Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

asm() using the incorrect assembler for amd64 architecture #2509

Closed
CuB3y0nd opened this issue Dec 24, 2024 · 3 comments
Closed

asm() using the incorrect assembler for amd64 architecture #2509

CuB3y0nd opened this issue Dec 24, 2024 · 3 comments
Labels
backport-required bug

Comments

@CuB3y0nd
Copy link

Test Code

#!/usr/bin/python3

from pwn import asm, context

context(os="linux", arch="amd64", log_level="debug", terminal="kitty")

shellcode = asm(
    """
execve:
    lea rdi, [rip+shell]
    mov rsi, 0x0
    mov rdx, 0x0
    mov rax, SYS_execve
    syscall
shell:
    .string "/bin/sh"
    """
)

Debug Output

================================================================================
= Started at 2024-12-24T13:13:56                                               =
= sys.argv = [                                                                 =
=   './test.py',                                                               =
= ]                                                                            =
================================================================================
2024-12-24T13:13:56:DEBUG:pwnlib.asm:cpp -C -nostdinc -undef -P -I/usr/lib/python3.13/site-packages/pwnlib/data/includes /dev/stdin
2024-12-24T13:13:56:DEBUG:pwnlib.asm:Assembling
.section .shellcode,"awx"
.global _start
.global __start
_start:
__start:
.intel_syntax noprefix
.p2align 0
execve:
    lea rdi, [rip+shell]
    mov rsi, 0x0
    mov rdx, 0x0
    mov rax, 59
    syscall
shell:
    .string "/bin/sh"

2024-12-24T13:13:56:DEBUG:pwnlib.asm:/usr/bin/i386-elf-as -64 -o /tmp/pwn-asm-eenxda9n/step2 /tmp/pwn-asm-eenxda9n/step1
2024-12-24T13:13:56:ERROR:pwnlib.asm:There was an error running ['/usr/bin/i386-elf-as', '-64', '-o', '/tmp/pwn-asm-eenxda9n/step2', '/tmp/pwn-asm-eenxda9n/step1']:
It had the exitcode 1.
It had this on stdout:
Assembler messages:
Fatal error: no compiled in support for x86_64


2024-12-24T13:13:56:ERROR:pwnlib.asm:An error occurred while assembling:
   1: .section .shellcode,"awx"
   2: .global _start
   3: .global __start
   4: _start:
   5: __start:
   6: .intel_syntax noprefix
   7: .p2align 0
   8: execve:
   9:     lea rdi, [rip+shell]
  10:     mov rsi, 0x0
  11:     mov rdx, 0x0
  12:     mov rax, 59
  13:     syscall
  14: shell:
  15:     .string "/bin/sh"
Traceback (most recent call last):
  File "/usr/lib/python3.13/site-packages/pwnlib/asm.py", line 776, in asm
    _run(assembler + ['-o', step2, step1])
    ~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.13/site-packages/pwnlib/asm.py", line 431, in _run
    log.error(msg, *args)
    ~~~~~~~~~^^^^^^^^^^^^
  File "/usr/lib/python3.13/site-packages/pwnlib/log.py", line 439, in error
    raise PwnlibException(message % args)
pwnlib.exception.PwnlibException: There was an error running ['/usr/bin/i386-elf-as', '-64', '-o', '/tmp/pwn-asm-eenxda9n/step2', '/tmp/pwn-asm-eenxda9n/step1']:
It had the exitcode 1.
It had this on stdout:
Assembler messages:
Fatal error: no compiled in support for x86_64

Environment

λ ~/ neofetch
                   -`                    cub3y0nd@Lux 
                  .o+`                   ------------ 
                 `ooo/                   OS: Arch Linux x86_64 
                `+oooo:                  Host: ASUS TUF Gaming A15 FA506IV_FA506IV 1.0 
               `+oooooo:                 Kernel: 6.12.6-zen1-1-zen 
               -+oooooo+:                Uptime: 2 hours, 43 mins 
             `/:-:++oooo+:               Packages: 1354 (pacman), 10 (flatpak) 
            `/++++/+++++++:              Shell: zsh 5.9 
           `/++++++++++++++:             Resolution: 1920x1080 
          `/+++ooooooooooooo/`           WM: bspwm 
         ./ooosssso++osssssso+`          Theme: TokyoNight-zk [GTK2/3] 
        .oossssso-````/ossssss+`         Icons: TokyoNight-SE [GTK2/3] 
       -osssssso.      :ssssssso.        Terminal: kitty 
      :osssssss/        osssso+++.       CPU: AMD Ryzen 7 4800H with Radeon Graphics (16) @ 2.900GHz 
     /ossssssss/        +ssssooo/-       GPU: NVIDIA GeForce RTX 2060 Mobile 
   `/ossssso+/:-        -:/+osssso+-     GPU: AMD ATI Radeon Vega Series / Radeon Vega Mobile Series 
  `+sso+:-`                 `.-/+oso:    Memory: 7467MiB / 15401MiB 
 `++:.                           `-/+/
 .`                                 `/                           
                                                                 


λ ~/ as --version
GNU assembler (GNU Binutils) 2.43.0
Copyright (C) 2024 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or later.
This program has absolutely no warranty.
This assembler was configured for a target of `x86_64-pc-linux-gnu'.
λ ~/ i386-elf-as --version
GNU assembler (GNU Binutils) 2.42
Copyright (C) 2024 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or later.
This program has absolutely no warranty.
This assembler was configured for a target of `i386-elf'.
λ ~/ i386-elf-as --help | grep 64
  --32/--64/--x32         generate 32bit/64bit/x32 object
                           default, push, pop, generic32, generic64, i386, i486,
                           movdiri, movdir64b, avx512_bf16, avx512_vp2intersect,
                           generic32, generic64, i8086, i186, i286, i386, i486,
  -mamd64                 accept only AMD64 ISA [default]
  -mintel64               accept only Intel64 ISA
λ ~/ i386-elf-as -64             
Assembler messages:
Fatal error: no compiled in support for x86_64
λ ~/ python                        
Python 3.13.1 (main, Dec  4 2024, 18:05:56) [GCC 14.2.1 20240910] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pwn
>>> pwn.version
'4.13.1'
>>>
@CuB3y0nd CuB3y0nd changed the title asm() using the incorrect assembler for am64 architecture asm() using the incorrect assembler for amd64 architecture Dec 24, 2024
@Arusekk
Copy link
Member

Arusekk commented Dec 24, 2024
edited
Loading

Thank you for the report! I think the correct fix would be to assign priorities to binutils prefixes, so that if both i*86-*-as and x*64-*-as are found, the latter should take precedence. I was unaware that x86 gcc can have amd64 disabled, thanks for noticing.

Would you mind to submit a PR with fixes?

@CuB3y0nd
Copy link
Author

Thank you for the report! I think the correct fix would be to assign priorities to binutils prefixes, so that if both i*86-*-as and x*64-*-as are found, the latter should take precedence. I was unaware that x86 gcc can have amd64 disabled, thanks for noticing.

Would you mind to submit a PR with fixes?

Alright, ill try.

@CuB3y0nd CuB3y0nd mentioned this issue Dec 24, 2024
Open
@CuB3y0nd
Copy link
Author

I tried in my local environment, and fixed with this PR #2510.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backport-required bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Arusekk @CuB3y0nd