Reverse engineering Rosetta 2 in M1 Mac

Related tags

Deep Learning macos reverse-engineering macosx ghidra macos-m1 rosetta2
Overview

Project Champollion

About this project

Rosetta 2 is an emulation mechanism to run the x86_64 applications on Arm-based Apple Silicon with Ahead-Of-Time (AOT) and Just-In-Time (JIT) binary translation.

The technical details of Rosetta 2 are partially documented, but not rich enough. Project Champollion is a project aimed at revealing the internals of Rosetta 2. Currently, it provides:

Attention

This project is a work in progress and might still contain some mistakes. If you find any mistakes, please report them in the issue.

Citing Project Champollion

To cite this repository, please add the following BibTeX entry.

@software{prj_champ_rosetta2,
  author = {Koh M. Nakagawa},
  title = {{Project Champollion: Reverse engineering Rosetta 2}}
  url = {https://github.com/FFRI/ProjectChampollion},
  version = {0.1.0},
  year = {2021},
}

License

The tools of this project are distributed under Apache License version 2.0.

Author

Koh M. Nakagawa. © FFRI Security, Inc. 2021

You might also like...
NVIDIA Merlin is an open source library providing end-to-end GPU-accelerated recommender systems, from feature engineering and preprocessing to training deep learning models and running inference in production.

NVIDIA Merlin NVIDIA Merlin is an open source library designed to accelerate recommender systems on NVIDIA’s GPUs. It enables data scientists, machine

null 419 Jan 3, 2023
House_prices_kaggle - Predict sales prices and practice feature engineering, RFs, and gradient boosting
House_prices_kaggle - Predict sales prices and practice feature engineering, RFs, and gradient boosting

House Prices - Advanced Regression Techniques Predicting House Prices with Machine Learning This project is build to enhance my knowledge about machin

Gurpreet Singh 1 Jan 1, 2022
Diabet Feature Engineering - Predict whether people have diabetes when their characteristics are specified

Diabet Feature Engineering - Predict whether people have diabetes when their characteristics are specified

Şebnem 6 Jan 18, 2022
Diabetes-Feature-Engineering - A machine learning model that can predict whether people have diabetes when their characteristics are specified

Diabetes-Feature-Engineering Aim Developing a machine learning model that can pr

Özlem Taşkın 0 Feb 23, 2022
Context Axial Reverse Attention Network for Small Medical Objects Segmentation
Context Axial Reverse Attention Network for Small Medical Objects Segmentation

CaraNet: Context Axial Reverse Attention Network for Small Medical Objects Segmentation This repository contains the implementation of a novel attenti

null 401 Dec 23, 2022
Reverse engineer your pytorch vision models, in style
Reverse engineer your pytorch vision models, in style

🔍 Rover Reverse engineer your CNNs, in style Rover will help you break down your CNN and visualize the features from within the model. No need to wri

Mayukh Deb 32 Sep 24, 2022
The code repository for "RCNet: Reverse Feature Pyramid and Cross-scale Shift Network for Object Detection" (ACM MM'21)

RCNet: Reverse Feature Pyramid and Cross-scale Shift Network for Object Detection (ACM MM'21) By Zhuofan Zong, Qianggang Cao, Biao Leng Introduction F

TempleX 9 Jul 30, 2022
⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • 😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • 👮🏿
⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • 😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • 👮🏿 "Proxy Server" framework • 🌐 "Web Server" framework • ➵ ➶ ➷ ➠ "PubSub" framework • 👷 "Work" acceptor & executor framework

Table of Contents Features Install Using PIP Stable version Development version Using Docker Stable version Development version Using HomeBrew Stable

Abhinav Singh 2.2k Jan 8, 2023
Weakly Supervised Posture Mining with Reverse Cross-entropy for Fine-grained Classification

Fine-grainedImageClassification Weakly Supervised Posture Mining with Reverse Cross-entropy for Fine-grained Classification We trained model here: lin

ZhenchaoTang 14 Oct 21, 2022
Comments
  • issues met when debugging an x86_64 emulation process at the arm64 instruction-level

    issues met when debugging an x86_64 emulation process at the arm64 instruction-level

    When we follow https://ffri.github.io/ProjectChampollion/appendix/ to debug at arm64 instruction-level debug, there are many strange issues, such as:

    • If a watchpoint is set, rosetta runtime will fail with "rosetta error: failed to allocate vm space for aot". An example session follows:
    lisa@jjl bt % lldb -- ./runner ./float
(lldb) target create "./runner"
Current executable set to '/Users/lisa/bt/runner' (arm64).
(lldb) settings set -- target.run-args  "./float"
(lldb) r
Process 9182 launched: '/Users/lisa/bt/runner' (arm64)
Process 9182 stopped
* thread #2, stop reason = exec
    frame #0: 0x00007ffdfffbc3ec runtime`_mh_execute_header + 17388
runtime`_mh_execute_header:
->  0x7ffdfffbc3ec <+17388>: mov    x19, sp
    0x7ffdfffbc3f0 <+17392>: and    sp, x19, #0xfffffffffffffff0
    0x7ffdfffbc3f4 <+17396>: mov    x29, sp
    0x7ffdfffbc3f8 <+17400>: ldr    x20, [x19, #0x20]
Target 0: (runtime) stopped.
(lldb) watchpoint set expression 0x7ffdfffbc3f0    ====> set a watchpoint that won't hit
Watchpoint created: Watchpoint 1: addr = 0x7ffdfffbc3f0 size = 8 state = enabled ...
    new value: -7998388550590730625
(lldb) c
Process 9182 resuming
rosetta error: failed to allocate vm space for aot   =========> will cause such failure
Process 9182 stopped
* thread #2, stop reason = signal SIGTRAP
    frame #0: 0x00007ffdfffd4d38 runtime`_mh_execute_header + 118072
runtime`_mh_execute_header:
->  0x7ffdfffd4d38 <+118072>: brk    #0x1
    0x7ffdfffd4d3c <+118076>: stp    x20, x19, [sp, #-0x20]!
    0x7ffdfffd4d40 <+118080>: stp    x29, x30, [sp, #0x10]
    0x7ffdfffd4d44 <+118084>: add    x29, sp, #0x10            ; =0x10 
Target 0: (runtime) stopped.
(lldb)
    • command might struck. e.g.
    isa@jjl bt % lldb -- ./runner ./lazy  ===> lazy has a dead loop in main()
(lldb) target create "./runner"
Current executable set to '/Users/lisa/bt/runner' (arm64).
(lldb) settings set -- target.run-args  "./lazy"
(lldb) r
Process 9235 launched: '/Users/lisa/bt/runner' (arm64)
Process 9235 stopped
* thread #2, stop reason = exec
    frame #0: 0x00007ffdfffbc3ec runtime`_mh_execute_header + 17388
runtime`_mh_execute_header:
->  0x7ffdfffbc3ec <+17388>: mov    x19, sp
    0x7ffdfffbc3f0 <+17392>: and    sp, x19, #0xfffffffffffffff0
    0x7ffdfffbc3f4 <+17396>: mov    x29, sp
    0x7ffdfffbc3f8 <+17400>: ldr    x20, [x19, #0x20]
Target 0: (runtime) stopped.
(lldb) c
Process 9235 resuming
Process 9235 stopped              ====> type ctrl+c to stop in the main function of lazy
* thread #2, stop reason = signal SIGSTOP
    frame #0: 0x0000000100011018
->  0x100011018: ldur   w0, [x5, #-0x8]
    0x10001101c: cmp    w0, #0x0                  ; =0x0 
    0x100011020: b.eq   0x100011028
    0x100011024: b      0x100011018
Target 0: (runtime) stopped.
(lldb) si        ========> stuck here

    and so on.

    opened by foxsen 7
Owner
FFRI Security, Inc.
Next Generation Security
FFRI Security, Inc.
GitHub https://ffri.github.io/ProjectChampollion/
Multi-tool reverse engineering collaboration solution.

CollaRE v0.3 Intorduction CollareRE is a tool for collaborative reverse engineering that aims to allow teams that do need to use more then one tool du

null 105 Nov 27, 2022
Official Pytorch implementation of paper "Reverse Engineering of Generative Models: Inferring Model Hyperparameters from Generated Images"

Reverse_Engineering_GMs Official Pytorch implementation of paper "Reverse Engineering of Generative Models: Inferring Model Hyperparameters from Gener

null 100 Dec 18, 2022
3ds-Ghidra-Scripts - Ghidra scripts to help with 3ds reverse engineering

3ds Ghidra Scripts These are ghidra scripts to help with 3ds reverse engineering

Zak 7 May 23, 2022
UAV-Networks-Routing is a Python simulator for experimenting routing algorithms and mac protocols on unmanned aerial vehicle networks.

UAV-Networks Simulator - Autonomous Networking - A.A. 20/21 UAV-Networks-Routing is a Python simulator for experimenting routing algorithms and mac pr

null 0 Nov 13, 2021
Facial detection, landmark tracking and expression transfer library for Windows, Linux and Mac

Welcome to the CSIRO Face Analysis SDK. Documentation for the SDK can be found in doc/documentation.html. All code in this SDK is provided according t

Luiz Carlos Vieira 7 Jul 16, 2020
A script helps the user to update Linux and Mac systems through the terminal

Description This script helps the user to update Linux and Mac systems through the terminal. All the user has to install some requirements and then ru

Roxcoder 2 Jan 23, 2022
Automates Machine Learning Pipeline with Feature Engineering and Hyper-Parameters Tuning :rocket:

MLJAR Automated Machine Learning Documentation: https://supervised.mljar.com/ Source Code: https://github.com/mljar/mljar-supervised Table of Contents

MLJAR 2.4k Dec 31, 2022
Y. Zhang, Q. Yao, W. Dai, L. Chen. AutoSF: Searching Scoring Functions for Knowledge Graph Embedding. IEEE International Conference on Data Engineering (ICDE). 2020

AutoSF The code for our paper "AutoSF: Searching Scoring Functions for Knowledge Graph Embedding" and this paper has been accepted by ICDE2020. News:

AutoML Research 64 Dec 17, 2022
It's final year project of Diploma Engineering. This project is based on Computer Vision.

Face-Recognition-Based-Attendance-System It's final year project of Diploma Engineering. This project is based on Computer Vision. Brief idea about ou

Neel 10 Nov 2, 2022
Evaluating different engineering tricks that make RL work

Reinforcement Learning Tricks, Index This repository contains the code for the paper "Distilling Reinforcement Learning Tricks for Video Games". Short

Anssi 15 Dec 26, 2022