut -d'.' -f2)
@@ -112,6 +141,9 @@ while :; do
         -r)
             RELOAD='X'
         ;;
+        -d)
+            DOCKER='X'
+        ;;
         -gdb)
             GDB='X'
         ;;
@@ -169,6 +201,11 @@ if [[ $GLIBC_MAJOR != $SYSTEM_GLIBC_MAJOR ]] || [[ $GLIBC_MINOR != $SYSTEM_GLIBC
     set_rpath
 fi
 
+if [ "$DOCKER" == 'X' ];
+then
+	prep_in_docker $GLIBC_VERSION
+fi
+
 if [ "$GDB" == 'X' ];
 then
     if [[ $GLIBC_VERSION != $SYSTEM_GLIBC_VERSION ]]; then