Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KeyError when using self-compiled enclave.signed.so with sgxrace.py #1

Open
segogt opened this issue Feb 2, 2025 · 0 comments
Open

KeyError when using self-compiled enclave.signed.so with sgxrace.py #1

segogt opened this issue Feb 2, 2025 · 0 comments

Comments

@segogt
Copy link

segogt commented Feb 2, 2025

When I use the author's provided binary to perform detection with sgxrace.py, the tool works as expected.
However, when I compile the same version of the code myself to generate enclave.signed.so, the tool throws the following error during execution.

~/SGXRacer$ python3 sgxrace.py -app -fast -input ~/enclave_source/065_hot-calls/enclave.signed.so -output 065_hot-calls_results.txt -output1 065_hot-calls_results1.txt > 065_hot-calls_stdout
CRITICAL | 2025-02-02 17:44:45,473 | cle.backends.backend | Deprecation warning: the custom_arch parameter has been renamed to arch
WARNING  | 2025-02-02 17:44:45,475 | cle.backends.blob | No entry_point was specified for blob enclave.signed.so, assuming 0
WARNING  | 2025-02-02 17:44:45,475 | cle.backends.blob | No base_addr was specified for blob enclave.signed.so, assuming 0
WARNING  | 2025-02-02 17:45:02,560 | angr.storage.memory_mixins.default_filler_mixin | The program is accessing register with an unspecified value. This could indicate unwanted behavior.
WARNING  | 2025-02-02 17:45:02,560 | angr.storage.memory_mixins.default_filler_mixin | angr will cope with this by generating an unconstrained symbolic variable and continuing. You can resolve this by:
WARNING  | 2025-02-02 17:45:02,560 | angr.storage.memory_mixins.default_filler_mixin | 1) setting a value to the initial state
WARNING  | 2025-02-02 17:45:02,560 | angr.storage.memory_mixins.default_filler_mixin | 2) adding the state option ZERO_FILL_UNCONSTRAINED_{MEMORY,REGISTERS}, to make unknown regions hold null
WARNING  | 2025-02-02 17:45:03,187 | angr.storage.memory_mixins.default_filler_mixin | Filling register rbp with 8 unconstrained bytes referenced from 0x10fe (offset 0x10fe in enclave.signed.so (0x10fe))
WARNING  | 2025-02-02 17:45:03,219 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0x7ffffffffff0008 with 8 unconstrained bytes referenced from 0x1100 (offset 0x1100 in enclave.signed.so (0x1100))
WARNING  | 2025-02-02 17:45:03,307 | angr.storage.memory_mixins.default_filler_mixin | Filling register rbp with 8 unconstrained bytes referenced from 0x1113 (offset 0x1113 in enclave.signed.so (0x1113))
WARNING  | 2025-02-02 17:45:03,332 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0x7ffffffffff0010 with 8 unconstrained bytes referenced from 0x1121 (offset 0x1121 in enclave.signed.so (0x1121))
WARNING  | 2025-02-02 17:45:03,334 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0x7ffffffffff0018 with 8 unconstrained bytes referenced from 0x1123 (offset 0x1123 in enclave.signed.so (0x1123))
WARNING  | 2025-02-02 17:45:40,446 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0x7fffffffffeffe8 with 8 unconstrained bytes referenced from 0x146b (offset 0x146b in enclave.signed.so (0x146b))
WARNING  | 2025-02-02 17:45:40,643 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0xffff000000000018 with 2 unconstrained bytes referenced from 0x1478 (offset 0x1478 in enclave.signed.so (0x1478))
WARNING  | 2025-02-02 17:45:40,735 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0x7fffffffffefff0 with 8 unconstrained bytes referenced from 0x146c (offset 0x146c in enclave.signed.so (0x146c))
WARNING  | 2025-02-02 17:45:40,922 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0x7fffffffffefff8 with 8 unconstrained bytes referenced from 0x146d (offset 0x146d in enclave.signed.so (0x146d))
WARNING  | 2025-02-02 17:45:41,117 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0xffff000000000010 with 8 unconstrained bytes referenced from 0x147f (offset 0x147f in enclave.signed.so (0x147f))
WARNING  | 2025-02-02 17:45:41,576 | angr.storage.memory_mixins.default_filler_mixin | Filling memory at 0x7fffffffffeffde with 2 unconstrained bytes referenced from 0x148d (offset 0x148d in enclave.signed.so (0x148d))
WARNING  | 2025-02-02 17:45:41,936 | angr.storage.memory_mixins.default_filler_mixin | Filling register cc_ndep with 8 unconstrained bytes referenced from 0x1495 (offset 0x1495 in enclave.signed.so (0x1495))
WARNING  | 2025-02-02 17:45:42,322 | angr.storage.memory_mixins.default_filler_mixin | Filling register cc_ndep with 8 unconstrained bytes referenced from 0x1454 (offset 0x1454 in enclave.signed.so (0x1454))
Traceback (most recent call last):
  File "~/SGXRacer/sgxrace.py", line 6751, in <module>
    main()
  File "~/SGXRacer/sgxrace.py", line 6730, in main
    variable_analysis()
  File "~/SGXRacer/sgxrace.py", line 6683, in variable_analysis
    lock_variable_analysis()
  File "~/SGXRacer/sgxrace.py", line 3920, in lock_variable_analysis
    if info.jmpinsnmap[insn][0] != -1 and info.jmpinsnmap[insn][0] not in info.whitelist:
KeyError: 157744

Environment Information:

SGX SDK Version: 2.25.100.3
SGX Mode: I try it in both Hardware Mode and Simulation Mode.
OS: Ubuntu 20.04
Python Version: Python 3.8.10
angr Version: 9.2.102

Question

Does the SDK version difference impact the internal structure in a way that would affect symbolic analysis?
Can you give me any recommended debugging strategies to further isolate the root cause?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@segogt