Importing & exporting a scenario

A recorded scenario can be exported, with or without some associated replayed resources. The resulting archive can then be shared with other REVEN users or stored away to free space on your working disk.

By default, the folder where archive files are stored is ~/Reven2/Archives. It is user-definable in the Project Manager settings file via the variable QUASAR_ARCHIVES_PATH (see the storage doc).

Conversely, all archive files stored in the QUASAR_ARCHIVES_PATH can be imported as scenarios to be analyzed with REVEN.

A typical scenario archive will usually take between 500 MB and 1 GB. For instance, the scenario presented in the article Analysing CVE-2020-15999 - buffer overflow in Chrome requires about 30 GB of disk space when fully replayed, but its archive is only about 750 MB.

Exporting

To export a scenario:

  1. First, open your scenario's "Details" page. You can find it by clicking the scenario's name in the scenario list.
  2. Click "Export".
  3. The export page allows you to select what you want to export. You should keep the defaults.
    • The "OSSI" is selected by default, and highly recommended:
      • If not selected, you will not be able to get symbols after importing the archive.
      • If you cannot select it, you should first replay the OSSI on your scenario and come back to the export page.
    • See below for more details on the other items.
  4. Click on "Export the scenario".
  5. Wait for the operation to finish.

Once the export operation is done, you can access the resulting archive:

  • Either download it with the "Download" button on the export task log.
  • Or locate it on the server at QUASAR_ARCHIVES_PATH (see above).

NOTES:

  • The original scenario is not deleted after the export task succeeds.
  • Exporting a scenario a second time will overwrite the scenario's previous archive.
  • You cannot export a scenario while recording, replaying, importing or exporting it.

Importing

The Project Manager can import archives that were previously exported using the above method. This operation will create a new scenario, and extract the archive into it.

NOTE: The Project Manager can only find archives stored in the server's QUASAR_ARCHIVES_PATH folder. Therefore, you must manually copy external archives (e.g. from Tetrane's website or an other server) into this folder. Currently, the Project Manager does not propose to upload external archives.

To import a scenario:

  1. If you wish to import a scenario exported from another server:
    1. First, copy the archive to your QUASAR_ARCHIVES_PATH folder. Its default path is ~/Reven2/Archives, and this folder may need to be created first (see the storage doc).
  2. In the "Scenario List" page, click on "Import from archive".
  3. Use the combo-box to select the archive you want to import.
    • If you cannot see it, make sure it is in the correct QUASAR_ARCHIVES_PATH.
  4. Click on "Import".
  5. Wait for the task to finish.
  6. Archives usually do not contain all replayable resources: you should open the Replay page of the newly created scenario and click on "Replay" all.

NOTES:

  • The resulting scenario is a "Snapshot-less scenario", because it is not linked to a particular VM anymore.
  • You cannot overwrite the recording of a scenario from an imported archive.
  • As soon as you start importing an archive, its scenario becomes visible in the scenario list. However, as long as it is being imported, all actions on the scenario will be disabled.

About exported resources

Here are more details about the resources you can select for export in a scenario:

  • The record: it is mandatory, you cannot export a scenario without the original record included in the archive.
  • The replay: resources generated by a replay are optional. They can be regenerated after the import. We do not recommend keeping them since they add significant overhead to the archive size, which also increases the time necessary to export it.
  • The ossi: It is highly recommended to include the OS-specific information. If you don't include them, you won't be able to retrieve OSSI (like symbols) when you will import the archive.
  • The light PDBs: Light PDBs contain only the PDBs needed for the scenario. It is not mandatory, as you should be able to download them from the original sources again when importing the archive. However they are recommended: including them when exporting a scenario is a convenience for users who are not connected to the Internet. Moreover, PDBs could get deleted from sources out of your control. Finally, if the scenario requires custom PDBs (for binaries you compiled), then you should include them in the archive.
  • The user data contains files useful for the scenario, with user-generated information (bookmarks, scripts, readme, ...). You certainly want to include this information in an exported archive and retrieve it when importing one.

The archive will also always include information about the scenario (name, type, os, archi, ...) and REVEN's version, necessary for later importing.

Some resources are immutable after importing an archive, because they cannot be regenerated. Hence, they cannot be deleted in the imported scenario. For instance, the OSSI's light filesystem is an immutable resource because it depends on the snapshot.