This post serves to give some guidance on obtaining the disassembly and CFG for your own binaries with BAP. For sample coreutils ARM binaries that can be used with BAP, see here.
You’ll need to install an ARM compiler toolchain. Depending on your needs, you can choose to use either the default toolchains included with the Ubuntu package repository, or a third-party toolchain based off of mainline gcc (e.g. CodeSourcery, Linode, etc).
For our purposes, we’ll stick with Ubuntu 14.04, which provides five different varieties:
gcc-none-eabi. Of these, you probably won’t be using the latter three, since they are for 64-bit ARM, Android on ARM, and raw ARM binaries (e.g. without Linux). Of the remaining two, the former is soft-float, meaning it doesn’t use Thumb instructions or a hardware floating-point unit, whereas the latter uses both, so we want to pick
gcc-arm-linux-gnueabi. This should automatically add in associated dependencies such as
binutils-arm-linux-gnueabi, but not gdb, so you will need to specify it manually as follows:
sudo apt-get install gcc-arm-linux-gnueabi gdb-multiarch
A simple “Hello World” program can be compiled in the familiar gcc fashion:
arm-linux-gnueabi-gcc hello.c -O0 -o hello_gccarm_O0
To run this (should you be interested), you’ll need
sudo apt-get install qemu-user
Attempting to run our binary with
qemu-user hello_gccarm_O0 # wrong!
"/lib/ld-linux.so.3: No such file or directory".
We will need these shared libraries built for arm. These are available after installing the arm compiler toolchain. To successfully run our binary, the command is:
qemu-arm -L /usr/arm-linux-gnueabi/ hello_gccarm_O0
You may view
bap-objdumpdisassembly of your binary by running:
bap-objdump --dump=asm strcpy_arm_g
You might like to debug your ARM binary with gdb. To do so, use qemu-arm to set up a gdb server which you’ll be able to connect:
qemu-arm -L /usr/arm-linux-gnueabi/ -g 1111 hello_gccarm_O0
Then connect to it as follows:
gdb-multiarch -q -nx (gdb) file hello_gccarm_O0 (gdb) set architecture arm (gdb) target remote 127.0.0.1:1111
You should now have a debugging session with gdb.
Take note that there are other useful utilities under
For example, you might be interested in stripping your binary before analysis,