search

rizinorg / rizin

UNIX-like reverse engineering framework and command-line toolset.
https://rizin.re
GNU Lesser General Public License v3.0
2.72k stars 363 forks source link

Debugging is broken on MacOS x86 and ARMv8, Linux ARMv8 #2696

Open XVilka opened 2 years ago

XVilka commented 2 years ago

Work environment

Questions Answers
OS/arch/bits (mandatory) MacOS x86, MacOS ARM64 (13.x), Linux ARMv8 (Alpine)
File format of the file you reverse (mandatory) Mach-O, ELF
Architecture/bits of the file (mandatory) x86_64, ARM64
rizin -v full output, not truncated (mandatory) rizin-0.4.0

Expected behavior

Actual behavior

File doesn't load properly

Steps to reproduce the behavior

  1. Compile fresh Rizin (dev or stable)
  2. codesign the binary
  3. rizin -d $(which rz-ax)

Observe PC pointing to 0, 0xFFs everywhere, all registers are empty, stepping doesn't work.

XVilka commented 2 years ago

https://github.com/rizinorg/rizin/commit/3dfc4b13097b468d66b857db5d7c0020b1767369 improved the situation but didn't completely fixed it. Rizin shows errors during the loading and stepping doesn't work properly:

rizin on  fix-io-magic [$] took 42s
[i] ℤ rizin -d $(which rz-ax)                                                                   07:27:15
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
 -- Change the size of the file with the 'r' (resize) command
[0x100b0c560]> dr
x0 = 0x00000000
x1 = 0x00000000
x2 = 0x00000000
x3 = 0x00000000
x4 = 0x00000000
x5 = 0x00000000
x6 = 0x00000000
x7 = 0x00000000
x8 = 0x00000000
x9 = 0x00000000
x10 = 0x00000000
x11 = 0x00000000
x12 = 0x00000000
x13 = 0x00000000
x14 = 0x00000000
x15 = 0x00000000
x16 = 0x00000000
x17 = 0x00000000
x18 = 0x00000000
x19 = 0x00000000
x20 = 0x00000000
x21 = 0x00000000
x22 = 0x00000000
x23 = 0x00000000
x24 = 0x00000000
x25 = 0x00000000
x26 = 0x00000000
x27 = 0x00000000
x28 = 0x00000000
x29 = 0x00000000
wzr = 0x00000000
zr = 0x00000000
fp = 0x00000000
lr = 0x6f57bd7000000000
sp = 0x16f57bd70
pc = 0x100b0c560
pstate = 0x100001000
nf = 0x00000000
[0x100b0c560]> ds
EXC_SOFTWARE
[0x100b0c560]> dr
x0 = 0x00000000
x1 = 0x00000000
x2 = 0x00000000
x3 = 0x00000000
x4 = 0x00000000
x5 = 0x00000000
x6 = 0x00000000
x7 = 0x00000000
x8 = 0x00000000
x9 = 0x00000000
x10 = 0x00000000
x11 = 0x00000000
x12 = 0x00000000
x13 = 0x00000000
x14 = 0x00000000
x15 = 0x00000000
x16 = 0x00000000
x17 = 0x00000000
x18 = 0x00000000
x19 = 0x00000000
x20 = 0x00000000
x21 = 0x00000000
x22 = 0x00000000
x23 = 0x00000000
x24 = 0x00000000
x25 = 0x00000000
x26 = 0x00000000
x27 = 0x00000000
x28 = 0x00000000
x29 = 0x00000000
wzr = 0x00000000
zr = 0x00000000
fp = 0x00000000
lr = 0x6f57bd7000000000
sp = 0x16f57bd70
pc = 0x100b0c564
pstate = 0x100001000
nf = 0x00000000
[0x100b0c560]>
XVilka commented 2 years ago

Retried with https://github.com/rizinorg/rizin/commit/97cc3ee4b7e36c490effc1951314a12016292072, problem is still there:

[i] ℤ rizin -d $(which rz-ax)                                                                                                                                                                               11:03:12
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_drx/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: rz_xnu_thread_get_gpr/thread_get_state: (os/kern) invalid argument
ERROR: Cannot create flag "map.rz_ax.r_x" at 0x104f40000 because there is already "segment.TEXT" flag
ERROR: Cannot create flag "map.rz_ax.rw" at 0x104f44000 because there is already "segment.DATA_CONST" flag
ERROR: Cannot create flag "map.rz_ax.r" at 0x104f48000 because there is already "segment.LINKEDIT" flag
[0x10516c560]>
XVilka commented 2 years ago

Too many changes required, moving off 0.4.1

XVilka commented 2 years ago

It seems also that even on Linux ARMv8 debugging doesn't work. It prints the same error message:

~/rizin$ bin/rizin -d bin/rz-ax
Process with PID 372004 started...
 -- For HTTP authentification 'e http.auth=1', 'e http.authfile=<path>'
[0x004001c0]> ds
drx: Unsupported platform
[0x004001c0]> ds
drx: Unsupported platform
[0x004001c0]> i
fd       3
file     /home/user/rizin/bin/rz-ax
size     0x7fffffffffffffff
humansz  8E
mode     rwx
format   elf64
iorw     true
block    0x100
referer  dbg://bin/rz-ax
type     EXEC (Executable file)
arch     arm
cpu      N/A
baddr    0x00400000
binsz    0x010109b2
bintype  elf
bits     64
class    ELF64
compiler GCC: (Alpine 11.2.1_git20220219) 11.2.1 20220219
dbg_file N/A
endian   LE
hdr.csum N/A
guid     N/A
intrp    N/A
laddr    0x00000000
lang     kotlin
machine  ARM aarch64
maxopsz  4
minopsz  4
os       linux
cc       N/A
pcalign  4
rpath    NONE
subsys   linux
stripped false
crypto   false
havecode true
va       true
sanitiz  false
static   true
linenum  true
lsyms    true
canary   true
PIE      false
RELROCS  true
NX       true

Note, also it determined the language of the statically compiled (Using Alpine ARMv8 docker) rz-ax as 'kotlin', not 'c' for some reason. cc @wargio (Looks like we search for symbols that contain "kotlin" string while Rizin has it - precisely the functions that check for kotlin strings :D )

Attaching the rz-ax file for testing. rz-ax.zip

XVilka commented 2 years ago

When I ran di the following errors happen as well:

ℤ rizin -d $(which rz-ax)
[0x1004d4560]> di
ptrace(PT_ATTACHEXC): Operation not permitted
ERROR: Failed to attach to processtype=none
signal=SIGSTOP
signum=17
sigpid=0
addr=0x0
bp_addr=0x0
inbp=false
baddr=0x0
pid=94469
tid=94469
stopaddr=0x0
uid=503
gid=20
exe=/Users/user/.local/bin/rz-ax
stopreason=0
[0x1004d4560]> dij
ptrace(PT_ATTACHEXC): Operation not permitted
ERROR: Failed to attach to process{"type":"none","signal":"SIGSTOP","signum":17,"sigpid":0,"addr":0,"inbp":"false","baddr":0,"stopaddr":0,"pid":94469,"tid":94469,"uid":503,"gid":20,"exe":"/Users/users/.local/bin/rz-ax","stopreason":0}
[0x1004d4560]>

Also bug is easily reproducible with Alpine ARMv8 VM in Lima on MacOS M1:

sProcess with PID 27802 started...
 -- This code was intentionally left blank, try 'e asm.arch=ws'
[0xffffa75414c0]> dr PC
pc = 0xffffa75414c0
[0xffffa75414c0]> dr R0
ERROR: No such register or register type: "R0"
[0xffffa75414c0]> dr A0
x0 = 0x00000000
[0xffffa75414c0]> ds
drx: Unsupported platform
[0xffffa75414c0]> dr PC
pc = 0xffffa75414c4
[0xffffa75414c0]> dr A0
x0 = 0x00000000
[0xffffa75414c0]> pd 1
            0xffffa75414c0      movz  x29, 0
[0xffffa75414c0]> ds 100
XVilka commented 1 year ago

Retested again with the latest commit, on MacOS 13.1 ARM64:

ℤ rizin -d $(which rz-ax)
 -- Check your IO plugins with 'rizin -L'
[0x102b3c950]> di
ptrace(PT_ATTACHEXC): Resource busy
ERROR: Failed to attach to processtype=none
signal=SIGSTOP
signum=17
sigpid=0
addr=0x0
bp_addr=0x0
inbp=false
baddr=0x0
pid=43747
tid=43747
stopaddr=0xffffffffffffffff
uid=503
gid=20
exe=/Users/user/.local/bin/rz-ax
stopreason=0
[0x102b3c950]> dr~pc
pc = 0x0000000102b3c950
[0x102b3c950]> ds
drx: Unsupported platform
[0x102b3c950]> dr~pc
pc = 0x0000000102b3c954
[0x102b3c950]>
Sfinx commented 1 year ago

Same here, rpi4:

root@rpi4:~# rizin -d /bin/ls
Process with PID 28973 started...
 -- Execute a command every time a breakpoint is hit with 'e cmd.bp=!my-program'
[0xffff817a6c00]> ds
drx: Unsupported platform
[0xffff817a6c00]>
XVilka commented 1 year ago

@imbillow for the Linux ARMv8 part, after debuginfod-related tasks are finished