search

MythicAgents / Apollo

A .NET Framework 4.0 Windows Agent
BSD 3-Clause "New" or "Revised" License
432 stars 90 forks source link

Building wheel for donut-shellcode did not run successfully (on ARM) #123

Closed Pheelbert closed 1 year ago

Pheelbert commented 1 year ago

After installing and running mythic-cli start, I get an error when trying to build donut-shellcode. Since this is dockerized I'm guessing the error isn't only on my side!

Here are the related logs: logs.txt

Please let me know if you need extra information or if you have any hints on how to troubleshoot.

its-a-feature commented 1 year ago

It seems to build just fine for me.. Can you give me additional information about your setup? Is this on arm by chance?

Pheelbert commented 1 year ago

I'm running this on a Rasberry Pi (Debian GNU/Linux 11 (bullseye)) with 4 CPUs and 4GB RAM. I also have the latest Docker version (24.0.2). I just tried building Athena as well and I get the same error. Please let me know if there are any other details needed. Thanks for the quick response!

EDIT: I also had to install Docker in a different way than the one in "install_docker_debian.sh". This may be related. I used the script here "https://get.docker.com".

its-a-feature commented 1 year ago 
gcc -pthread -shared build/temp.linux-aarch64-cpython-311/donut.o build/temp.linux-aarch64-cpython-311/donutmodule.o build/temp.linux-aarch64-cpython-311/encrypt.o build/temp.linux-aarch64-cpython-311/format.o build/temp.linux-aarch64-cpython-311/hash.o build/temp.linux-aarch64-cpython-311/loader/clib.o lib/aplib64.a -Llib -L/usr/local/lib -o build/lib.linux-aarch64-cpython-311/donut.cpython-311-aarch64-linux-gnu.so
#69 18.28       /usr/bin/ld: lib/aplib64.a(elfstubs.o): Relocations in generic ELF (EM: 62)
#69 18.28       /usr/bin/ld: lib/aplib64.a: error adding symbols: file in wrong format
#69 18.28       collect2: error: ld returned 1 exit status
#69 18.28       error: command '/usr/bin/gcc' failed with exit code 1

that part from your output makes me think that your Raspberry Pi is ARM and not intel (x86_64) because it's referencing aarch64 python libraries. Even though Mythic and the Mythic Docker images support running on ARM, I'm thinking that Apollo/Athena might not support it.

What error are you getting from Athena?

Pheelbert commented 1 year ago

I see! That's probably it. I didn't know this would cause issues even in a Docker set up.

Here's to confirm, ran on my Pi:

$ uname -m
aarch64

Here's the logs, which are essentially the same: logs2.txt

I'll find another host to run this on. Thanks for the help!

its-a-feature commented 1 year ago

No worries! Docker doesn't fully virtualize an entire OS (like a VM would), so the kernel and core components are still backed by whatever host architecture you have. In this case, I just don't think the Apollo/Athena docker images have the toolchains installed to cross compile their builds to ARM, so that's why you're seeing these errors