|  |  |  |  | 

C/C++ Cracking Tools Mobile Security Reverse Engineering

Kali Linux 2016.2 64 Bit ARM File Debugging


Quick solution for “ld-linux.so.3” error on kali linux when debugging ELF ARM 32Bit binary…

root@kalinux:~# file ch.bin
ELF 32-bit LSB executable, 
ARM, EABI5 version 1 (SYSV), 
dynamically linked, 
interpreter /lib/ld-linux.so.3, for GNU/Linux 2.6.26, 
BuildID[sha1]=e1b71a8437277ebc3eb417be2bf877b5dfff85c8, stripped
Error Type:
/lib/ld-linux.so.3: No such file or directory

Getting needed packages:

–Adding i386 architecture to system

 dpkg --add-architecture i386
 apt-get update --ignore-missing -y
 apt-get upgrade --ignore-missing</pre>
apt-get install build-essential ddd cpio libncurses5-dev libsdl-dev zlib1g-dev
apt-get install -y libc6-i386 lib32stdc++6 lib32gcc1 lib32ncurses5 lib32z1

apt-get install g++-arm-linux-gnueabihf

*** Optional : apt-get install build-essential git debootstrap u-boot-tools device-tree-compiler
Linking SO.3

ln -sf ld-linux-armhf.so.3 /lib/ld-linux.so.3

After installations are completed you should begin debugging with “arm-linux-gnueabihf-gdb”
Reading Elf Binary

root@kalinux:~# arm-linux-gnueabihf-readelf -e arm.bin
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2s complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: ARM
Version: 0x1
Entry point address: 0x495
Start of program headers: 52 (bytes into file)
Start of section headers: 9556 (bytes into file)
Flags: 0x5000400, Version5 EABI, hard-float ABI
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 9
Size of section headers: 40 (bytes)
Number of section headers: 36
Section header string table index: 35
Dumping Binary
root@kalinux:~# arm-linux-gnueabihf-objdump -d arm.bin

arm.bin: file format elf32-littlearm

Disassembly of section .init:

00000438 :
438: e92d4008 push {r3, lr}
43c: eb000026 bl 4dc
440: e8bd8008 pop {r3, pc}

Disassembly of section .plt:

00000444 :
444: e52de004 push {lr} ; (str lr, [sp, #-4]!)
448: e59fe004 ldr lr, [pc, #4] ; 454 <.plt+0x10>
44c: e08fe00e add lr, pc, lr
450: e5bef008 ldr pc, [lr, #8]!
454: 00010bac .word 0x00010bac
Debugging with GDB

root@kalinux:~# gdb-multiarch -q -nx
(gdb) file arm.bin
Reading symbols from arm.bin...done.
(gdb) set archi arm
The target architecture is assumed to be arm
(gdb) disass main
Dump of assembler code for function main:
0x00000604 <+0>: push {r11, lr}
0x00000608 <+4>: add r11, sp, #4
0x0000060c <+8>: ldr r3, [pc, #20] ; 0x628 <main+36>
0x00000610 <+12>: add r3, pc, r3
0x00000614 <+16>: mov r0, r3
0x00000618 <+20>: bl 0x5d0 <foo>
0x0000061c <+24>: mov r3, #0
0x00000620 <+28>: mov r0, r3
0x00000624 <+32>: pop {r11, pc}
0x00000628 <+36>: andeq r0, r0, r4, rrx
End of assembler dump.

Installing radare2 for excellent debugging

apt-get install radare2

Installing peda for gdb

git clone https://github.com/longld/peda.git ~/peda
echo "source ~/peda/peda.py" >> ~/.gdbinit



Application Security , Information and Software Security Specialist Ethical Hacker and Pentester