How to run/debug binary arm/mips architecture on a Linux host

How to run/debug binary arm/mips architecture on a Linux host

Original link [email protected]
The binary used in this paper is from the Add,typo two questions of PWN on Jarvis OJ.

The main purpose of this tutorial is to make the PWN of other system architectures, so the first step is to set up the environment, search online a wave, found a lot of tutorials are need Raspberry Pi, chip and other hardware, and then build GDB, Later in practice, it was found that it was easy to run and debug the heterogeneous binary using QEMU, so share my approach here.

Host information:

For an example of a newly installed Deepin virtual machine (based on Debian), the details are as follows:

Preparatory Environment Installation:

• Install Git,gdb and Gdb-multiarch, while installing BINFMT to identify file types

sudosudosudo"binfmt*"

• Installing GDB plug-in pwndbg (or a multi-schema-enabled plugin such as GEF)

gitcd./setup.sh

After the installation.

• Install Pwntools, unnecessary, but definitely write exp artifact

bash $ sudo pip install pwntools

To install QEMU:

sudo apt-get install qemu-user

Simulate the arm/mips environment with QEMU for debugging

To install a shared library:

At this point, you can already run a static-linked arm/mips binary, such as:

However, you cannot run a binary that is dynamically linked, such as:

This requires us to install the corresponding schema of the shared library, can be searched by the following command:

apt-cache"libc6"|grep ARCH

We just need to install a libc6-arch-cross -like form.

Run:

The binary of the static link runs directly, it automatically calls the corresponding architecture of QEMU;

Dynamically linked Bianry need to specify shared library paths with the corresponding QEMU, such as 32-bit dynamic-link MIPS binary

Use-l to specify a shared library:

qemu-mipsel -L /usr/mipsel-linux-gnu/ ./add

Debugging:

You can use QEMU-G to specify the port

qemu-mipsel -g 1234 -L /usr/mipsel-linux-gnu/ ./add

Then use Gdb-multiarch to debug, specify the schema, and then use the remote function

pwndbg> set architecture mipspwndbg> target remote localhost:1234

So we can do the debugging.

：

More

Similarly, if you want to run or debug binary for other schemas, you can simply install the QEMU and shared libraries of other schemas

Reference

Https://docs.pwntools.com/en/stable/qemu.html

Https://reverseengineering.stackexchange.com/questions/8829/cross-debugging-for-arm-mips-elf-with-qemu-toolchain

How to run/debug binary arm/mips architecture on a Linux host