Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Symbol lookup error when swapping symbols name #1050

Closed
jfgauron opened this issue Apr 30, 2024 · 1 comment
Closed

Symbol lookup error when swapping symbols name #1050

jfgauron opened this issue Apr 30, 2024 · 1 comment
Assignees
@romainthomas

Comments

@jfgauron
Copy link

jfgauron commented Apr 30, 2024
edited

Describe the bug

I'm doing the LIEF tutorial. I'm at 03 - Play with Elf, but after swapping the symbol names in the main executable and trying to run it I get:

./bin/hashme.obf: symbol lookup error: ./bin/hashme.obf: undefined symbol: cos, version GLIBC_2.2

To Reproduce

I have created a minimal reproducible example with a .devcontainer. But the python script is basically just a copy/paste from the tutorial:

#!/usr/bin/env python3
import lief

hashme = lief.parse("bin/hashme")
libm  = lief.parse("/usr/lib/x86_64-linux-gnu/libm.so.6")

def swap(obj, a, b):
    symbol_a = next(i for i in obj.dynamic_symbols if i.name == a)
    symbol_b = next(i for i in obj.dynamic_symbols if i.name == b)
    b_name = symbol_b.name
    symbol_b.name = symbol_a.name
    symbol_a.name = b_name

hashme_pow_sym = next(i for i in hashme.imported_symbols if i.name == "pow")
hashme_log_sym = next(i for i in hashme.imported_symbols if i.name == "log")

hashme_pow_sym.name = "cos"
hashme_log_sym.name = "sin"


swap(libm, "log", "sin")
swap(libm, "pow", "cos")

hashme.write("bin/hashme.obf")
libm.write("bin/libm.so.6")

main executable:

// gcc main.c -o bin/hashme -lm

#include <stdio.h>
#include <stdlib.h>
#include <math.h>

double hashme(double input) {
  return pow(input, 4) + log(input + 3);
}

int main(int argc, char** argv) {
  if (argc != 2) {
    printf("Usage: %s N\n", argv[0]);
    return EXIT_FAILURE;
  }

  double N = (double)atoi(argv[1]);
  double hash = hashme(N);
  printf("%f\n", hash);

  return EXIT_SUCCESS;
}
  1. Build the main executable: gcc main.c -o bin/hashme -lm
  2. Run the infect script (might have to adjust for libm location): python infect.py
  3. Make hashme.obf executable: chmod +x bin/hashme.obf
  4. Run bin/hashme.obf
  5. Observe the error: bin/hashme.obf: symbol lookup error: bin/hashme.obf: undefined symbol: cos, version GLIBC_2.29

When opening the bin/hashme.obf file in IDA I get the following warning:

Unexpected entries in the PLT stub.
The file might have been modified after linking.

EDIT: Turns out this error is displayed in IDA even when opening the normal (unmodified) hashme executable, so it is unrelated to LIEF. Not sure why I get that warning but that doesn't seem relevant to the issue I have.

Expected behavior

I should still be able to run the main executable, as the tutorial shows.

Environment (please complete the following information):

  • System and Version : Ubuntu 22.04 in Docker, running on WLS2
  • Target format : ELF
  • LIEF commit version: 0.15.0-54d0a72c
@romainthomas
Copy link
Member

Hi! Yes this example requires an older version of Linux (running on a ubuntu:18.04 should be ok).
Otherwise, you can try with logl,powl,cosl,sinl:

import lief

hashme = lief.parse("hashme")
libm   = lief.parse("/usr/lib/x86_64-linux-gnu/libm.so.6")


def swap(obj, a, b):
    symbol_a = next(filter(lambda e : e.name == a, obj.dynamic_symbols))
    symbol_b = next(filter(lambda e : e.name == b, obj.dynamic_symbols))
    b_name = symbol_b.name
    symbol_b.name = symbol_a.name
    symbol_a.name = b_name

hashme_log_sym = next(filter(lambda e : e.name == "logl", hashme.imported_symbols))
hashme_pow_sym = next(filter(lambda e : e.name == "powl", hashme.imported_symbols))

hashme_pow_sym.name = "cosl"
hashme_log_sym.name = "sinl"

swap(libm, "logl", "sinl")
swap(libm, "powl", "cosl")

hashme.add(lief.ELF.DynamicEntryRpath("."))
hashme.write("hashme.obf")
libm.write("libm.so.6")

print("done")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@romainthomas romainthomas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@romainthomas @jfgauron