"Not a valid binary file" when running GSA on samples provided

[iJustinCabral]

Hey there,

I'm a graduate student working with hardening binaries for a project and came across your tool. I have all the correct dependencies installed however when I run the sample command given in the GitHub I come across this error:

I also looked at the logs (as well ass --output_console) from the analysis for the original binary and they don't seem to have gadgets found.

I've run ROPgadget separately on the sample binaries provided (both original & reduced) and the tool works fine for finding + reporting the amount of gadgets found.

Any idea on why this is error may be occuring? Thank you.

[michaelbrownuc]

As for why there are no gadgets in the logs, this is probably because there was an error in the readme. The filename for the base binary should be date-8.21.origin, not date-8.21.

[michaelbrownuc]

As for the error message, I think that's coming from angr, try removing the --output_addresses flag and see it that's the problem.

[iJustinCabral]

Inside the folders each non-reduced binary uses .origin :

However I did two runs, one with your recommended change and the other with .orgin, as well as removed --output_addresses. While it no longer gave the message of invalid binary, the counts coming back from the logs are blank.

With output_console on:

I've tested all the binaries provided in /samples with ROPgadget so I know they're valid but for some reason the tool doesn't want to seem analyze correctly.

Any other ideas on why this could be? Thank you

[michaelbrownuc]

What command are you using with ROPgadget? GSA uses:

ROPgadget --binary <your_target> --all --multibr

Try this and see if your invocations of ROPgadget still work.

It might also be useful to make sure the binaries from the repo were fetched correctly. Do they run?

[iJustinCabral]

For ROPgadget I normally just run --binary and --ropchain but I did a run with both of your suggested flags and it still works as normally intended.

I've also tested each of the binaries to make sure that they run as intended. The "origin binaries" seem to run just fine, as well as the "reduced binaries". I provided some examples below using mkdir and rm.

And this is the output with GSA when analyzing the mkdir sample binaries:

For my GSA set up, I'm using a docker container which pulls the angr framework, then I install ROPgadget and clone the GSA repository to the container. ROPgadget as you can see works fine, but perhaps there's something happening with the angr framework that's having an effect on the GSA.py script?

I'm pretty stumped on this. Thanks for the continued help trouble shooting.

[michaelbrownuc]

When GSA shows output like this, it is typically the result of an error running ROPgadget under the hood. To diagnose further, we will need to see exactly what GSA is getting when it runs ROPgadget in your environment.

Please add print(output) at line 182 of GadgetSet.py. Then re-run the tool and tell me what the output looks like.

[iJustinCabral]

Ok so I added print(output) to line 182 in GadgetSet.py:

And the error I got was Can't open the binary or binary not found :

So it looks like even though removing --output_addresses removed the initial error from earlier, there still seems to be an error with analyzing the reduced binary.

[iJustinCabral]

Solved the problem. It looks like there was just a missing . in order to move the directory up one place before analyzing the binaries.

So the correct statement was :

python3 GSA.py --output_metrics --output_addresses ../samples/CHISEL/date/date-8.21.origin "{'Aggressive':'../samples/CHISEL/date/date-8.21.reduced'}"

Thank you for all the help with the trouble shooting. Looking forward to using this tool for my work.

[michaelbrownuc]

Glad you figured out the issue. I've updated the README to fix the error. Thanks!