LLDB for remote debugging

[haasal]

Is there any way to use an LLDB remote server (or ssh if lldb server doesn't work) + a local LLDB client to debug binaries just like with gdb.debug()?

My problem is that I am on an M3 MacBook and there is no (stable) gdbserver for arm64. My only possibility to debug x86 binaries is connecting to a gdb/lldb server on a x86 qemu VM and then using pwntools ssh to run executables there. But I cannot debug because pwntools depends on gdbserver installed locally.

[peace-maker]

Using gdb.debug('program', ssh=ssh_conn) should start the gdbserver on the remote ssh server and connect through forwarded ports using the local gdb. I wouldn't expect you to have gdbserver installed locally for this. Can you show more details on how you're debugging?

There is no native support for lldb but you could try creating a pwntools-gdb symlink or file in your path to lldb or some wrapper script that translates the gdb commandline parameters. pwntools-gdb is used instead of the gdb binary if available locally.

Feel free to contribute your changes back if you get lldb integration working.

[haasal]

First of all thank you so much for your quick answer! I wasted so much time on this already and I think lldb wrappers would be sooooo much pain to implement (but now that I write this probably the only viable solution for the future). Maybe once we figure this out a tutorial for Apple Silicon users will be a better solution for now.

Ok so I'll explain my setup/problems in a bit more detail and I think the hell I am in right now will become pretty clear....

1. I am on MacBook M3 i.e. aarch64 → There is no stable gdb for aarch64.
2. On Mac there is no qemu user emulation → So no automatically started pwntools gdbserver over qemu (I think)

My 'solution(s)':

Chapter 1: Remote x86_64 Linux

• Use qemu-system-x86_64 (system emulation) and install a Debian server on there
• Setup this server over UTM because network bridging on apple silicon through qemu from scratch is a very, very dark place
• Now I can run lldb-server, gdbserver and ssh (or whatever) on that vm without having to hostfwd each port.
• This (almost... don't ask) worked for simple lldb debugging in binary ninja but for reasons explained in the initial issue not for pwntools.

Chapter 2: GDB on Apple Silicon

This is my debug script:

from pwn import gdb, ssh

user, passwd = "root", "******"
ssh_host = "192.168......" # VM Bridge IP

shell = ssh(user, ssh_host, password=passwd)
io = gdb.debug("whoami", ssh=shell)

io.interactive()

• When running this on my mac host I get: GDB not installed.
• I found Lima which allowed me to setup an x86 ubuntu vm. (basically like WSL2 for mac (just buggier))
• But this is just a wrapper around qemu-system-x86_64 so I can probably just somehow run the gdbserver over Lima but I didn't figure out how yet.
• So on this Lima VM I installed gdb and aliased it to limactl shell ubuntu-x86 gdb. So when I run gdb in my local zsh I get a gdb session in x86 ubuntu. Great!
• However pwntools can't use this alias: misc.which('gdb') on my host returns None.
• Current problem: I took a look at gdb.binary() and noticed that there is supposed to be a pwntools-gdb binary? I installed the binutils package but I don't have any pwntools-gdb in my path. Can I somehow force pwntools to use the alias?

Sorry for the very long writeup but in case I have to do setup this sh** again at least I know where to look

[haasal]

Ok just solved it by creating a shell script called gdb in my bin path that just runs the lima command.
Edit: Doesn't really work... because the initial gdb-script is stored in /var on the host which is not mounted to the vm