pwninit icon indicating copy to clipboard operation
pwninit copied to clipboard

Published 20 hours ago verified publisher icon io12

Use build id to lookup debug symbols for libc >= 2.31

Open robbert1978 opened this issue 2 years ago • 5 comments

I found that they use "build id" from version 2.31

robbert1978 avatar Dec 11 '22 06:12 robbert1978

While preparing #282 I remember testing something similar to this, but I would get some empty files for libcs older than 2.34. I'll check if this is really the case later today or tomorrow

dp1 avatar Dec 12 '22 09:12 dp1

While preparing #282 I remember testing something similar to this, but I would get some empty files for libcs older than 2.34. I'll check if this is really the case later today or tomorrow This is before I used your code image I changed "2.34" to "2.31" and it worked for me image

robbert1978 avatar Dec 12 '22 11:12 robbert1978

@robbert1978 While the change seems to work for the specific libc you're testing, it also causes a few regressions:

Files:
libc6_2.31-0ubuntu9_amd64.so
  libc6_2.31-0ubuntu9_amd64.so: 19383256 bytes -> 2029224 bytes
  libc.so.6: 19383256 bytes -> 2029224 bytes
libc6_2.33-0ubuntu5_i386.so
  libc6_2.33-0ubuntu5_i386.so: 12343416 bytes -> 2059156 bytes
  libc.so.6: 12343416 bytes -> 2059156 bytes
libc6_2.32-0ubuntu3.2_i386.so
  libc6_2.32-0ubuntu3.2_i386.so: 11649236 bytes -> 2055092 bytes
  libc.so.6: 11649236 bytes -> 2055092 bytes
libc6_2.31-0ubuntu9.9_i386.so
  libc.so.6: 2020588 bytes -> 7070572 bytes
  libc6_2.31-0ubuntu9.9_i386.so: 2020588 bytes -> 7070572 bytes
libc6_2.32-0ubuntu3_i386.so
  libc.so.6: 11649172 bytes -> 2055092 bytes
  libc6_2.32-0ubuntu3_i386.so: 11649172 bytes -> 2055092 bytes
libc6_2.31-0ubuntu9.7_i386.so
  libc.so.6: 17014256 bytes -> 2020556 bytes
  libc6_2.31-0ubuntu9.7_i386.so: 17014256 bytes -> 2020556 bytes
libc6_2.32-0ubuntu3_amd64.so
  libc.so.6: 13759760 bytes -> 1995896 bytes
  libc6_2.32-0ubuntu3_amd64.so: 13759760 bytes -> 1995896 bytes
libc6_2.31-0ubuntu9.9_amd64.so
  libc.so.6: 2029592 bytes -> 7459456 bytes
  libc6_2.31-0ubuntu9.9_amd64.so: 2029592 bytes -> 7459456 bytes
libc6_2.31-0ubuntu9_i386.so
  libc.so.6: 16996364 bytes -> 2018664 bytes
  libc6_2.31-0ubuntu9_i386.so: 16996364 bytes -> 2018664 bytes
Total: 0 new files, 0 deleted files, 18 modified files
Warnings:
warning: failed detecting libc version (is the libc an Ubuntu glibc?): failed finding version string: 159 
warning: failed unstripping libc: eu-unstrip exited with failure: exit status: 1: 140 -23
warning: failed unstripping libc: libc deb error: failed to find file in data.tar: 58 +30 -2
Total: 357 +30 -25

Notice how some libcs shrunk down in size, since they don't have symbols anymore after this change - the ones I'm more worried about are libc6_2.31-0ubuntu9_amd64.so and libc6_2.32-0ubuntu3_amd64.so, since 32bit challenges are relatively rare.

I suspect some extra logic, maybe even just trying both ways, is needed

dp1 avatar Dec 12 '22 14:12 dp1

So is there any way to unstrip libc for versions above 2.34?

YsielX avatar Jul 10 '23 15:07 YsielX

So is there any way to unstrip libc for versions above 2.34?

Check my small tool, I've tested it with libc 2.35 and 2.37. Maybe it will useful for you.

robbert1978 avatar Jul 28 '23 14:07 robbert1978