Setting up the environment
Scenario #1: OS X host
-
Download Cuckoo Sandbox and the OS X analyzer:
$ git clone https://github.com/cuckoobox/cuckoo.git $ git clone https://github.com/rodionovd/cuckoo-osx-analyzer.git
-
Symlink
cuckoo-osx-analyzer/analyzer/darwinintocuckoo/analyzer/darwin:$ ln -s ./cuckoo-osx-analyzer/analyzer/darwin cuckoo/analyzer/darwin
-
Run
bootstrap_host.sh(it will prompt for your password):If you'd like, you can setup network forwarding manually.
$ bash ./cuckoo-osx-analyzer/scripts/bootstrap_host.sh
Also, if you don't have
vboxnet0network host-only adapter up and running, use the following syntax to create it and assign to the VM:
$ bash ./cuckoo-osx-analyzer/scripts/bootstrap_host.sh -i OSX108 -
Download my OS X 10.8 virtual machine (for VirtualBox) here. It's pre-configured to work as a Cuckoo guest. Use any 7z unarchiver (e.g. "The Unarchiver.app" on Mac) to extract the image from an archive.
-
Add this virtual machine to VirtualBox and adjust Cuckoo's configuration. For example, your
conf/virtualbox.confshall contain at least the following items:[virtualbox] ... machines = OSX108 ... [OSX108] label = OSX108 platform = darwin
-
Now you can start submitting OS X jobs to Cuckoo 😎:
$ ./cuckoo/cuckoo.py & $ ./cuckoo/utils/submit.py --platform darwin ~/target
Scenario #2: GNU/Linux or Windows host
The only difference from the Scenario #1 is how you install an OS X virtual machine (Step 4): you have to use a special thing called «Hackintosh» (yeah, it's like Macintosh, but with a bit of hack). Here're a few guides on this topic I myself found very helpful:
- Installing OS X 10.9 into VirtualBox: http://www.macbreaker.com/2014/05/os-x-mavericks-in-virtualbox-with-niresh.html
- Installing OS X 10.10 into VirtualBox: http://www.macbreaker.com/2015/01/virtualbox-yosemite-zone.html
- Running Mac OS X as a QEMU/KVM Guest: http://www.contrib.andrew.cmu.edu/~somlo/OSXKVM/ (thanks, @phretor!)