LLDB for remote debugging

Question

LLDB for remote debugging

haasal opened this issue 10 months ago · 3 comments

Is there any way to use an LLDB remote server (or ssh if lldb server doesn't work) + a local LLDB client to debug binaries just like with gdb.debug()?

My problem is that I am on an M3 MacBook and there is no (stable) gdbserver for arm64. My only possibility to debug x86 binaries is connecting to a gdb/lldb server on a x86 qemu VM and then using pwntools ssh to run executables there. But I cannot debug because pwntools depends on gdbserver installed locally.

Answer 1 · 2024-12-25T10:38:42.000Z

Using gdb.debug('program', ssh=ssh_conn) should start the gdbserver on the remote ssh server and connect through forwarded ports using the local gdb. I wouldn't expect you to have gdbserver installed locally for this. Can you show more details on how you're debugging?

There is no native support for lldb but you could try creating a pwntools-gdb symlink or file in your path to lldb or some wrapper script that translates the gdb commandline parameters. pwntools-gdb is used instead of the gdb binary if available locally.

Feel free to contribute your changes back if you get lldb integration working.

Answer 2 · 2024-12-25T16:17:03.000Z

First of all thank you so much for your quick answer! I wasted so much time on this already and I think lldb wrappers would be sooooo much pain to implement (but now that I write this probably the only viable solution for the future). Maybe once we figure this out a tutorial for Apple Silicon users will be a better solution for now.

Ok so I'll explain my setup/problems in a bit more detail and I think the hell I am in right now will become pretty clear....

I am on MacBook M3 i.e. aarch64 → There is no stable gdb for aarch64.
On Mac there is no qemu user emulation → So no automatically started pwntools gdbserver over qemu (I think)

My 'solution(s)':

Chapter 1: Remote x86_64 Linux

Use qemu-system-x86_64 (system emulation) and install a Debian server on there
Setup this server over UTM because network bridging on apple silicon through qemu from scratch is a very, very dark place
Now I can run lldb-server, gdbserver and ssh (or whatever) on that vm without having to hostfwd each port.
This (almost... don't ask) worked for simple lldb debugging in binary ninja but for reasons explained in the initial issue not for pwntools.

Chapter 2: GDB on Apple Silicon

This is my debug script:

from pwn import gdb, ssh

user, passwd = "root", "******"
ssh_host = "192.168......" # VM Bridge IP

shell = ssh(user, ssh_host, password=passwd)
io = gdb.debug("whoami", ssh=shell)

io.interactive()

When running this on my mac host I get: GDB not installed.
I found Lima which allowed me to setup an x86 ubuntu vm. (basically like WSL2 for mac (just buggier))
But this is just a wrapper around qemu-system-x86_64 so I can probably just somehow run the gdbserver over Lima but I didn't figure out how yet.
So on this Lima VM I installed gdb and aliased it to limactl shell ubuntu-x86 gdb. So when I run gdb in my local zsh I get a gdb session in x86 ubuntu. Great!
However pwntools can't use this alias: misc.which('gdb') on my host returns None.
Current problem: I took a look at gdb.binary() and noticed that there is supposed to be a pwntools-gdb binary? I installed the binutils package but I don't have any pwntools-gdb in my path. Can I somehow force pwntools to use the alias?

Sorry for the very long writeup but in case I have to do setup this sh** again at least I know where to look

Answer 3 · 2024-12-25T16:33:38.000Z

Ok just solved it by creating a shell script called gdb in my bin path that just runs the lima command.
Edit: Doesn't really work... because the initial gdb-script is stored in /var on the host which is not mounted to the vm