#remnux #Tips #Tools Upgrading VOLATILITY to latest version

1. Linux remnux 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:50:42 UTC 2011 i686 i686 i386 GNU/Linux
2. Sat Apr 28 16:02:28 JST 2012
3.  
4. # This is my private note for upgrading Remnux3.0's Volatile.
5. # The curent installed volatile package was the ubuntu package.
6. # If you want to try the latest version of volatile, you should
7. # remove ubuntu package of volatile & install latest one using svn
8. # I upgraded my colatility on the shinkansen train on the way home
9. # and working well so I pasted the history commands here.
10. #
11. # Be free to take a look for your reference too, hope will
12. # be helpful. - unixfreaxjp -
13.  
14. # You should upgrade manually the pycrypto, distorm3 &
15. # yara (if necessary)using the last version
16. # of course you need to use the latest version of python.
17.  
18. ////pycrypto:
19. apt-get install subversion pcregrep libpcre++-dev python-dev -y
20. wget http://gitweb.pycrypto.org/\?p=crypto/pycrypto-2.0.x.git\;a=snapshot\;h=9e9641d0a9b88f09683b5f26d3b99c4a2e148da5\;sf=tgz -O pycrypto.tgz
21. tar -xzvf pycrypto.tgz
22. cd pycrypto-2.0.x-xxxx/
23. python setup.py build
24. python setup.py build install
25.  
26. ////distorm3
27. wget http://distorm.googlecode.com/files/distorm3-1.0.zip
28. unzip distorm3-1.0.zip
29. cd distorm3-1.0/
30. python setup.py build
31. python setup.py build install
32.  
33. ////Yara 1.4 and Yara-Python 1.4a (ps: the ubuntu package of Yara is Newer/1.6)
34. //// just incase I wrote the steps w/commented
35. # wget http://yara-project.googlecode.com/files/yara-python-1.4a.tar.gz
36. # tar -xvzf yara-python-1.4a.tar.gz
37. # cd yara-python-1.4a
38. # python setup.py build
39. # python setup.py build install
40.  
41. ////UPGRADING VOLATILITY to Volatility Framework 2.1_alpha
42.  
43. //go to your work directory...
44. apt-get purge volatility
45. svn checkout http://volatility.googlecode.com/svn/trunk Volatility
46. //check latest..
47. cd Volatility
48. python ./setup.py --version
49. //cont' w/malware plugin
50. cd Volatility/volatility/plugins
51. wget http://malwarecookbook.googlecode.com/svn/trunk/malware.py
52. cd ../../
53. python ./setup.py build
54. python ./setup.py install
55.  
56. //check...
57. ls -alkF `which vol` // the command line
58. vol -h // <--check to make sure the latest downloaded malware plugin list is in there
59. Volatile Systems Volatility Framework 2.1_alpha //<-- here's the latest ver
60.  
61. // the previously installed volatile symlink should stay in the system
62. // so you can execute volatility w/ vol or volatility command as usual.
63. // End of note, hope this will useful to you all!
64. ------
65. ZeroDay Japan http://0day.jp
66. OPERATION CLEANUP JAPAN | #OCJP
67. Analyst: Hendrik ADRIAN アドリアン・ヘンドリック
68. Malware Researcher VT/ twitter/google: @unixfreaxjp
69. sponsored by: 株式会社ケイエルジェイテック http://www.kljtech.com