Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RuntimeError: Emulation crashed at 0x80051F8 #60

Open
Wpj-001 opened this issue Jun 21, 2024 · 4 comments
Open

RuntimeError: Emulation crashed at 0x80051F8 #60

Wpj-001 opened this issue Jun 21, 2024 · 4 comments

Comments

@Wpj-001
Copy link

Wpj-001 commented Jun 21, 2024

I encountered an error while generating a trace for other encrypted codes. How can this be resolved?

Traceback (most recent call last):
File "/home/alex/project_wpj/rainbow/rainbow/rainbow.py", line 275, in start
self.emu.emu_start(begin, end, timeout=timeout, count=count)
File "/home/alex/miniconda3/envs/Rainbow/lib/python3.8/site-packages/unicorn/unicorn.py", line 547, in emu_start
raise UcError(status)
unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/home/alex/project_wpj/rainbow/examples/kyber512/cortexm_aes.py", line 66, in
container = CortexMAesContainer(N)
File "/home/alex/miniconda3/envs/Rainbow/lib/python3.8/site-packages/lascar/container/container.py", line 427, in init
trace = self.generate_trace(0)
File "/home/alex/project_wpj/rainbow/examples/kyber512/cortexm_aes.py", line 59, in generate_trace
leakage = kyber_enc_dec()
File "/home/alex/project_wpj/rainbow/examples/kyber512/cortexm_aes.py", line 28, in kyber_enc_dec
e.start(e.functions["PQCLEAN_KYBER512_CLEAN_crypto_kem_keypair"] | 1, 0)
File "/home/alex/project_wpj/rainbow/rainbow/generics/cortexm.py", line 79, in start
return super().start(begin | 1, *args, **kwargs)
File "/home/alex/project_wpj/rainbow/rainbow/rainbow.py", line 279, in start
raise RuntimeError(f"Emulation crashed at 0x{pc:X}") from e
RuntimeError: Emulation crashed at 0x80051F8
@yhql
Copy link
Collaborator

yhql commented Jun 29, 2024

"read unmapped" errors occur when an instruction (in this case the one at 0x80051F8) tries to access memory that was not mapped by the original mapping of your binary/executable.
You can try executing that same function with the same parameters, but this time without using the 'side-channel mode' and tracing register values instead to see the culprit:

emulator = rainbow_cortexm(print_config=Print.Code | Print.Registers)

@Wpj-001
Copy link
Author

Wpj-001 commented Jul 1, 2024
edited
Loading

I changed to a program for analysis, an error occurred at 0X80015B2. Following the method provided by you, I received the following error output. How should I resolve this issue?
image

@yhql
Copy link
Collaborator

yhql commented Jul 1, 2024

looking at 0x80015a3, you have r3 = 0xdead0400, but in 0x80015b2 the strb instruction tries to write to that address. If you get a UC_ERR_WRITE_UNMAPPED that means the emulator has nothing mapped in 0xdead00xx yet.
If you're sure you need to have something available here, you can map it like so:

emulator = rainbow...( ... )
emulator[0xdead0000] = bytes(1024)

which will allocate 1 KB of data starting at 0xdead0000

@Wpj-001
Copy link
Author

Wpj-001 commented Jul 1, 2024

Thank you very much for your reply. The previous issue has been resolved. However, a new problem has arisen. When I was analyzing a program, it got stuck at a certain point. I printed the executed functions using print_config=Print.Functions, and found that it keeps hanging at the place shown in the figure below. It neither throws an error nor proceeds further. What could be the reason for this?
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yhql @Wpj-001