Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ARM64 Win10 Support to Npcap #1590

Open
fyodor opened this issue May 9, 2019 · 9 comments

Comments

Projects
None yet
6 participants
@fyodor
Copy link

commented May 9, 2019

We are considering adding Windows 10 ARM64 support to Npcap. With that, we would support all 3 Windows 10 architectures. Windows 10 ARM64 is a new (released in late 2017) system that is used on some more portable laptop/tablet devices like the Samsung Galaxy Book 2. @pmsjt from Microsoft has already done and tested an initial port and submitted it as a pull request here: nmap/npcap#18 .
Having ARM64 Npcap should enable Nmap to work on these ARM64 devices too, which would be nice.

We're wondering how much Nmap/Npcap user interest there is in supporting Windows 10 ARM64? If it is something you want for a specific reason, please comment and describe your use case, including any particular devices you'd want to make sure are supported. Based on the responses, we'll decide whether to buy some ARM64 hardware and get to work. Thanks!

@fyodor fyodor changed the title Add ARM64 Support to Npcap Add ARM64 Win10 Support to Npcap May 9, 2019

@pmsjt

This comment has been minimized.

Copy link

commented May 9, 2019

@binarymaster

This comment has been minimized.

Copy link

commented May 9, 2019

We're wondering how much Nmap/Npcap user interest there is in supporting Windows 10 ARM64? If it is something you want for a specific reason, please comment and describe your use case

Latest insider build of Windows 10 ARM64 allows to run programs compiled for x86 and x64 architectures via emulation, so it potentially enables to use a wide variety of security auditing and penetration testing tools such as Nmap, Wireshark, Cain & Abel, Intercepter-NG, Router Scan, and much more.

All the tools outlined above heavily relies on Packet Capture API which Npcap implements. And since the emulation layer works only for user-mode apps, we need ARM64 versions of Npcap drivers and services.

including any particular devices you'd want to make sure are supported

As it was said above by @pmsjt, probably the easiest and cheapest way would be testing drivers in QEMU with KVM acceleration. As far as I know, it's possible to run Windows 10 in qemu-system-aarch64 with hardware acceleration on Rockchip RK3399 SoC. This includes NanoPi M4 board and Pinebook Pro, see this post for the reference.

Currently there are not many ARM64 devices which come with Windows 10 preinstalled, however they are rising with the time. For instance I know these ones:

  • ASUS NovaGo TP370QL
  • Lenovo Yoga C630-13Q50 WOS (aka Lenovo 81JL)
  • (the already mentioned) Samsung Galaxy Book 2

Besides the official devices, it's possible to deploy Windows 10 ARM64 on some other devices like IoT ones and phones, for which custom firmwares were created by enthusiasts.

@driver1998

This comment has been minimized.

Copy link

commented May 10, 2019

Although currently you only have networking over KDNET on KVM, I am not sure if npcap will work in this situation... @pmsjt

@pmsjt

This comment has been minimized.

Copy link

commented May 10, 2019

@guyharris

This comment has been minimized.

Copy link

commented May 10, 2019

If any changes to libpcap are needed (either code or CMake files), let us (tcpdump.org) know.

It probably won't matter, as the bulk of the code probably also runs on A64 systems (various Linux and perhaps *BSD devices, and perhaps even including iDevices, although libpcap isn't exported to third-party software), but....

@vielmetti

This comment has been minimized.

Copy link

commented May 10, 2019

I have one of those Yogas mentioned above and would be happy to try this code out once it's released.

@pmsjt

This comment has been minimized.

Copy link

commented May 10, 2019

Hi @vielmetti

If you are OK with testing my private test binaries, then here are some instructions:

The PR with the changes to npcap
nmap/npcap#18

My privately built files:
https://1drv.ms/u/s!Ag4DqZg51HWgvMhaoNHBjQvzOSYpGA?e=PCJGMA

  1. Pause bitlocker (so you can disable secure boot) (manage-bde.exe -protectors -disable c: -rc 10)
  2. Disable secure boot (so you can enable test signing) (shutdown /r /t 0 /fw ; this will restart your computer into the firmware settings - there disable secure boot)
  3. Enable testsigning (bcdedit /set testsigning on)
  4. To install the driver, just run the installer EXE in the ZIP
  5. The files in the “syswow64” folder in the ZIP need to be copied manually to c:\windows\syswow64 (the driver installer doesn’t do that automatically).

After this you can install any x86_32 program that requires winpcap/npcap like WireShark. When the installer asks you if you want to install these, unselect the corresponding checkbox.

@pmsjt

This comment has been minimized.

Copy link

commented May 10, 2019

@guyharris I made no changes to libpcap (yet). I only tackled the code under packetwin7 as my priority was to get the driver ported first, so that x86_32 apps could work. These will use the already available x86_32 userland binaries.

Even for the stuff under packetwin7, code changes were minimal. Just a handful of #ifdef adjustments that were hardwired for AMD64 instead of WIN64 generically. Most of the PR 'volume' is due to project configuration files which were upgraded to VS2017 (ARM64 requirement) and the addition of the ARM64 config.

@guyharris

This comment has been minimized.

Copy link

commented May 10, 2019

Even for the stuff under packetwin7, code changes were minimal. Just a handful of #ifdef adjustments that were hardwired for _AMD64_ instead of _WIN64_ generically.

There shouldn't currently be any of that in libpcap, given that it has had to build and run on both 32-bit and 64-bit versions of many platforms (x86, Power ISA, SPARC, IBM mainframes, PA-RISC, ARM, etc.) - it has few compile-time tests for 32-bit vs. 64-bit, and they aren't testing for 64-bit versions of particular ISAs, except for a hack in the Linux code to deal with an annoying misfeature in the original version of memory-mapped capture (fixed in later versions).

So you probably won't have to make any libpcap changes to handle 64-bit ARM (or 32-bit ARM or...).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.