BishopFox
Windows/ARM64 implant unable to build
Bug Description After successfully building sliver-server and sliver-client on the Apple Silicon version of Kali Linux, I attempted to build an Arm64 Windows implant but fails with the below:
Command Used/Output
generate --mtls 172.16.1.128 --os windows --arch arm64 --format exe --save /var/www/html
⚠ Unsupported compiler target windows/arm64, but we can try to compile a generic implant.
⚠ Generic implants do not support all commands/features.
? Attempt to build generic implant? Yes
[*] Generating new windows/arm64 implant binary
[*] Symbol obfuscation is enabled
[!] rpc error: code = Unknown desc = exit status 1
Sliver.log:
^[[31mERRO^[[0m[2023-03-01T17:26:39Z] [sliver/server/gogo/go.go:133] --- stdout ---
^[[31mERRO^[[0m[2023-03-01T17:26:39Z] [sliver/server/gogo/go.go:134] --- stderr ---
# github.com/bishopfox/sliver/implant/sliver/limits
implant/sliver/limits/limits.go:43:2: undefined: PlatformLimits
^[[31mERRO^[[0m[2023-03-01T17:26:39Z] [sliver/server/gogo/go.go:135] exit status 1
^[[31mERRO^[[0m[2023-03-01T17:26:39Z] [github.com/grpc-ecosystem/[email protected]/logging/logrus/options.g
o:224] finished unary call with code Unknown
^[[33mWARN^[[0m[2023-03-01T17:28:31Z] [sliver/server/generate/binaries.go:759] CC path '/opt/osxcross/target/bin/o6
4-clang' does not exist
^[[33mWARN^[[0m[2023-03-01T17:28:31Z] [sliver/server/generate/binaries.go:759] CC path '/opt/osxcross/target/bin/aa
rch64-apple-darwin20.2-clang' does not exist
^[[36mINFO^[[0m[2023-03-01T17:28:31Z] [sliver/server/gogo/go.go:164] go cmd: '/root/.sliver/go/bin/go tool dist lis
t'
^[[33mWARN^[[0m[2023-03-01T17:28:31Z] [sliver/server/generate/binaries.go:759] CC path '/opt/osxcross/target/bin/o6
4-clang' does not exist
^[[33mWARN^[[0m[2023-03-01T17:28:31Z] [sliver/server/generate/binaries.go:759] CC path '/opt/osxcross/target/bin/aa
rch64-apple-darwin20.2-clang' does not exist
^[[36mINFO^[[0m[2023-03-01T17:28:31Z] [github.com/grpc-ecosystem/[email protected]/logging/logrus/options.g
o:220] finished unary call with code OK
^[[36mINFO^[[0m[2023-03-01T17:29:52Z] [google.golang.org/[email protected]/internal/grpclog/grpclog.go:37] [transport] t
ransport: closing: EOF
^[[36mINFO^[[0m[2023-03-01T17:29:52Z] [google.golang.org/[email protected]/internal/grpclog/grpclog.go:37] [transport] t
ransport: loopyWriter exited. Closing connection. Err: transport closed by client
^[[36mINFO^[[0m[2023-03-01T17:29:52Z] [sliver/server/rpc/rpc-events.go:23] 1 client disconnected
^[[36mINFO^[[0m[2023-03-01T17:29:52Z] [github.com/grpc-ecosystem/[email protected]/logging/logrus/options.g
o:220] finished streaming call with code OK
^[[33mWARN^[[0m[2023-03-01T17:29:52Z] [sliver/server/rpc/rpc-tunnel.go:126] Error on stream recv rpc error: code =
Canceled desc = context canceled
^[[36mINFO^[[0m[2023-03-01T17:29:52Z] [github.com/grpc-ecosystem/[email protected]/logging/logrus/options.g
o:220] finished streaming call with code Canceled
Expected behavior I can see windows/arm64 - Executable within the Default build but unsure what I need to do to resolve this issue
Desktop (please complete the following information):
- OS: Kali Linux 2022.4 running on Apple Silicon through VMware Fusion 13
- Sliver Server/client v1.5.34 - 71f94928bf36c1557ea5fbeffa161b71116f56b2 - linux/arm64
This is technically an unsupported target, but it looks like a simple fix so I'm sure we can make it work.
Please note even after it compiles, some features like ETW patching will for sure break/crash on Windows/ARM since we patch in x86 instructions.
Thats not a problem 😄 I was only expecting limited functionality anyway as most things will be for x86/x64
You can run a windows/amd64 implant build on windows/arm64 it has a compatibility layer similar to Rosetta2, though again function patching will almost certainly crash the process.
Ahhhhh completely forgot about that it had a compatibility layer, but using an amd64 beacon works wonders for the initial connection, Thank you!