Migrate to arm32 architecture
Closed this issue · 2 comments
Hi, I want to use fiber to check whether an arm32 kernel patched a certain CVE patch or not. I'm trying to migrate it to support arm32 architecture. But there are some arm64 keywords I don't understand. For example:
def _is_sp_symbolic_aarch64(ast):
if ast is None:
return True
for leaf in ast.recursive_leaf_asts:
if leaf.symbolic and not leaf.args[0].startswith('reg_108'):
return False
return True
- what does reg_108 mean and how is it related to aarch64?
- Is it possible to do such a migration?
Many thanks!
Hi,
Thanks for your interests. Fiber in general works on the VEX IR level which is architecture-independent, so I think it's doable to make it work for other architectures. The thing is it still needs to take care of some architecture-specific details when generating/matching the binary signatures (since they are on the binary level), such as the calling convention and the instruction size, I suggest that you search for the "arm64" and "aarch64" keywords to find out the code that needs to be adapted (just like what you have done in the question) for a different architecture.
For your specific example, "reg_108" is used internally by VEX IR to identify the aarch64 stack pointer register "sp", you may or may not need to change the reg offset if you want to refer to the stack register of a different architecture. For more information you can refer to VEX IR's implementation or Angr's documents (https://docs.angr.io/advanced-topics/ir).
OK, thanks for your detailed reply!