REVEN-Axion 2018v1.5.0
Configuration files reference documentation

The configuration settings of the REVEN server are stored in two configuration files:

  • /usr/share/reven/build.rc: the default configuration which should not be edited.
  • /home/reven/reven.rc: the user configuration, which overrides defaults.

Global configuration

The build.rc file stores the global configuration options of REVEN. The following options are available:

Option Description
reven_default_config_path The path of the default configuration.
reven_user_config_path The path of the user configuration.
projects_path The path of the REVEN project data

WARNING: It is not recommended to modify the files in /usr/share/reven, as those files will be overridden when REVEN is upgraded. Instead, these options should be customized in the user configuration file.

User configuration

The user configuration file location (/home/reven/reven.rc by default) is defined in the build.rc configuration file described above. It is where you can customize and setup REVEN behavior. Please note that:

  • Options set in this file will override those in the build configuration file.
  • Sample settings are provided in the default configuration file /usr/share/reven/default.rc.
  • Configuration file changes take effect once the REVEN server has been reloaded.

The configuration options are split into multiple sections. Here is a detailed descriptions of each configuration entry.

Limits section

Within the [limits] section you can set memory usage limits for REVEN processes. It is not recommended to change these unless you know exactly what you are doing.

The following options are available:

Option Description
stack_limit Maximum size of the stack for a REVEN process, in Mbytes
heap_limit Maximum size of the heap for a REVEN process, in Mbytes

VirtualBox section

Within the [vbox] section you can set which virtual machines can be used for scenario recording. Only one option is available:

Options Description
vms A comma separated list of virtual machines names to register in REVEN

Virtual machine sections

Each Virtual machine options are registered within their own arbitrary section, they specify scenario recording options. Example for a section with a vbox_name option set to vmdebian:

virtualbox_vmdebian.png
vmdebian virtual machine
Option Description
os The operating system type. Either 'windows' or 'linux'.
vbox_name Optional. Name of the virtual machine as known by VirtualBox. Defaults to the section name.
display The name displayed in the Axion client.
preloaders Optional. A list of files deployed in the guest os, must include loaders.
dynamic_launch Optional. The dynamic executable loader.
static_launch Optional. The static executable loader.
stopper Optional. The program used to stop the vm from the guest os.
segment The value of the userland code segment (cs) value.
vnc_password Optional. The password used by the VirtualBox vnc server. Defaults to a random password (displayed in the scenario recording ui).
vnc_port Optional. The port of the vnc server. In order to use multiple virtual machines at the same time, use different vnc ports. Default is 5900.
pdb_path Optional. The path used for importing windows symbols file, see Symbols from PDB files. Default is none.

preloaders, dynamic_launch and static_launch options are needed for automatic scenario recording. If they are not specified, the user will have to record the scenario manually with VirtualBox key bindings. If the VM hangs indefinitely during scenario recording, you can use VNC to stop the VM manually. If a stopper program is set in the stopper entry, it will appear in a command prompt, so that you just have to confirm to stop scenario recording.

Changes to the pdb_path option are not reflected on projects created before the change. For the changes to take effect, create a new project, then copy the content of the existing project's input directory.

Example of User configuration

[limits]
stack_limit = 1024
heap_limit = 8096
[vbox]
vms = debian_stable, windows_8
[debian_stable]
os = linux
vbox_name = vmdebian
display = Debian wheezy
preloaders = libpreload_x86.so, linux_static_loader_x86, dump_processes_x86
dynamic_launch = LD_PRELOAD=./libpreload_x86.so
static_launch = ./linux_static_loader_x86
segment = 0x73
stopper = stop_vm_x86
vnc_port = 5900
vnc_password = passw0rd
[windows_8]
os = windows
vbox_name = vmwin8
display = Windows 8
preloaders = loader.exe, dump_processes.exe
dynamic_launch = loader.exe
static_launch = loader.exe
segment = 0x1b
stopper = stop_vm.exe
vnc_port = 5901
vnc_password = passw0rd
pdb_path = /home/tetrane/pdb/windows8

This example describes two virtual machines, named vmdebian and vmwin8. Note that these virtual machines must have been previously created in VirtualBox, with names matching exactly the vbox_name attribute.