ARM Exploitation

ARM32 바이너리 취약점 분석 환경 구축

라즈베리파이3에 ARM32 OS를 올리고, 바이너리 분석 관련 도구들 설치


1. 라즈베리 파이 이미지 굽기

$ wget http://downloads.raspberrypi.org/raspbian_latest
$ unzip raspbian_latest
$ sudo dd bs=4M if=2020-08-20-raspbian-buster.img of=/dev/sdc status=progress conv=fsync

2. 라즈베리 파이 최신 업데이트

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo rpi-update
$ sudo reboot

3. Python env 사용을 위한 miniconda 설치 및 세팅

$ wget https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-armv7l.sh
$ bash Miniconda3-latest-Linux-armv7l.sh
$ which python
/home/pi/miniconda3/bin/python
$ python --version
Python 3.4.3 :: Continuum Analytics, Inc.

$ conda create -n cpuu python=3.4
$ source activate cpuu
(cpuu)pi@raspberrypi:~ $ which python
/home/pi/miniconda3/envs/cpuu/bin/python
(cpuu)pi@raspberrypi:~ $ which pip
/home/pi/miniconda3/envs/cpuu/bin/pip

4. radare2 설치, python 연결을 위한 r2pipe 설치

$ git clone https://github.com/radareorg/radare2.git
$ cd radare2/
$ sys/install.sh
$ r2 -version
radare2 4.6.0-git 25119 @ linux-arm-32 git.4.4.0-790-g432fef043
commit: 432fef04307c8a0bfb7af319b6cb36d796ad9811 build: 2020-10-09__09:38:16

$ pip install r2pipe
Collecting r2pipe
  Downloading https://www.piwheels.org/simple/r2pipe/r2pipe-1.4.2-py3-none-any.whl
Installing collected packages: r2pipe
Successfully installed r2pipe-1.4.2

5. pwndbg 설치

$ git clone https://github.com/pwndbg/pwndbg
$ cd pwndbg
$ ./setup.sh
$ gdb
GNU gdb (Raspbian 8.2.1-2) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word".
pwndbg: loaded 186 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
pwndbg> q


(추가사항있을시 업데이트 예정)

Software Security Engineer

CPUU 님의 창작활동을 응원하고 싶으세요?

CPUU의 Daydreamin'
CPUU의 Daydreamin'
구독자 220

0개의 댓글

SNS 계정으로 간편하게 로그인하고 댓글을 남겨주세요.
새로운 알림이 없습니다.