Generate mips implants failling with rpc error: code = Unknown desc = exit status 2

[n1ete]

Still some problems with building for mips. this is the command i used

generate beacon -a mips -o linux -b https://some.domain.com -f executable -e -d -s .

here the corresponding server logs

INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:174] --- env ---   
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:176] CC=           
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:176] CGO_ENABLED=0 
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:176] GOOS=linux    
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:176] GOARCH=mips   
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:176] GOPATH=/root/.sliver/slivers/linux/mips/RETAIL_CABLE 
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:176] GOCACHE=/root/.sliver/go/cache 
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:176] GOMODCACHE=/root/.sliver/go/modcache 
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:176] GOPROXY=off   
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:176] HTTP_PROXY=   
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:176] HTTPS_PROXY=  
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:176] PATH=/root/.sliver/go/bin:/usr/local/sbin:/usr/local/bin:/usr/bin 
INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:178] --- stdout ---

INFO[2023-01-09T17:39:22Z] [sliver/server/gogo/go.go:179] --- stderr ---
# github.com/gen2brain/shm
vendor/github.com/gen2brain/shm/shm.go:64:34: undefined: sysShmGet
vendor/github.com/gen2brain/shm/shm.go:76:36: undefined: sysShmAt
vendor/github.com/gen2brain/shm/shm.go:100:38: undefined: sysShmDt
vendor/github.com/gen2brain/shm/shm.go:111:35: undefined: IdDs
vendor/github.com/gen2brain/shm/shm.go:112:38: undefined: sysShmCtl
vendor/github.com/gen2brain/shm/shm.go:128:11: undefined: IdDs

also i see frequently these messages in the logs .....thinking this is LXC container related...

ERRO[2023-01-09T17:39:21Z] [sliver/server/c2/mtls.go:165] Socket error (read msg-length): EOF 
ERRO[2023-01-09T17:39:21Z] [sliver/server/c2/mtls.go:103] Socket read error EOF 

[moloch--]

We technically don't support MIPS, but it should build the stock executable. Looks like a bug in the Linux build constraints that causes a CGO dependency to be included in the build.

[rkervella]

IIRC those imports are for the screenshot feature.

[moloch--]

I'm guessing our build constraint is only for Linux and not Linux/amd64

[rkervella]

Yes that would make sense.

[rkervella]

Looking at that lib, it seems to supports i386, amd64 and arm64 so we should probably restrict to that. Also, a quick search seems to imply that all the SHM syscall numbers (used by the gen2brain/shm package) are not defined in the standard lib for the MIPS architecture anyway, so we can probably exclude MIPS from the build constraints by default for the screen package in the implant.

[moloch--]

I've fixed the build constraints, but it appears that there's an upstream Garble issue that prevents the build from succeeding:

# github.com/bishopfox/sliver
aTZ5WkAu.(*M9GTSgMZEBA9AZ).pnEVb4Qd8: relocation target runtime/internal/atomic.LoadAcquintptr not defined
aTZ5WkAu.(*M9GTSgMZEBA9AZ).hw53wf5zL0: relocation target runtime/internal/atomic.LoadAcquintptr not defined
exit status 2

For now you have to build with --skip-symbols

[moloch--]

This is potentially fixed in upstream Garble as we're a little behind their latest release, we should update our internal Garble before filing an upstream issue.

[n1ete]

Is it possible to point to custom garble for building? Thank you for the support of unsupported features anyways!

[n1ete]

Seems like i didnt pay attention to the build architecture of my target hosts that i want to control. I am interested in the ramips Ralink/Mediathek devices with 'mipsel_24k' Architecture. It seems they are used in a lot of IOT/Router hardware products. How would i add a new build architecture to sliver?

[moloch--]

You'd have to add support to Golang, the Sliver --os and --arch flags are essentially passed through to the golang compiler.

[n1ete]

ok building mips beacons/implants went fine with the fix in #1066. and it should run afaik with gooarch=mips but i tried all mips builds (just in case i missed some releveant information)

generate -a mips -o linux -b https://some.domain:443 -l -s .

however running the binary on the devices returns:

root@mipsdevice:~# ./SELFISH_BITTER_mips64le 
./SELFISH_BITTER_mips64le: line 2: syntax error: unexpected "("

any ideas ? since mips isnt supported please just close the issue and i know i am on my own here. ;) thanks for your help!

[moloch--]

If there is an issue with the compiled binary (that's not a stack trace) it's likely an issue with upstream Go.

[moloch--]

@n1ete it looks like the machine may be trying to execute it as a shell script instead of a native binary?

[n1ete]

@moloch-- investigated this further and tried to run the beacon implant with exec /PATH/TO/BACON_CHEESE and got either cannot execute binary file: Exec format error <-- thinking this is related to wrong architecture or Illegal instruction

OS is openwrt any ideas or hints left you have guys?

[moloch--]

I'd look to see if anyone in the wider Go community has run into this problem or managed to solve it, if you can get any Go program to run on the target device you should be able to get the generic version of the Sliver implant running (the generic version is pure Go).

[n1ete]

Thanks, if you need further debug data i am happy to provide them to you. I have a few different boxes laying around with these chip-sets.

i stumbled upon GOMIPS=softfloat and GOMIPS=hardfloat could this be related?

[mvdan]

This is potentially fixed in upstream Garble as we're a little behind their latest release, we should update our internal Garble before filing an upstream issue.

We're going to fix it soon: https://github.com/burrowers/garble/issues/646

[mvdan]

The issue above is fixed with yesterday's garble v0.9.1 release.

[moloch--]

@n1ete I've merged v0.9.1 of Garble into the Sliver master branch if you compile from source you should get the updates.