-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Instrumenting ARM code making use of hardfault handlers and especially CFSR and BFAR registers #1971
Comments
I suspect it was fixed in dev branch, could you have a try? |
Thanks for coming back to me this quickly, will look at it when I get home. |
On Mon, 8 Jul 2024, r3-ck0 wrote:
Hi,
During a CTF I was debugging an ARM binary that was using hardfault handlers and I was
having a really difficult time, which was mostly skill issues, but I came to a spot that I
think might not be my own fault anymore.
I'm providing a script that might or might not give a seasoned unicorn veteran aneurysms,
sorry in advance, I hope you don't live in the US and can afford treatment. The binary in
question is here:
https://github.com/DownUnderCTF/Challenges_2024_Public/tree/main/hardware/crash-landing
I can run the code up to the point where the hardfault handler is triggered. The binary is
then supposed to copy the value from the flag into the R3 register, based on the value in
BFAR. However, when I run the below code, CFSR is empty, although it should, according to
the code, contain 0x8200.
I suspect this is related to the CPU you're using. The default CPU has the
MMU, whereas the registers you're trying to access only exist on the
M-variant ARMs without a MMU. I don't see anywhere that you select the
CPU type, so you need to select an M-variant CPU in order to even have
those registers available.
…--
Charles Justin Ferguson
[ My thoughts are my own. And sometimes they're not even sane. ]
|
Thank you for your input. I tried to changing to dev-branch by building it and then moving .so.2 and .a files to my python site-packages directory - I hope that's the correct way. It did not change the problem. I also updated the code as such:
But to no avail, the values stay
|
Any other ideas about this? |
Hi @r3-ck0, I was curious in this issue and played a little bit with your python script around. Since there are no direct hits, I dug a little bit deeper and tried to understand what unicorn do, so I wrote a small c sample application to have proper gdb debugger support to debug unicorn itself. (I will create a PR for that in the future I think) It seems you are out of luck here, as you are accessing peripherals which are not implemented in unicorn. You could implement an emulation of the device if you have the technical reference, to get the right behaviour. I did not read anything about the CTF itself, so I might be wrong here, but I guess the "medium" CTFs are written to be emulated with tools, without excessive programming. |
Hey @BitMaskMixer ! Thanks for looking into it - I was feeling the same way. It might be a great chance to look into the depths of unicorn. I understand that this is not the goal of the CTF, I was just curious and wanted to see if I can push the boundaries a bit :) |
Hi,
During a CTF I was debugging an ARM binary that was using hardfault handlers and I was having a really difficult time, which was mostly skill issues, but I came to a spot that I think might not be my own fault anymore.
I'm providing a script that might or might not give a seasoned unicorn veteran aneurysms, sorry in advance, I hope you don't live in the US and can afford treatment. The binary in question is here: https://github.com/DownUnderCTF/Challenges_2024_Public/tree/main/hardware/crash-landing
I can run the code up to the point where the hardfault handler is triggered. The binary is then supposed to copy the value from the flag into the R3 register, based on the value in BFAR. However, when I run the below code, CFSR is empty, although it should, according to the code, contain 0x8200.
Is this a bug? Is this something on QEMU? Or is this a skill issue on my side?
The text was updated successfully, but these errors were encountered: