qilingframework
macOS/aarch64: running a binary crashes with an Unicorn invalid hook error
Running a binary either from ipython or qltool crashes with an unicorn error on macOS 11.3 (M1 - aarch64).
This is run from a clean virtual env. Qiling was installed with pip and the rootfs with git.
% ./venv/bin/qltool run -f ./rootfs/x8664_linux/bin/x8664_hello --rootfs ./rootfs/x8664_linux
Traceback (most recent call last):
File "/Users/damien/bin/./venv/bin/qltool", line 240, in <module>
ql = Qiling(argv=[options.filename] + options.args, rootfs=options.rootfs, profile=options.profile,
File "/Users/damien/bin/venv/lib/python3.9/site-packages/qiling/core.py", line 209, in __init__
self._os = os_setup(self.archtype, self.ostype, self)
File "/Users/damien/bin/venv/lib/python3.9/site-packages/qiling/utils.py", line 454, in os_setup
return ql_get_module_function(f"qiling.os.{ostype_str.lower()}.{ostype_str.lower()}", function_name)(ql)
File "/Users/damien/bin/venv/lib/python3.9/site-packages/qiling/os/linux/linux.py", line 42, in __init__
self.load()
File "/Users/damien/bin/venv/lib/python3.9/site-packages/qiling/os/linux/linux.py", line 81, in load
self.ql.hook_insn(self.hook_syscall, UC_X86_INS_SYSCALL)
File "/Users/damien/bin/venv/lib/python3.9/site-packages/qiling/core_hooks.py", line 368, in hook_insn
return self.ql_hook(UC_HOOK_INSN, callback, user_data, begin, end, arg1)
File "/Users/damien/bin/venv/lib/python3.9/site-packages/qiling/core_hooks.py", line 293, in ql_hook
self._ql_hook(hook_type, h, *args)
File "/Users/damien/bin/venv/lib/python3.9/site-packages/qiling/core_hooks.py", line 260, in _ql_hook
self._insn_hook_fuc[ins_t] = self._ql_hook_internal(t, self._hook_insn_cb, ins_t, *args)
File "/Users/damien/bin/venv/lib/python3.9/site-packages/qiling/core_hooks.py", line 220, in _ql_hook_internal
return self._h_uc.hook_add(hook_type, _callback, (self, user_data), 1, 0, *args)
File "/Users/damien/bin/venv/lib/python3.9/site-packages/unicorn/unicorn.py", line 587, in hook_add
raise UcError(status)
unicorn.unicorn.UcError: Invalid hook type (UC_ERR_HOOK)
Trying different architectures such as x86 and arm64 don't result in the same error message:
% ./venv/bin/qltool run -f ./rootfs/arm64_linux/bin/arm64_hello --rootfs ./rootfs/arm64_linux/
zsh: bus error ./venv/bin/qltool run -f ./rootfs/arm64_linux/bin/arm64_hello --rootfs
Or with bash:
./venv/bin/qltool run -f ./rootfs/x86_linux/bin/x86_hello --rootfs ./rootfs/x86_linux/
Bus error: 10
Expected behavior
The result should be analog to the one I get on Debian/x86_64 on the same environment (clean venv + pip install qiling):
qltool run -f ./rootfs/x8664_linux/bin/x8664_hello --rootfs ./rootfs/x8664_linux |& grep -v "\[=]"
Hello, World!
qltool run -f ./rootfs/arm64_linux/bin/arm64_hello --rootfs ./rootfs/arm64_linux 2>/dev/null
Hello, World!
Yup, there is a Bug in Unicorn Engine that does not support M1. We will be fixing it and stay tune for Unicorn 2.0
Ah, bummer. Any update on Unicorn Engine 2.0?
In the meantime, I managed to make Qiling work on the M1 by using a Linux/amd64 Docker container. It's a poor workaround however as it adds another layer of emulation through qemu-system-x86_64.
Of coz it work in Linux docker. the issue is M1 MacOS added some security check causes the issue. Same issue goes to Qemu.
There is no plan to migrate current Unicorn to M1 due to the quite old codebase. Stay tuned!
Link to https://github.com/unicorn-engine/unicorn/issues/1217
M1 with latest Unicorn 2.0 should work now. at least for me. Feel free to reopen a new issue with Unicorn if you still have any issue.