search

angr / archinfo

Classes with architecture-specific information useful to other projects.
BSD 2-Clause "Simplified" License
84 stars 58 forks source link

How to fix this error: archinfo.arch | Please look up and add dynamic tag type 0x70000001 for AMD64 #217

Closed StinkAndShityAura closed 2 months ago

StinkAndShityAura commented 4 months ago

Question

total rookie with angr. First angr script give me this error:

ERROR    | 2024-05-14 14:24:20,937 | archinfo.arch  | Please look up and add dynamic tag type 0x70000001 for AMD64
ERROR    | 2024-05-14 14:24:20,937 | archinfo.arch  | Please look up and add dynamic tag type 0x70000003 for AMD64
ERROR    | 2024-05-14 14:24:20,937 | archinfo.arch  | Please look up and add dynamic tag type 0x24 for AMD64
ERROR    | 2024-05-14 14:24:20,937 | archinfo.arch  | Please look up and add dynamic tag type 0x23 for AMD64
ERROR    | 2024-05-14 14:24:20,937 | archinfo.arch  | Please look up and add dynamic tag type 0x25 for AMD64
ERROR    | 2024-05-14 14:24:21,093 | archinfo.arch  | Please look up and add dynamic tag type 0x24 for AMD64
ERROR    | 2024-05-14 14:24:21,094 | archinfo.arch  | Please look up and add dynamic tag type 0x23 for AMD64
ERROR    | 2024-05-14 14:24:21,094 | archinfo.arch  | Please look up and add dynamic tag type 0x25 for AMD64
ERROR    | 2024-05-14 14:24:21,101 | archinfo.arch  | Please look up and add dynamic tag type 0x24 for AMD64
ERROR    | 2024-05-14 14:24:21,101 | archinfo.arch  | Please look up and add dynamic tag type 0x23 for AMD64
ERROR    | 2024-05-14 14:24:21,101 | archinfo.arch  | Please look up and add dynamic tag type 0x25 for AMD64

OS

Linux archlinux 6.8.9-arch1-2 #1 SMP PREEMPT_DYNAMIC Tue, 07 May 2024 21:35:54 +0000 x86_64 GNU/Linux

angr

angr                          9.2.102

download example from :
https://github.com/N4NU/Reversing-Challenges-List/blob/master/Easy/Codegate_CTF_2018_Preliminary_RedVelvet/RedVelvet.7z my script

import angr

p = angr.Project('./rvpatch')

sm = p.factory.simgr()
sm.explore(find=lambda s: b"HAPPINESS:)\n"*15 in s.posix.dumps(1))

if sm.found[0]:
    print (sm.found[0].posix.dumps(0).replace(b'\x00',b''))

This is not a critical problem, and the script can finish and return normal answer. i think maybe my archlinux missing package since another ubuntu server could finish without it. But I want fix this error and get to know why i got this.

Thank you

rhelmot commented 4 months ago

Looks like these are actually missing tags from the libc.so.6 on your system, which is, I'm guessing, ubuntu 24.04. You're right that it's harmless but I'll fix it at some point.

Reference output of readelf -d:

Dynamic section at offset 0x201940 contains 31 entries:
  Tag        Type                         Name/Value
 0x0000000000000001 (NEEDED)             Shared library: [ld-linux-x86-64.so.2]
 0x000000000000000e (SONAME)             Library soname: [libc.so.6]
 0x0000000000000019 (INIT_ARRAY)         0x1ffc70
 0x000000000000001b (INIT_ARRAYSZ)       16 (bytes)
 0x0000000000000004 (HASH)               0x3c8
 0x000000006ffffef5 (GNU_HASH)           0x4508
 0x0000000000000005 (STRTAB)             0x1bdc0
 0x0000000000000006 (SYMTAB)             0x95e0
 0x000000000000000a (STRSZ)              34928 (bytes)
 0x000000000000000b (SYMENT)             24 (bytes)
 0x0000000070000000 (DT_X86_64_PLT)      0x28400
 0x0000000070000001 (DT_X86_64_PLTSZ)    0x3d0
 0x0000000070000003 (DT_X86_64_PLTENT)   0x10
 0x0000000000000003 (PLTGOT)             0x202b80
 0x0000000000000002 (PLTRELSZ)           1464 (bytes)
 0x0000000000000014 (PLTREL)             RELA
 0x0000000000000017 (JMPREL)             0x26cd8
 0x0000000000000007 (RELA)               0x264c8
 0x0000000000000008 (RELASZ)             2064 (bytes)
 0x0000000000000009 (RELAENT)            24 (bytes)
 0x000000006ffffffc (VERDEF)             0x25ed8
 0x000000006ffffffd (VERDEFNUM)          41
 0x000000000000001e (FLAGS)              BIND_NOW STATIC_TLS
 0x000000006ffffffb (FLAGS_1)            Flags: NOW
 0x000000006ffffffe (VERNEED)            0x26488
 0x000000006fffffff (VERNEEDNUM)         1
 0x000000006ffffff0 (VERSYM)             0x24630
 0x0000000000000024 (RELR)               0x27290
 0x0000000000000023 (RELRSZ)             256 (bytes)
 0x0000000000000025 (RELRENT)            8 (bytes)
 0x0000000000000000 (NULL)               0x0
StinkAndShityAura commented 4 months ago 
$ readelf -d RedVelvet 

Dynamic section at offset 0x1e18 contains 25 entries:
  Tag        Type                         Name/Value
 0x0000000000000001 (NEEDED)             Shared library: [libcrypto.so.1.0.0]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
 0x000000000000000c (INIT)               0x400780
 0x000000000000000d (FINI)               0x4016b4
 0x0000000000000019 (INIT_ARRAY)         0x601e00
 0x000000000000001b (INIT_ARRAYSZ)       8 (bytes)
 0x000000000000001a (FINI_ARRAY)         0x601e08
 0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)
 0x000000006ffffef5 (GNU_HASH)           0x400298
 0x0000000000000005 (STRTAB)             0x400488
 0x0000000000000006 (SYMTAB)             0x4002c0
 0x000000000000000a (STRSZ)              280 (bytes)
 0x000000000000000b (SYMENT)             24 (bytes)
 0x0000000000000015 (DEBUG)              0x0
 0x0000000000000003 (PLTGOT)             0x602000
 0x0000000000000002 (PLTRELSZ)           312 (bytes)
 0x0000000000000014 (PLTREL)             RELA
 0x0000000000000017 (JMPREL)             0x400648
 0x0000000000000007 (RELA)               0x400618
 0x0000000000000008 (RELASZ)             48 (bytes)
 0x0000000000000009 (RELAENT)            24 (bytes)
 0x000000006ffffffe (VERNEED)            0x4005c8
 0x000000006fffffff (VERNEEDNUM)         2
 0x000000006ffffff0 (VERSYM)             0x4005a0
 0x0000000000000000 (NULL)               0x0