New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: Building midgetpack on OpenBSD? #3

Closed
ghost opened this Issue May 8, 2017 · 5 comments

Comments

Projects
None yet
1 participant
@ghost

ghost commented May 8, 2017

Where is the problem?
$ uname -a
OpenBSD tested.com 6.1 GENERIC.MP#49 amd64

 $ ./src/tests/test-amd64-dynamic
Hello, world !

$ ./src/packer/midgetpack -o test -p src/tests/test-amd64-dynamic
amd64 ELF file
Adding new pheader with vaddr base 229089280, offset 5778664612848 of filesz 7296
Please enter password:
Enter the password again:

$ file test
test: data

 $ cp src/stub/freebsd_amd64.s src/stub/openbsd_amd64.s
 $ vim src/stub/openbsd_amd64.s
 # add 
.section ".note.openbsd.ident", "a"
        .p2align 2
        .long 8
        .long 4
        .long 1
        .ascii "OpenBSD\0"
        .long 0
        .p2align 2
Edit:
mmap:
	push %r10
	mov %rcx, %r10
	#shr $0xc, %rbp # mmap2 uses *4096
-	mov $477, %rax # sys_mmap
+	mov $197, %rax # sys_mmap

 $ CC="egcc" cmake ..
-- The C compiler identification is GNU 4.9.4
-- Check for working C compiler: /usr/local/bin/egcc
-- Check for working C compiler: /usr/local/bin/egcc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Performing Test CCOMPILER_64
-- Performing Test CCOMPILER_64 - Success
-- Performing Test WITH_VISIBILITY_HIDDEN
-- Performing Test WITH_VISIBILITY_HIDDEN - Success
-- Looking for argp.h
-- Looking for argp.h - found
-- Looking for unistd.h
-- Looking for unistd.h - found
-- Check if the system is big endian
-- Searching 16 bit integer
-- Looking for sys/types.h
-- Looking for sys/types.h - found
-- Looking for stdint.h
-- Looking for stdint.h - found
-- Looking for stddef.h
-- Looking for stddef.h - found
-- Check size of unsigned short
-- Check size of unsigned short - done
-- Using unsigned short
-- Check if the system is big endian - little endian
-- Found Argp: /usr/local/lib/libargp.a  
-- The ASM-ATT compiler identification is GNU
-- Found assembler: /usr/bin/as
Using precompiled x86
Exec: stub_linux_amd64
Exec: stub_freebsd_amd64
Exec: stub_openbsd_amd64
Using precompiled arm
-- Configuring done
-- Generating done
-- Build files have been written to: /home/user/Downloads/midgetpack/build

$ make
Scanning dependencies of target mp_shared_static
[  2%] Building C object src/shared/CMakeFiles/mp_shared_static.dir/aes.c.o
[  4%] Building C object src/shared/CMakeFiles/mp_shared_static.dir/crypto.c.o
[  6%] Building C object src/shared/CMakeFiles/mp_shared_static.dir/curve25519_ref.c.o
[  9%] Building C object src/shared/CMakeFiles/mp_shared_static.dir/sha256.c.o
[ 11%] Linking C static library libshared.a
[ 11%] Built target mp_shared_static
Scanning dependencies of target mp_shared_static_amd64
[ 13%] Building C object src/shared/CMakeFiles/mp_shared_static_amd64.dir/aes.c.o
[ 15%] Building C object src/shared/CMakeFiles/mp_shared_static_amd64.dir/crypto.c.o
[ 18%] Building C object src/shared/CMakeFiles/mp_shared_static_amd64.dir/curve25519_ref.c.o
[ 20%] Building C object src/shared/CMakeFiles/mp_shared_static_amd64.dir/sha256.c.o
[ 22%] Linking C static library libshared_amd64.a
[ 22%] Built target mp_shared_static_amd64
Scanning dependencies of target mp_libstub_static_amd64
[ 25%] Building C object src/stub/CMakeFiles/mp_libstub_static_amd64.dir/pack_common.c.o
[ 27%] Linking C static library libstubamd64.a
[ 27%] Built target mp_libstub_static_amd64
Scanning dependencies of target stub_freebsd_amd64
[ 29%] Building ASM-ATT object src/stub/CMakeFiles/stub_freebsd_amd64.dir/pack_amd64.s.o
[ 31%] Building ASM-ATT object src/stub/CMakeFiles/stub_freebsd_amd64.dir/freebsd_amd64.s.o
[ 34%] Linking ASM-ATT executable stub_freebsd_amd64
[ 34%] Built target stub_freebsd_amd64
Scanning dependencies of target stub_openbsd_amd64
[ 36%] Building ASM-ATT object src/stub/CMakeFiles/stub_openbsd_amd64.dir/pack_amd64.s.o
[ 38%] Building ASM-ATT object src/stub/CMakeFiles/stub_openbsd_amd64.dir/openbsd_amd64.s.o
[ 40%] Linking ASM-ATT executable stub_openbsd_amd64
[ 40%] Built target stub_openbsd_amd64
Scanning dependencies of target stub_linux_amd64
[ 43%] Building ASM-ATT object src/stub/CMakeFiles/stub_linux_amd64.dir/pack_amd64.s.o
[ 45%] Building ASM-ATT object src/stub/CMakeFiles/stub_linux_amd64.dir/linux_amd64.s.o
[ 47%] Linking ASM-ATT executable stub_linux_amd64
[ 47%] Built target stub_linux_amd64
[ 50%] Generating stub_linux_armv6
[ 52%] Generating stub_linux_armv6.o
[ 54%] Generating stub_openbsd_amd64.o
[ 56%] Generating stub_freebsd_amd64.o
[ 59%] Generating stub_linux_amd64.o
[ 61%] Generating stub_openbsd_x86
[ 63%] Generating stub_openbsd_x86.o
[ 65%] Generating stub_freebsd_x86
[ 68%] Generating stub_freebsd_x86.o
[ 70%] Generating stub_linux_x86
[ 72%] Generating stub_linux_x86.o
Scanning dependencies of target stubs
[ 75%] Linking C static library libstubs.a
[ 75%] Built target stubs
Scanning dependencies of target mpkex
[ 77%] Building C object src/packer/CMakeFiles/mpkex.dir/crypto.c.o
[ 79%] Building C object src/packer/CMakeFiles/mpkex.dir/mpkex.c.o
[ 81%] Linking C executable mpkex
[ 81%] Built target mpkex
Scanning dependencies of target midgetpack
[ 84%] Building C object src/packer/CMakeFiles/midgetpack.dir/crypto.c.o
[ 86%] Building C object src/packer/CMakeFiles/midgetpack.dir/elf.c.o
[ 88%] Building C object src/packer/CMakeFiles/midgetpack.dir/midgetpack.c.o
[ 90%] Linking C executable midgetpack
[ 90%] Built target midgetpack
Scanning dependencies of target test-amd64-static
[ 93%] Building C object src/tests/CMakeFiles/test-amd64-static.dir/test.c.o
[ 95%] Linking C executable test-amd64-static
[ 95%] Built target test-amd64-static
Scanning dependencies of target test-amd64-dynamic
[ 97%] Building C object src/tests/CMakeFiles/test-amd64-dynamic.dir/test.c.o
[100%] Linking C executable test-amd64-dynamic
[100%] Built target test-amd64-dynami

$ ./src/stub/stub_openbsd_amd64
[1]    53199 segmentation fault  ./stub_openbsd_amd64

# recompile 
# remove tags "-Ttext=0xba000f0 -Tdata=0xba10000"

$ ./src/stub/stub_openbsd_amd64
[1]    4209 bus error  ./stub_openbsd_amd64
@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 24, 2017

I know this does not support OpenBSD but I think it will work. I think it would be good to share the following information.

 $ ./stub_openbsd_amd64
starting stub ...
[1]    71161 segmentation fault  ./stub_openbsd_amd64
 ~/Downloads/midgetpack/build/src/stub

(gdb) > i fil                                                                                                                               
Symbols from 
"/home/ucharfli/Downloads/midgetpack/build/src/stub/stub_openbsd_amd64".                                                                
Local exec file:                                                                                                                            
        
`/home/ucharfli/Downloads/midgetpack/build/src/stub/stub_openbsd_amd64', file type elf64-x86-64.                                             
        Entry point: 0x2a8                                                                                                                  
        0x00000000000002a8 - 0x000000000000473e is .text                                                                                    
        0x0000000000104740 - 0x0000000000104770 is .note.openbsd.ident                                                                      
        0x0000000000104770 - 0x00000000001047b0 is .hash                                                                                    
        0x00000000001047b0 - 0x00000000001048b8 is .dynsym                                                                                  
        0x00000000001048b8 - 0x00000000001048eb is .dynstr                                                                                  
        0x00000000001048f0 - 0x0000000000104908 is .rela.dyn                                                                                
        0x0000000000104940 - 0x0000000000104da0 is .rodata                                                                                  
        0x0000000000104da0 - 0x0000000000105540 is .eh_frame                                                                                
        0x0000000000205ef0 - 0x0000000000205fe0 is .dynamic                                                                                 
        0x0000000000205fe0 - 0x0000000000206000 is .got                                                                                     
        0x0000000000206000 - 0x0000000000206140 is .data                                                                                    
        0x0000000000206140 - 0x0000000000206170 is .bss
(gdb) > r
Starting program: 
/home/ucharfli/Downloads/midgetpack/build/src/stub/stub_openbsd_amd64 
starting stub ...

Program received signal SIGSEGV, Segmentation fault.
0x0000064c4170447c in ?? ()
(gdb) > bt                                                                                                                                  
#0  0x0000064c4170447c in ?? ()                                                                                                             
#1  0x0000064c4170105d in ?? ()                                                                                                             
#2  0x0000064c417002b8 in ?? ()  = file pack_amd64.s
#3  0x0000000000000000 in ?? ()

(gdb) > disas 0x0000064c4170447c,0x0000064c417044a7                                                                                         
Dump of assembler code from 0x64c4170447c to 0x64c417044a7:                                                                                 
=> 0x0000064c4170447c:  mov    BYTE PTR [rbp+rax*4+0x3],dl                                                                                  
   0x0000064c41704480:  shr    ecx,0x8                                                                                                      
   0x0000064c41704483:  mov    BYTE PTR [rbp+rax*4+0x2],cl                                                                                  
   0x0000064c41704487:  mov    ecx,edx                                                                                                      
   0x0000064c41704489:  shr    edx,0x18                                                                                                     
   0x0000064c4170448c:  shr    ecx,0x10                                                                                                     
   0x0000064c4170448f:  mov    BYTE PTR [rbp+rax*4+0x0],dl                                                                                  
   0x0000064c41704493:  mov    BYTE PTR [rbp+rax*4+0x1],cl                                                                                  
   0x0000064c41704497:  inc    rax                                                                                                          
   0x0000064c4170449a:  cmp    rax,0x8                                                                                                      
   0x0000064c4170449e:  jne    0x64c41704477                                                                                                
   0x0000064c417044a0:  mov    rdi,rbx                                                                                                      
   0x0000064c417044a3:  mov    ecx,0x1a                                                                                                     
End of assembler dump.
(gdb) > disas 0x0000064c4170105d,0x0000064c417010a7                                                                                         
Dump of assembler code from 0x64c4170105d to 0x64c417010a7:                                                                                 
   0x0000064c4170105d:  mov    edx,DWORD PTR [rip+0x204fbd]        # 0x64c41906020                                                          
   0x0000064c41701063:  test   edx,edx                                                                                                      
   0x0000064c41701065:  je     0x64c41701078                                                                                                
   0x0000064c41701067:  mov    rsi,QWORD PTR [rip+0x204faa]        # 0x64c41906018                                                          
   0x0000064c4170106e:  mov    edi,0x1                                                                                                      
   0x0000064c41701073:  call   0x64c417002ed                                                                                                
   0x0000064c41701078:  xor    eax,eax                                                                                                      
   0x0000064c4170107a:  xor    r13d,r13d                                                                                                    
   0x0000064c4170107d:  call   0x64c41700c8b                                                                                                
   0x0000064c41701082:  movzx  r14d,WORD PTR [rbp+0x38]                                                                                     
   0x0000064c41701087:  mov    r15,QWORD PTR [rip+0x204f7a]        # 0x64c41906008                                                          
   0x0000064c4170108e:  add    r15,QWORD PTR [rbp+0x20]                                                                                     
   0x0000064c41701092:  imul   r14,r14,0x38                                                                                                 
   0x0000064c41701096:  lea    r12,[r15+0x10]                                                                                               
   0x0000064c4170109a:  add    r14,r12                                                                                                      
   0x0000064c4170109d:  cmp    r12,r14                                                                                                      
   0x0000064c417010a0:  je     0x64c41701128                                                                                                
   0x0000064c417010a6:  cmp    DWORD PTR [r12-0x10],0x1                                                                                     
End of assembler dump.
(gdb) > disas 0x0000064c417002b8,0x0000064c417002e7
Dump of assembler code from 0x64c417002b8 to 0x64c417002e7:                                                                                 
   0x0000064c417002b8:  pop    rdi                                                                                                          
   0x0000064c417002b9:  pop    rsi                                                                                                          
   0x0000064c417002ba:  pop    rdx                                                                                                          
   0x0000064c417002bb:  pop    rcx                                                                                                          
   0x0000064c417002bc:  pop    rbx                                                                                                          
   0x0000064c417002bd:  xor    rbp,rbp                                                                                                      
   0x0000064c417002c0:  push   rax                                                                                                          
   0x0000064c417002c1:  xor    rax,rax                                                                                                      
   0x0000064c417002c4:  ret                                                                                                                 
   0x0000064c417002c5:  rdtsc                                                                                                               
   0x0000064c417002c7:  mov    DWORD PTR [rdi],eax                                                                                          
   0x0000064c417002c9:  mov    DWORD PTR [rdi+0x4],edx                                                                                      
   0x0000064c417002cc:  ret                                                                                                                 
   0x0000064c417002cd:  nop                                                                                                                 
   0x0000064c417002ce:  nop                                                                                                                 
   0x0000064c417002cf:  nop                                                                                                                 
   0x0000064c417002d0:  push   r10                                                                                                          
   0x0000064c417002d2:  mov    r10,rcx                                                                                                      
   0x0000064c417002d5:  mov    rax,0x1dd                                                                                                    
   0x0000064c417002dc:  syscall                                                                                                             
   0x0000064c417002de:  pop    r10                                                                                                          
   0x0000064c417002e0:  ret                                                                                                                 
   0x0000064c417002e1:  syscall                                                                                                             
   0x0000064c417002e3:  ret                                                                                                                 
   0x0000064c417002e4:  mov    rax,0x49

ghost commented May 24, 2017

I know this does not support OpenBSD but I think it will work. I think it would be good to share the following information.

 $ ./stub_openbsd_amd64
starting stub ...
[1]    71161 segmentation fault  ./stub_openbsd_amd64
 ~/Downloads/midgetpack/build/src/stub

(gdb) > i fil                                                                                                                               
Symbols from 
"/home/ucharfli/Downloads/midgetpack/build/src/stub/stub_openbsd_amd64".                                                                
Local exec file:                                                                                                                            
        
`/home/ucharfli/Downloads/midgetpack/build/src/stub/stub_openbsd_amd64', file type elf64-x86-64.                                             
        Entry point: 0x2a8                                                                                                                  
        0x00000000000002a8 - 0x000000000000473e is .text                                                                                    
        0x0000000000104740 - 0x0000000000104770 is .note.openbsd.ident                                                                      
        0x0000000000104770 - 0x00000000001047b0 is .hash                                                                                    
        0x00000000001047b0 - 0x00000000001048b8 is .dynsym                                                                                  
        0x00000000001048b8 - 0x00000000001048eb is .dynstr                                                                                  
        0x00000000001048f0 - 0x0000000000104908 is .rela.dyn                                                                                
        0x0000000000104940 - 0x0000000000104da0 is .rodata                                                                                  
        0x0000000000104da0 - 0x0000000000105540 is .eh_frame                                                                                
        0x0000000000205ef0 - 0x0000000000205fe0 is .dynamic                                                                                 
        0x0000000000205fe0 - 0x0000000000206000 is .got                                                                                     
        0x0000000000206000 - 0x0000000000206140 is .data                                                                                    
        0x0000000000206140 - 0x0000000000206170 is .bss
(gdb) > r
Starting program: 
/home/ucharfli/Downloads/midgetpack/build/src/stub/stub_openbsd_amd64 
starting stub ...

Program received signal SIGSEGV, Segmentation fault.
0x0000064c4170447c in ?? ()
(gdb) > bt                                                                                                                                  
#0  0x0000064c4170447c in ?? ()                                                                                                             
#1  0x0000064c4170105d in ?? ()                                                                                                             
#2  0x0000064c417002b8 in ?? ()  = file pack_amd64.s
#3  0x0000000000000000 in ?? ()

(gdb) > disas 0x0000064c4170447c,0x0000064c417044a7                                                                                         
Dump of assembler code from 0x64c4170447c to 0x64c417044a7:                                                                                 
=> 0x0000064c4170447c:  mov    BYTE PTR [rbp+rax*4+0x3],dl                                                                                  
   0x0000064c41704480:  shr    ecx,0x8                                                                                                      
   0x0000064c41704483:  mov    BYTE PTR [rbp+rax*4+0x2],cl                                                                                  
   0x0000064c41704487:  mov    ecx,edx                                                                                                      
   0x0000064c41704489:  shr    edx,0x18                                                                                                     
   0x0000064c4170448c:  shr    ecx,0x10                                                                                                     
   0x0000064c4170448f:  mov    BYTE PTR [rbp+rax*4+0x0],dl                                                                                  
   0x0000064c41704493:  mov    BYTE PTR [rbp+rax*4+0x1],cl                                                                                  
   0x0000064c41704497:  inc    rax                                                                                                          
   0x0000064c4170449a:  cmp    rax,0x8                                                                                                      
   0x0000064c4170449e:  jne    0x64c41704477                                                                                                
   0x0000064c417044a0:  mov    rdi,rbx                                                                                                      
   0x0000064c417044a3:  mov    ecx,0x1a                                                                                                     
End of assembler dump.
(gdb) > disas 0x0000064c4170105d,0x0000064c417010a7                                                                                         
Dump of assembler code from 0x64c4170105d to 0x64c417010a7:                                                                                 
   0x0000064c4170105d:  mov    edx,DWORD PTR [rip+0x204fbd]        # 0x64c41906020                                                          
   0x0000064c41701063:  test   edx,edx                                                                                                      
   0x0000064c41701065:  je     0x64c41701078                                                                                                
   0x0000064c41701067:  mov    rsi,QWORD PTR [rip+0x204faa]        # 0x64c41906018                                                          
   0x0000064c4170106e:  mov    edi,0x1                                                                                                      
   0x0000064c41701073:  call   0x64c417002ed                                                                                                
   0x0000064c41701078:  xor    eax,eax                                                                                                      
   0x0000064c4170107a:  xor    r13d,r13d                                                                                                    
   0x0000064c4170107d:  call   0x64c41700c8b                                                                                                
   0x0000064c41701082:  movzx  r14d,WORD PTR [rbp+0x38]                                                                                     
   0x0000064c41701087:  mov    r15,QWORD PTR [rip+0x204f7a]        # 0x64c41906008                                                          
   0x0000064c4170108e:  add    r15,QWORD PTR [rbp+0x20]                                                                                     
   0x0000064c41701092:  imul   r14,r14,0x38                                                                                                 
   0x0000064c41701096:  lea    r12,[r15+0x10]                                                                                               
   0x0000064c4170109a:  add    r14,r12                                                                                                      
   0x0000064c4170109d:  cmp    r12,r14                                                                                                      
   0x0000064c417010a0:  je     0x64c41701128                                                                                                
   0x0000064c417010a6:  cmp    DWORD PTR [r12-0x10],0x1                                                                                     
End of assembler dump.
(gdb) > disas 0x0000064c417002b8,0x0000064c417002e7
Dump of assembler code from 0x64c417002b8 to 0x64c417002e7:                                                                                 
   0x0000064c417002b8:  pop    rdi                                                                                                          
   0x0000064c417002b9:  pop    rsi                                                                                                          
   0x0000064c417002ba:  pop    rdx                                                                                                          
   0x0000064c417002bb:  pop    rcx                                                                                                          
   0x0000064c417002bc:  pop    rbx                                                                                                          
   0x0000064c417002bd:  xor    rbp,rbp                                                                                                      
   0x0000064c417002c0:  push   rax                                                                                                          
   0x0000064c417002c1:  xor    rax,rax                                                                                                      
   0x0000064c417002c4:  ret                                                                                                                 
   0x0000064c417002c5:  rdtsc                                                                                                               
   0x0000064c417002c7:  mov    DWORD PTR [rdi],eax                                                                                          
   0x0000064c417002c9:  mov    DWORD PTR [rdi+0x4],edx                                                                                      
   0x0000064c417002cc:  ret                                                                                                                 
   0x0000064c417002cd:  nop                                                                                                                 
   0x0000064c417002ce:  nop                                                                                                                 
   0x0000064c417002cf:  nop                                                                                                                 
   0x0000064c417002d0:  push   r10                                                                                                          
   0x0000064c417002d2:  mov    r10,rcx                                                                                                      
   0x0000064c417002d5:  mov    rax,0x1dd                                                                                                    
   0x0000064c417002dc:  syscall                                                                                                             
   0x0000064c417002de:  pop    r10                                                                                                          
   0x0000064c417002e0:  ret                                                                                                                 
   0x0000064c417002e1:  syscall                                                                                                             
   0x0000064c417002e3:  ret                                                                                                                 
   0x0000064c417002e4:  mov    rax,0x49
@arisada

This comment has been minimized.

Show comment
Hide comment
@arisada

arisada May 24, 2017

Owner

$ file test
test: data

Someone reported me a similar bug but was not allowed to share the sample. It's hard to say what is happening here. It's possible the text and data offsets aren't right.

Owner

arisada commented May 24, 2017

$ file test
test: data

Someone reported me a similar bug but was not allowed to share the sample. It's hard to say what is happening here. It's possible the text and data offsets aren't right.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 24, 2017

Thank you for the answer, but I was inadequate.I think I have to work a bit more on this topic.
Finally, you will be editing for OpenBSD?

ghost commented May 24, 2017

Thank you for the answer, but I was inadequate.I think I have to work a bit more on this topic.
Finally, you will be editing for OpenBSD?

@arisada

This comment has been minimized.

Show comment
Hide comment
@arisada

arisada May 24, 2017

Owner

you're welcome. Unfortunately I have little time to spend on midgetpack right now, but OpenBSD is an important enough platform that I should at least have a look. I have very little ELF experience with OpenBSD so I'm not sure how it would differ from FreeBSD. IMO the W^X will cause some troubles when mmaping rwx segments.

Owner

arisada commented May 24, 2017

you're welcome. Unfortunately I have little time to spend on midgetpack right now, but OpenBSD is an important enough platform that I should at least have a look. I have very little ELF experience with OpenBSD so I'm not sure how it would differ from FreeBSD. IMO the W^X will cause some troubles when mmaping rwx segments.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 24, 2017

I understand. Thanks for everything.

ghost commented May 24, 2017

I understand. Thanks for everything.

@ghost ghost closed this May 25, 2017

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment