search

Ledger-Donjon / rainbow

Makes Unicorn traces. Generic Side-Channel and Fault Injection simulator
GNU Lesser General Public License v3.0
172 stars 34 forks source link

An exception is raised #12

Closed ddddavidee closed 2 years ago

ddddavidee commented 3 years ago 
StopIteration: 
Exception ignored on calling ctypes callback function: <bound method Uc._hookcode_cb of <unicorn.unicorn.Uc object at 0x7f8b30eaa220>>
Traceback (most recent call last):
  File "/home/davide/SideChannel/rainbow/venv/lib/python3.8/site-packages/unicorn/unicorn.py", line 480, in _hookcode_cb
    cb(self, address, size, data)
  File "/home/davide/SideChannel/rainbow/rainbow/rainbow.py", line 51, in __call__
    self.method()(*args, **kwargs)
  File "/home/davide/SideChannel/rainbow/rainbow/rainbow.py", line 360, in sca_code_trace
    wb_regs_trace(self, address, size, data)
  File "/home/davide/SideChannel/rainbow/rainbow/tracers.py", line 25, in wb_regs_trace
    ins = rbw.disassemble_single_detailed(address, size)
  File "/home/davide/SideChannel/rainbow/rainbow/rainbow.py", line 347, in disassemble_single_detailed
    return next(self.disasm.disasm(bytes(instruction), addr, 1))
StopIteration:

This exception is raised when emulating an ARM32 binary

If I understand correctly the problem is that:

        try:
            import ccapstone
            # rewire disasm to use the faster version
            self.disasm = ccapstone.Cs(self).disasm
        except:
            pass

the Capstone bindings are not installed ~(and apparently are not available for version 5.0.0 ??)~

yhql commented 3 years ago

Did you confirm this is a capstone installation-related problem ?

Otherwise, this kind of exception on the disassembler can be thrown when capstone fails at disassembling a single instruction. On ARM32 this can happen if capstone tries to disassemble in thumb mode while the code is emulated in ARM mode or vice versa.

Edit: if it is the latter, this should fix it https://github.com/Ledger-Donjon/rainbow/commit/86ce13d5ddb4a787a05a8f10a8bb25ce684d3bcb

ddddavidee commented 3 years ago

I confirm that is a capstone issue, related to the wrong disass mode loaded.

Thanks, this commit solves the issue.

yhql commented 3 years ago

Good to know, thanks.

ddddavidee commented 3 years ago

I've the same issue, same exception in emulating x64 code.

yhql commented 3 years ago

Ouch ! Can you provide an example binary and your python script so I can try to reproduce ? :)

ddddavidee commented 3 years ago

yes, of course. How am I supposed to post a binary here ?

yhql commented 3 years ago

Ah, forgot we couldn't do that. Let's see this on https://gitter.im/Ledger-Donjon/rainbow , you can send me a private message there.

yhql commented 2 years ago

Resolved by https://github.com/Ledger-Donjon/rainbow/commit/c82f7993e3ea23436491e41554fa9574ac400248 if I'm not mistaken