Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to detect the missing type checks #1

Open
citypw opened this issue Sep 23, 2024 · 0 comments
Open

Failed to detect the missing type checks #1

citypw opened this issue Sep 23, 2024 · 0 comments

Comments

@citypw
Copy link

citypw commented Sep 23, 2024

Hello GC maintainers, I've removed all type check in a TA and try to test if GC can detect the check was missing but it seem thing went wrong. Have you guys done the test on DWARF v5 that was supported not long ago in Ghidra?

openjdk version "18.0.2-ea" 2022-07-19
OpenJDK Runtime Environment (build 18.0.2-ea+9-Ubuntu-222.04)
OpenJDK 64-Bit Server VM (build 18.0.2-ea+9-Ubuntu-222.04, mixed mode)
INFO  Using log config file: jar:file:/ghidra/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml (LoggingInitialization)  
INFO  Using log file: /root/.ghidra/.ghidra_10.4_PUBLIC/application.log (LoggingInitialization)  
INFO  Loading user preferences: /root/.ghidra/.ghidra_10.4_PUBLIC/preferences (Preferences)  
INFO  Searching for classes... (ClassSearcher)  
INFO  Class search complete (757 ms) (ClassSearcher)  
INFO  Initializing SSL Context (SSLContextInitializer)  
INFO  Initializing Random Number Generator... (SecureRandomFactory)  
INFO  Random Number Generator initialization complete: NativePRNGNonBlocking (SecureRandomFactory)  
INFO  Trust manager disabled, cacerts have not been set (ApplicationTrustManagerFactory)  
INFO  HEADLESS Script Paths:
    /root/.ghidra/.ghidra_10.4_PUBLIC/Extensions/mclf-loader/ghidra_scripts
    /ghidra/Ghidra/Features/Decompiler/ghidra_scripts
    /ghidra/Ghidra/Features/Base/ghidra_scripts
    /ghidra/Ghidra/Features/BytePatterns/ghidra_scripts
    /ghidra/Ghidra/Debug/Debugger-rmi-trace/ghidra_scripts
    /ghidra/Ghidra/Processors/8051/ghidra_scripts
    /ghidra/Ghidra/Features/Python/ghidra_scripts
    /ghidra/Ghidra/Debug/Debugger/ghidra_scripts
    /ghidra/Ghidra/Features/FileFormats/ghidra_scripts
    /ghidra/Ghidra/Processors/PIC/ghidra_scripts
    /ghidra/Ghidra/Features/SystemEmulation/ghidra_scripts
    /ghidra/Ghidra/Debug/Debugger-agent-frida/ghidra_scripts
    /ghidra/Ghidra/Processors/DATA/ghidra_scripts
    /root/.ghidra/.ghidra_10.4_PUBLIC/Extensions/ghidrathon/ghidra_scripts
    /ghidra/Ghidra/Debug/Debugger-agent-dbgmodel-traceloader/ghidra_scripts
    /ghidra/Ghidra/Features/VersionTracking/ghidra_scripts
    /ghidra/Ghidra/Features/PDB/ghidra_scripts
    /src/ghidra_scripts
    /ghidra/Ghidra/Processors/Atmel/ghidra_scripts
    /ghidra/Ghidra/Features/FunctionID/ghidra_scripts
    /ghidra/Ghidra/Processors/JVM/ghidra_scripts
    /ghidra/Ghidra/Features/GnuDemangler/ghidra_scripts
    /ghidra/Ghidra/Features/MicrosoftCodeAnalyzer/ghidra_scripts (HeadlessAnalyzer)  
INFO  HEADLESS: execution starts (HeadlessAnalyzer)  
INFO  Creating project: /tmp/ghidraproj/SharingCaringTmpProj (HeadlessAnalyzer)  
INFO  Creating project: /tmp/ghidraproj/SharingCaringTmpProj (DefaultProject)  
INFO  REPORT: Processing input files:  (HeadlessAnalyzer)  
INFO       project: /tmp/ghidraproj/SharingCaringTmpProj (HeadlessAnalyzer)  
INFO  IMPORTING: /data/new/f4e750bb-1437-4fbf-8785-8d3580c34994.elf (HeadlessAnalyzer)  
INFO  Starting cache cleanup: /tmp/root-Ghidra/fscache2 (FileCacheMaintenanceDaemon)  
INFO  Finished cache cleanup, estimated storage used: 0 (FileCacheMaintenanceDaemon)  
WARN  149 NOP constructors found (SleighCompile)  
WARN  Use -n switch to list each individually (SleighCompile)  
WARN  1 operations wrote to temporaries that were not read (SleighCompile)  
WARN  Use -t switch to list each individually (SleighCompile)  
INFO  Using Loader: Executable and Linking Format (ELF) (AutoImporter)  
INFO  Using Language/Compiler: AARCH64:LE:64:v8A:default (AutoImporter)  
INFO  IMPORTING: Loaded 0 additional files (HeadlessAnalyzer)  
INFO  SCRIPT: /src/ghidra_scripts/FunctionIDHeadlessPrescript.java (HeadlessAnalyzer)  
INFO  ANALYZING all memory and code: /data/new/f4e750bb-1437-4fbf-8785-8d3580c34994.elf (HeadlessAnalyzer)  
ERROR Error during DWARFAnalyzer import:  (DWARFAnalyzer) ghidra.app.util.bin.format.dwarf4.DWARFException: Only DWARF version 2, 3, or 4 information is currently supported (detected 5).
	at ghidra.app.util.bin.format.dwarf4.DWARFCompilationUnit.readCompilationUnit(DWARFCompilationUnit.java:155)
	at ghidra.app.util.bin.format.dwarf4.next.DWARFProgram.bootstrapCompilationUnits(DWARFProgram.java:618)
	at ghidra.app.util.bin.format.dwarf4.next.DWARFProgram.<init>(DWARFProgram.java:259)
	at ghidra.app.plugin.core.analysis.DWARFAnalyzer.added(DWARFAnalyzer.java:190)
	at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:186)
	at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:686)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:786)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:665)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:630)
	at ghidra.app.util.headless.HeadlessAnalyzer.analyzeProgram(HeadlessAnalyzer.java:1019)
	at ghidra.app.util.headless.HeadlessAnalyzer.processFileWithImport(HeadlessAnalyzer.java:1544)
	at ghidra.app.util.headless.HeadlessAnalyzer.processWithImport(HeadlessAnalyzer.java:1661)
	at ghidra.app.util.headless.HeadlessAnalyzer.processWithImport(HeadlessAnalyzer.java:1726)
	at ghidra.app.util.headless.HeadlessAnalyzer.processLocal(HeadlessAnalyzer.java:448)
	at ghidra.app.util.headless.AnalyzeHeadless.launch(AnalyzeHeadless.java:127)
	at ghidra.GhidraLauncher.launch(GhidraLauncher.java:78)
	at ghidra.Ghidra.main(Ghidra.java:54)
 
INFO  Packed database cache: /tmp/root-Ghidra/packed-db-cache (PackedDatabaseCache)  
WARN  258 NOP constructors found (SleighCompile)  
WARN  Use -n switch to list each individually (SleighCompile)  
WARN  ia.sinc:677: Table 'pcRelSimm32' exports size 0 (SleighCompile)  
WARN  180 unnecessary extensions/truncations were converted to copies (SleighCompile)  
WARN  Use -u switch to list each individually (SleighCompile)  
WARN  13 operations wrote to temporaries that were not read (SleighCompile)  
WARN  Use -t switch to list each individually (SleighCompile)  
WARN  ia.sinc:660: Unreferenced table: 'imm32_64' (SleighCompile)  
INFO  Applied data type archive: generic_clib_64 (ApplyDataArchiveAnalyzer)  
INFO  -----------------------------------------------------
    AARCH64 ELF PLT Thunks                     0.000 secs
    ASCII Strings                              0.158 secs
    Apply Data Archives                        2.785 secs
    Basic Constant Reference Analyzer          0.917 secs
    Call Convention ID                         0.164 secs
    Call-Fixup Installer                       0.004 secs
    Create Address Tables                      0.020 secs
    Create Address Tables - One Time           0.005 secs
    Create Function                            0.000 secs
    DWARF                                      0.016 secs
    Data Reference                             0.020 secs
    Decompiler Switch Analysis                 0.286 secs
    Demangler GNU                              0.023 secs
    Disassemble Entry Points                   0.589 secs
    Embedded Media                             0.013 secs
    External Entry References                  0.002 secs
    Function Start Search                      0.031 secs
    Function Start Search After Code           0.014 secs
    Function Start Search After Data           0.017 secs
    GCC Exception Handlers                     0.152 secs
    Non-Returning Functions - Known            0.004 secs
    Reference                                  0.027 secs
    Shared Return Calls                        0.029 secs
    Stack                                      1.114 secs
    Subroutine References                      0.014 secs
-----------------------------------------------------
     Total Time   6 secs
-----------------------------------------------------
 (AutoAnalysisManager)  
INFO  REPORT: Analysis succeeded for file: /data/new/f4e750bb-1437-4fbf-8785-8d3580c34994.elf (HeadlessAnalyzer)  
INFO  SCRIPT: /src/ghidra_scripts/tipi.py (HeadlessAnalyzer)  
INFO  Addings configuration to user settings at /root/.ghidra/.ghidra_10.4_PUBLIC/GhidrathonConfig.xml (GhidrathonUtils)  
2024-09-23:14:58:25,987 INFO     Initializing...
2024-09-23:14:58:25,988 INFO     args.tee: optee
2024-09-23:14:58:26,19 DEBUG    Starting analysis of TA_InvokeCommandEntryPoint@00100970
2024-09-23:14:58:26,40 DEBUG    descendants: ItemsView(NodeView((15, <ghidra.program.model.pcode.SequenceNumber object at 0x752ff4a61450>, <ghidra.program.model.pcode.SequenceNumber object at 0x752ff4a61630>)))
2024-09-23:14:58:26,40 DEBUG    (ram, 0x100978, 3, 2): (register, 0x4000, 4) CALL (ram, 0x1055c8, 8) , (register, 0x4000, 4) , (register, 0x4008, 4) , (register, 0x4010, 4) , (register, 0x4018, 8) , (unique, 0x10000009, 8)
2024-09-23:14:58:26,40 INFO     `param_types` passed to __ta_invoke_cmd at idx 2
2024-09-23:14:58:26,40 DEBUG    (ram, 0x100978, 4, 3):  ---  RETURN (const, 0x0, 8) , (register, 0x4000, 4)
2024-09-23:14:58:26,40 DEBUG    checker nodes: []
2024-09-23:14:58:26,40 DEBUG    caller nodes: [(<ghidra.program.model.pcode.PcodeOpAST object at 0x752ff4a614b0>, <ghidra.program.database.function.FunctionDB object at 0x752ff4a60cd0>, 2)]
`params` passed to __ta_invoke_cmd at arg idx 3
global_offset: 0
2024-09-23:14:58:26,50 INFO     animator for param_idx 0
2024-09-23:14:58:26,50 INFO     checkers: []
2024-09-23:14:58:26,50 INFO     derefs: []
2024-09-23:14:58:26,51 INFO     0x100970 path: ['0x100970']
2024-09-23:14:58:26,51 WARNING  Func __ta_invoke_cmd does not consume arg at idx 2
2024-09-23:14:58:26,51 INFO     0x100970 path: ['0x100970']
2024-09-23:14:58:26,51 WARNING  Func __ta_invoke_cmd does not consume arg at idx 3
2024-09-23:14:58:26,63 DEBUG    Starting analysis of __ta_invoke_cmd@001055c8
2024-09-23:14:58:26,66 DEBUG    checker nodes: []
2024-09-23:14:58:26,66 DEBUG    caller nodes: []
2024-09-23:14:58:26,66 INFO     checkers: []
2024-09-23:14:58:26,66 INFO     derefs: []
2024-09-23:14:58:26,94 INFO     {'ghidra_start': 1727103490, 'decomp_finish': 1727103505, 'gp_detect': 1727103505, 'TA_InvokeCommandEntryPoint': {'desc': {'result': 1, 'desc': 'no check, no memref found'}, 'children': {'__ta_invoke_cmd': {'desc': {'result': 1, 'desc': 'no check, no memref found'}, 'children': {}}}}, 'is_vuln': False, 'analyze_func': 1727103506}
INFO  ANALYZING changes made by post scripts: /data/new/f4e750bb-1437-4fbf-8785-8d3580c34994.elf (HeadlessAnalyzer)  
INFO  REPORT: Post-analysis succeeded for file: /data/new/f4e750bb-1437-4fbf-8785-8d3580c34994.elf (HeadlessAnalyzer)  
INFO  REPORT: Save succeeded for: /f4e750bb-1437-4fbf-8785-8d3580c34994.elf (SharingCaringTmpProj:/f4e750bb-1437-4fbf-8785-8d3580c34994.elf) (HeadlessAnalyzer)  
INFO  REPORT: Import succeeded (HeadlessAnalyzer)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@citypw