Docker: Reverse Engineering of an Image

docker reverse-engineering dockerhub docker-image

21,174

Solution 1

You can check how an image was created using docker history <image-name> --no-trunc

Update:

Check dive which is a very nice tool that allows you to views image layers.

Solution 2

As yamenk said docker history is the key to this.

As https://github.com/CenturyLinkLabs/dockerfile-from-image is broken, you can use recent

https://hub.docker.com/r/dduvnjak/dockerfile-from-image/

Extract from the site

Note that the script only works against images that exist in your local image repository (the stuff you see when you type docker images). If you want to generate a Dockerfile for an image that doesn't exist in your local repo you'll first need to docker pull it.

For example, you can run it agains itself, to see the code

$ docker run --rm -v /run/docker.sock:/run/docker.sock centurylink/dockerfile-from-image ruby
FROM buildpack-deps:latest
RUN useradd -g users user
RUN apt-get update && apt-get install -y bison procps
RUN apt-get update && apt-get install -y ruby
ADD dir:03090a5fdc5feb8b4f1d6a69214c37b5f6d653f5185cddb6bf7fd71e6ded561c in /usr/src/ruby
WORKDIR /usr/src/ruby
RUN chown -R user:users .
USER user
RUN autoconf && ./configure --disable-install-doc
RUN make -j"$(nproc)"
RUN make check
USER root
RUN apt-get purge -y ruby
RUN make install
RUN echo 'gem: --no-rdoc --no-ri' >> /.gemrc
RUN gem install bundler
ONBUILD ADD . /usr/src/app
ONBUILD WORKDIR /usr/src/app
ONBUILD RUN [ ! -e Gemfile ] || bundle install --system

Solution 3

You can use laniksj/dfimage to reverse engineering of an image.

For example:

# docker run -v /var/run/docker.sock:/var/run/docker.sock laniksj/dfimage <YOUR_IMAGE_ID>
FROM node:12.4.0-alpine
RUN /bin/sh -c apk update
RUN /bin/sh -c apk -Uuv add groff less python py-pip
RUN /bin/sh -c pip install awscli
RUN /bin/sh -c apk --purge -v del py-pip
RUN /bin/sh -c rm /var/cache/apk/*
RUN /bin/sh -c apk add --no-cache curl
ADD dir:4afc740ff29e4a32a34617d2715e5e5dc8740f357254bc6d3f9362bb04af0253 in /app
COPY file:b57abdb61ae72f3a25be67f719b95275da348f9dfb63fb4ff67410a595ae1dfd in /usr/local/bin/
WORKDIR /app
RUN /bin/sh -c npm install
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["node" "app.js"]

21,174

daniele3004

Yeppa

Updated on January 20, 2022

Comments

daniele3004 over 2 years

When we use Docker it's very easy push and pull image in a public repository in our https://hub.docker.com but this repository it's free only for public image(only one can be private).

Currently it's possible to execute a reverse engineering of a public image in repository and read the source code of project ?
- therobyouknow over 4 years
  
  +1 upvote Sounds like already there are answers to your question. But I'm not sure if I understand your question. Is your question about a concern that your image can be reverse-engineered by others and that you don't want it to be? Or rather, do you want to know what is inside a docker image? - Should "Currently it's possible to execute a reverse engineering of a public image in repository and read the source code of project ?" be "Is it possible to reverse engineer a public docker image?" - if that is what you are asking, the answers here answer that question.
- therobyouknow over 4 years
  
  P.S. As an aside comment, to some extent I wonder what the point is of non-official docker images at hub.docker.com because myself, I'd always want to derrive my docker setup from the officials and not a 3rd party, for security and to avoid 3rd part maintainers deciding not to maintain any more.
- therobyouknow over 4 years
  
  See also my question here: security.stackexchange.com/questions/219924/…
BMW about 4 years

docker pull devopsqa/fortify; docker run -v /var/run/docker.sock:/var/run/docker.sock --rm dduvnjak/dockerfile-from-image devopsqa/fortify No output
user2915097 about 4 years

open a PR on dduvnjak github