search

hugsy / gef

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
https://hugsy.github.io/gef
MIT License
6.85k stars 725 forks source link

Remote Debugging on aarch64 binary using qemu #963

Closed DERE-ad2001 closed 1 year ago

DERE-ad2001 commented 1 year ago

GEF+GDB version

gef➤  version
GEF: (Standalone)
Blob Hash(/home/ubuntu/.gdbinit-gef.py): 8875fc48f622386dc807eff5dd47c2d754a04498
SHA256(/home/ubuntu/.gdbinit-gef.py): 7dd1bd86d8694b4046a3e1343ebb153cf2c4685edecf99aadbdacec18a94d93b
GDB: 13.1
GDB-Python: 3.11

Operating System

Ubuntu 23.04

Issues encountered

When i trying to remotely debug a aarch64 compiled binary using gef, i get the below error.

i compiled the program using : aarch64-linux-gnu-gcc rop1.c -o rop1 -fno-stack-protector

Ran using qemu:

$ qemu-aarch64 -g 1234 -L /usr/aarch64-linux-gnu/ ./rop1

And used gef.


ubuntu@ubuntu2304:~/Desktop/arm64-exploitation/rop$ gdb-multiarch ./rop1
GNU gdb (Ubuntu 13.1-2ubuntu2) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
GEF for linux ready, type `gef' to start, `gef config' to configure
88 commands loaded and 5 functions added for GDB 13.1 in 0.00ms using Python engine 3.11
Reading symbols from ./rop1...

This GDB supports auto-downloading debuginfo from the following URLs:
  <https://debuginfod.ubuntu.com>
Debuginfod has been disabled.
To make this setting permanent, add 'set debuginfod enabled off' to .gdbinit.
(No debugging symbols found in ./rop1)
gef➤  set sysroot /usr/aarch64-linux-gnu/
gef➤  gef-remote localhost 1234
0x000000550283c980 in ?? () from /usr/aarch64-linux-gnu/lib/ld-linux-aarch64.so.1
[!] Command 'gef-remote' failed to execute properly, reason: Remote I/O error: Function not implemented
gef➤  gef-remote localhost 1234
[!] Command 'gef-remote' failed to execute properly, reason: <method 'disconnect' of 'gdb.EventRegistry' objects> returned a result with an exception set
gef➤

Do you read the docs and look at previously closed issues/PRs for similar cases?

Yes

Architecture impacted

Reproducing the issue

Compiled the binary : ubuntu@ubuntu2304:/tmp$ sudo aarch64-linux-gnu-gcc -fPIE -fpic my_issue.c -o my_issue

Running the binary for remote debugging:

ubuntu@ubuntu2304:/tmp$ sudo qemu-aarch64 -g 1234 -L /usr/aarch64-linux-gnu/ my_issue

Remote debugging using gef:

ubuntu@ubuntu2304:~/Desktop/arm64-exploitation/rop$ sudo gdb-multiarch /tmp/my_issue
GNU gdb (Ubuntu 13.1-2ubuntu2) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
GEF for linux ready, type `gef' to start, `gef config' to configure
88 commands loaded and 5 functions added for GDB 13.1 in 0.00ms using Python engine 3.11
Reading symbols from /tmp/my_issue...
(No debugging symbols found in /tmp/my_issue)
gef➤  gef-remote localhost 1234
Ignoring packet error, continuing...
warning: unrecognized item "timeout" in "qSupported" response
Ignoring packet error, continuing...
[!] Failed to connect to localhost:1234: Remote replied unexpectedly to 'vMustReplyEmpty': timeout
[!] Command 'gef-remote' failed to execute properly, reason: Cannot connect to remote target localhost:1234
gef➤  gef-remote localhost 1234
[!] Command 'gef-remote' failed to execute properly, reason: <method 'disconnect' of 'gdb.EventRegistry' objects> returned a result with an exception set
gef➤

Minimalist test case

// compiled with gcc -fPIE -fpic -o my_issue.out my_issue.c
int main(){ return 0; }
hugsy commented 1 year ago

Can you send the stack dump? It will be shown if you enable the debug mode (gef config gef.debug 1)

DERE-ad2001 commented 1 year ago 
gef➤  gef config gef.debug 1
gef➤  gef-remote localhost 1234
[=] [remote] initializing remote session with localhost:1234 under /tmp/tmpxg8r95uo
[=] [remote] Installing new objfile handlers
[=] [remote] Enabling extended remote: False
[=] [remote] Executing 'target remote localhost:1234'
warning: remote target does not support file transfer, attempting to access files from local filesystem.
warning: Unable to find dynamic linker breakpoint function.
GDB will be unable to debug shared library initializers
and track explicitly loaded dynamic code.
0x000000550283c980 in ?? ()
[=] Setting up as remote session
[=] [remote] downloading '/proc/1/exe' -> '/tmp/tmpxg8r95uo/tmp/my_issue'

─────────────────────────────── Exception raised ───────────────────────────────
error: Remote I/O error: Function not implemented
───────────────────────────── Detailed stacktrace ──────────────────────────────
↳ File "/home/ubuntu/.gdbinit-gef.py", line 10823, in sync()
    →     gdb.execute(f"remote get {src} {tgt.absolute()}")
↳ File "/home/ubuntu/.gdbinit-gef.py", line 10902, in __setup_remote()
    →     if not self.sync(fpath, str(self.file)):
↳ File "/home/ubuntu/.gdbinit-gef.py", line 10857, in setup()
    →     self.__setup_remote()
↳ File "/home/ubuntu/.gdbinit-gef.py", line 10764, in __init__()
    →     if not self.setup():
↳ File "/home/ubuntu/.gdbinit-gef.py", line 5981, in do_invoke()
    →     gef.session.remote = GefRemoteSessionManager(args.host, args.port, args.pid, qemu_binary)
↳ File "/home/ubuntu/.gdbinit-gef.py", line 504, in wrapper()
    →     return f(*args, **kwargs)
↳ File "/home/ubuntu/.gdbinit-gef.py", line 256, in wrapper()
    →     rv = f(*args, **kwargs)
↳ File "/home/ubuntu/.gdbinit-gef.py", line 4504, in invoke()
    →     bufferize(self.do_invoke)(argv)
─────────────────────────────────── Version ────────────────────────────────────
GEF: (Standalone)
Blob Hash(/home/ubuntu/.gdbinit-gef.py): 8875fc48f622386dc807eff5dd47c2d754a04498
SHA256(/home/ubuntu/.gdbinit-gef.py): 7dd1bd86d8694b4046a3e1343ebb153cf2c4685edecf99aadbdacec18a94d93b
GDB: 13.1
GDB-Python: 3.11
obsolete loaded_command_names
Loaded commands: $, aliases, aliases add, aliases ls, aliases rm, aslr, canary, checksec, context, dereference, edit-flags, elf-info, entry-break, format-string-helper, functions, gef-remote, got, heap, heap arenas, heap bins, heap bins fast, heap bins large, heap bins small, heap bins tcache, heap bins unsorted, heap chunk, heap chunks, heap set-arena, heap-analysis-helper, hexdump, hexdump byte, hexdump dword, hexdump qword, hexdump word, highlight, highlight add, highlight clear, highlight list, highlight remove, hijack-fd, ksymaddr, memory, memory list, memory reset, memory unwatch, memory watch, name-break, nop, patch, patch byte, patch dword, patch qword, patch string, patch word, pattern, pattern create, pattern search, pcustom, pcustom edit, pcustom list, pcustom show, pie, pie attach, pie breakpoint, pie delete, pie info, pie remote, pie run, print-format, process-search, process-status, registers, reset-cache, scan, search-pattern, shellcode, shellcode get, shellcode search, stub, theme, trace-run, version, vmmap, xfiles, xinfo, xor-memory, xor-memory display, xor-memory patch
───────────────────────────── Last 10 GDB commands ─────────────────────────────
  139  c
  140  ni
  141  exit
  142  set sysroot /usr/aarch64-linux-gnu/
  143  gef-remote localhost 1234
  144  gef-remote localhost 1234
  145  exit
  146  file my_issue
  147  gef config gef.debug 1
  148  gef-remote localhost 1234
───────────────────────────── Runtime environment ──────────────────────────────
* GDB: 13.1
* Python: 3.11.2 - final
* OS: Linux - 6.2.0-25-generic (x86_64)
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 23.04
Release:    23.04
Codename:   lunar
────────────────────────────────────────────────────────────────────────────────
hugsy commented 1 year ago

Try again using the qemu-user mode: see the docs https://hugsy.github.io/gef/commands/gef-remote/

DERE-ad2001 commented 1 year ago

Still having the same issue

gef gef2

hugsy commented 1 year ago

It looks like GDB changed their API. We'll look into it

hugsy commented 1 year ago

It works just fine (with the correct syntax) image using the gdb-multiarch packaged with ubuntu 23.04.

The problem must come from your setup. Check your GDB and try using the latest gef.py from the main branch.