Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pointer authentication-related instructions parsed as "invalid" #3175

Closed
R-Peleg opened this issue Nov 9, 2022 · 5 comments · Fixed by #4011
Closed

Pointer authentication-related instructions parsed as "invalid" #3175

R-Peleg opened this issue Nov 9, 2022 · 5 comments · Fixed by #4011
Assignees
@Rot127
Labels
ARM capstone test-required
Milestone
0.7.0

Comments

@R-Peleg
Copy link

R-Peleg commented Nov 9, 2022
edited
Loading

Work environment

Questions Answers
OS/arch/bits (mandatory) MacOS Monterey 12.6, Apple M1
File format of the file you reverse (mandatory) Mach-O 64-bit dynamically linked shared library arm64e
Architecture/bits of the file (mandatory) arm64e
rizin -v full output, not truncated (mandatory) rizin 0.5.0 @ darwin-arm-64 commit: 3a29179

Expected behavior

All of the opcodes are parsed correctly

Actual behavior

Instructions such as AUTA, BRAA are shown as "invalid"

Steps to reproduce the behavior

  • Please share the binary if it is shareable by drag and dropping it here in a zip archive (mandatory)
    CoreML.zip
➜  streaming_coreml rizin CoreML
[0x19df24000]> aa
[x] Analyze all flags starting with sym. and entry0 (aa)
[0x19df24000]> sf sym._objc_msgSend_init
[0x19e5706a0]> e asm.bytes=true
[0x19e5706a0]> pd 6
            ; XREFS: CALL 0x19df27270  CALL 0x19e169254  CALL 0x19e16d6d8  
            ; XREFS: CALL 0x19e19ca64  CALL 0x19e1b9520  CALL 0x19e1f3b80  
            ; XREFS: CALL 0x19e24dfe0  CALL 0x19e26df70  CALL 0x19e294fa8  
┌ sym._objc_msgSend_init ();
│ bp: 0 (vars 0, args 0)
│ sp: 0 (vars 0, args 0)
│ rg: 0 (vars 0, args 0)
│           0x19e5706a0      01e11bb0       adrp  x1, 0x1d6191000
│           0x19e5706a4      21e046f9       ldr   x1, [x1, 0xdc0]      ; [0xdc0:4]=-1 ; 3520
│           0x19e5706a8      11ce21f0       adrp  x17, 0x1e1f33000
│           0x19e5706ac      31420c91       add   x17, x17, 0x310
│           0x19e5706b0      300240f9       ldr   x16, [x17]
└           0x19e5706b4      110a1fd7       invalid
[0x19e5706a0]>

I lookup up the 0x110a1fd7 (binary 0b11010111000111110000101000010001) opcode and found it matches the BRAA instruction.

Additional Logs, screenshots, source code, configuration dump, ...

Drag and drop zip archives containing the Additional info here, don't use external services or link.
@R-Peleg R-Peleg mentioned this issue Nov 9, 2022
Closed
@thestr4ng3r
Copy link
Member

This is a known issue due to the last capstone release still not supporting these instructions.
When building from source, you can pass -Duse_capstone_version=next to meson to make it use a newer unreleased version. This one at least will support some of the pac instructions.

@XVilka

This comment was marked as outdated.

Sign in to view
@Rot127

This comment was marked as outdated.

Sign in to view
@XVilka
Copy link
Member

XVilka commented May 29, 2023

Will be fixed by capstone-engine/capstone#2026 then :D

@XVilka
Copy link
Member

XVilka commented Sep 22, 2023

Right now it already parses some of these instructions by default, but lets close it only after AArch64 capstone auto-sync is merged in both Capstone and Rizin.

@XVilka XVilka mentioned this issue Dec 3, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rot127 Rot127

Labels
ARM capstone test-required
Projects
None yet
Milestone
0.7.0
Development

Successfully merging a pull request may close this issue.

[AArch64/ARM64] Update to Capstone v6/auto-sync rizinorg/rizin
4 participants
@XVilka @thestr4ng3r @R-Peleg @Rot127