Boot Windows 10 Technical Preview on DECAF without KVM enabled and write a HOWTO
New here? Learn about Bountify and follow @bountify to get notified of new bounties! x

DECAF is a fork of the QEMU full system emulator. DECAF adds support for whole-system dynamic binary analysis to QEMU. For example, DECAF can perform instruction-level taint flow tracking.

I want to run Windows 10 Technical Preview in DECAF. I don't want to deal with the inevitable fun of futzing that will be required. This bounty is for someone who can install Windows 10 Technical Preview in DECAF, run a basic taint flow analysis, and then write a detailed HOWTO document explaining how to do this step by step.

The good news is that Windows 10 Technical Preview will boot and run on QEMU. Because DECAF is based on QEMU this suggests it may be possible to boot Windows 10 in DECAF.

See
https://bountify.co/boot-windows-10-technical-preview-on-qemu-and-create-a-howto
for a HOWTO and an awesome YouTube video tutorial (thank you, Bountify!).

The bad news is that for the analysis engine to work, DECAF requires that KVM be turned off. The respondents above indicated that QEMU fails to properly boot Windows 10 if KVM is turned off. That means to collect this bounty, you might need to modify the source code for DECAF/QEMU.

I understand this is likely not trivial, hence the bounty amount. I will tip for partial results (see below).

Specifically I would like you to do the following:

1) Download DECAF source code from here and compile it
https://code.google.com/p/decaf-platform/

2) Download Windows 10 Technical Preview, which is available at no cost here
http://windows.microsoft.com/en-us/windows/preview

3) Install and successfully boot Windows 10 Technical Preview in DECAF without KVM. Here "successful boot" means that you can reach the desktop, open Notepad, and then type "I am the operator of my pocket calculator!" without crashing. It is OK if performance is poor. You may find this Setup page on the DECAF wiki helpful:
http://code.google.com/p/decaf-platform/wiki/build_conf

4) Attempt the "Keylogger detector" tutorial
https://code.google.com/p/decaf-platform/wiki/plugin_sample
this shows off instruction-level tainting in DECAF. Note that the tutorial steps may not work properly because DECAF doesn't explicitly support Windows 10. That is OK, you don't need to fix DECAF to earn the bounty.

Deliverables:

  1. A screen capture or other means of showing a successful boot of Windows 10 Technical Preview on DECAF without KVM. Here "successful boot" means that you can reach the desktop, open Notepad, and then type "I am the operator of my pocket calculator!" without crashing.

  2. A HOWTO document that contains a detailed description of the steps you took to boot Windows 10 under DECAF and run the keylogger tainting demo. This should include specific command lines, settings, and other information. I'm your audience for the HOWTO, so if you have questions about the level of detail please ask!

  3. If you need to make any patches to DECAF, please include those as well. Please include a short (1 paragraph) statement of what the patches do and why.

Tipping for partial results:

I will tip for partial results. I am looking for any guidance you can give that will help me figure out how much work it is to get DECAF up and running. If you want to claim a partial result tip, please say so in your answer.

For example, I will tip for a report of what exactly needs to be changed about DECAF source code to make it properly boot Windows 10 without using KVM, even if you can't actually get it to boot properly. I will tip from $10-$50 depending on how detailed the report is.

Please don't hesitate to ask any questions!

awarded to Wikimedia

Crowdsource coding tasks.

0 Solutions