Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to parse JSON from jsdec #3345

Open
1 of 3 tasks
vtu-dog opened this issue May 21, 2024 · 1 comment
Open
1 of 3 tasks

Failed to parse JSON from jsdec #3345

vtu-dog opened this issue May 21, 2024 · 1 comment

Comments

@vtu-dog
Copy link

vtu-dog commented May 21, 2024
edited
Loading

Environment information

  • Operating System: macOS Sonoma 14.4.1 (23E224)
  • Cutter version: 2.3.4-stable-209c26b
  • Obtained from:
    • Built from source
    • Downloaded release from Cutter website or GitHub
    • Distribution repository (brew)
  • File format: mach0

Describe the bug

  1. I wanted to disassemble a hello world program written in C to get a feel of Cutter's workflow. Unfortunately, jsdec died as soon as I pointed it to a main function. The Ghidra decompiler worked fine.

The code in question, compiled with $ gcc main.c:

#include <stdio.h>

int main() {
    printf("Hello, World!\n");
}

Error log:

[0x100003f6c]> pddi
{"name":"issue_1716306668046","arch":"arm","archbits":64,"graph":[{"name":"entry0","blocks":[{"address":4294983532,"ops":[{"offset":4294983532,"opcode":"stp fp, lr, [sp, -0x10]!","disasm":"stp fp, lr, [var_10h]!","type":"store","comment":"[00] -r-x section size 32 named 0.__TEXT.__text"},{"offset":4294983536,"val":0,"opcode":"mov fp, sp","disasm":"mov fp, sp","type":"add"},{"offset":4294983540,"ptr":4294979584,"opcode":"adrp x0, 0x100003000","disasm":"adrp x0, data.100003000","type":"lea"},{"offset":4294983544,"val":3992,"opcode":"add x0, x0, 0xf98","disasm":"add x0, x0, 0xf98","type":"add"},{"offset":4294983548,"opcode":"bl 0x100003f8c","disasm":"bl printf","type":"call","jump":4294983564,"fail":4294983552},{"offset":4294983552,"ptr":0,"val":0,"opcode":"mov w0, 0","disasm":"mov w0, 0","type":"mov"},{"offset":4294983556,"ptr":0,"opcode":"ldp fp, lr, [sp], 0x10","disasm":"ldp fp, lr, [sp], 0x10","type":"load"},{"offset":4294983560,"opcode":"ret","disasm":"ret","type":"ret"}]}]}],"isj":[{"name":"__mh_execute_header","flagname":"sym.__mh_execute_header","realname":"__mh_execute_header","ordinal":0,"bind":"GLOBAL","size":0,"type":"FUNC","vaddr":4294967296,"paddr":0,"is_imported":false,"lib":""},{"name":"_main","flagname":"sym._main","realname":"_main","ordinal":1,"bind":"GLOBAL","size":0,"type":"FUNC","vaddr":4294983532,"paddr":16236,"is_imported":false,"lib":""},{"name":"imp.printf","flagname":"sym.imp.printf","realname":"printf","ordinal":2,"bind":"LOCAL","size":0,"type":"FUNC","vaddr":4294983564,"paddr":16268,"is_imported":true,"lib":""},{"name":"func.100003f6c","flagname":"sym.func.100003f6c","realname":"func.100003f6c","ordinal":3,"bind":"LOCAL","size":0,"type":"FUNC","vaddr":4294983532,"paddr":16236,"is_imported":false,"lib":""}],"Csj":[{"offset":4294983576,"type":"Cs","name":"SGVsbG8sIFdvcmw=","enc":"ascii","ascii":true}],"icj":[],"afvj":Usage: a  [abdefFghoprxstc] [...]| a*                 same as afl*;ah*;ax*| aa[?]              analyze all (fcns + bbs) (aa0 to avoid sub renaming)| a8 [hexpairs]      analyze bytes| ab[?] [addr]       analyze block| ad[?]              analyze data trampoline (wip)| ad [from] [to]     analyze data pointers to (from-to)| ae[?] [expr]       analyze opcode eval expression (see ao)| af[?]              analyze Functions| aF                 same as above, but using analysis.depth=1| ag[?] [options]    draw graphs in various formats| ah[?]              analysis hints (force opcode size, ...)| ai [addr]          address information (show perms, stack, heap, ...)| aj                 same as a* but in json (aflj)| aL                 list all asm/analysis plugins (e asm.arch=?)| an [name] [@addr]  show/rename/create whatever flag/function is used at addr| ao[?] [len]        analyze Opcodes (or emulate it)| aO[?] [len]        Analyze N instructions in M bytes| ap                 find prelude for current offset| ar[?]              like 'dr' but for the esil vm. (registers)| as[?] [num]        analyze syscall using dbg.reg| av[?] [.]          show vtables| ax[?]              manage refs/xrefs (see also afx?),"afcfj":[{"name":"entry0","noreturn":false,"ret":"void","cc":"arm64","args":[]},{"name":"entry0","noreturn":false,"ret":"void","cc":"arm64","args":[]},{"name":"entry0","noreturn":false,"ret":"void","cc":"arm64","args":[]},{"name":"entry0","noreturn":false,"ret":"void","cc":"arm64","args":[]},{"name":"entry0","noreturn":false,"ret":"void","cc":"arm64","args":[]},{"name":"entry0","noreturn":false,"ret":"void","cc":"arm64","args":[]},{"name":"entry0","noreturn":false,"ret":"void","cc":"arm64","args":[]},{"name":"entry0","noreturn":false,"ret":"void","cc":"arm64","args":[]}],"aflj":[{"offset":4294983532,"name":"entry0","size":32,"is-pure":false,"realsz":32,"noreturn":false,"stackframe":16,"calltype":"arm64","cost":2,"cc":1,"loops":0,"bits":64,"type":"fcn","nbbs":1,"edges":0,"ebbs":1,"signature":"entry0();","minbound":4294983532,"maxbound":4294983564,"callrefs":[{"from":4294983548,"to":4294983564,"type":"CALL"}],"datarefs":[{"from":4294983536,"to":1540080,"type":"DATA"},{"from":4294983540,"to":4294979584,"type":"DATA"},{"from":4294983544,"to":4294983576,"type":"DATA"},{"from":4294983556,"to":1540080,"type":"DATA"},{"from":4294983556,"to":1540088,"type":"DATA"}],"codexrefs":[],"dataxrefs":[],"indegree":0,"outdegree":1,"nlocals":2,"nargs":0,"stackvars":[{"name":"var_10h","arg":false,"type":"int64_t","storage":{"type":"stack","stack":-16}},{"name":"var_8h","arg":false,"type":"int64_t","storage":{"type":"stack","stack":-8}}],"regvars":[]},{"offset":4294983564,"name":"sym.imp.printf","size":12,"is-pure":false,"realsz":12,"noreturn":false,"stackframe":0,"calltype":"arm64","cost":0,"cc":1,"loops":0,"bits":64,"type":"sym","nbbs":1,"edges":0,"ebbs":1,"signature":"int sym.imp.printf(const char *format);","minbound":4294983564,"maxbound":4294983576,"callrefs":[{"from":4294983572,"to":4295016456,"type":"CODE"}],"datarefs":[{"from":4294983564,"to":4294983680,"type":"STRING"},{"from":4294983568,"to":4294983680,"type":"DATA"},{"from":4294983568,"to":4295016456,"type":"DATA"}],"codexrefs":[{"from":4294983548,"to":4294983564,"type":"CALL"}],"dataxrefs":[],"indegree":1,"outdegree":0,"nlocals":0,"nargs":0,"stackvars":[],"regvars":[]}]}
  1. To add insult to the injury, the main function was not detected automatically, and I had to resort to manually selecting the offset from the entry0 blob. It might be related to the first issue, but I honestly have no idea.

To Reproduce

Steps to reproduce the behavior:

  1. Compile the above code using gcc (so clang in a trenchcoat, since I'm on macOS).
  2. Load a.out into Cutter, analysis level: auto.
  3. Select the right offset.

Expected behavior

  1. The disassembler should not crash.
  2. The main function should be visible in the sidebar.

Screenshots

screenshot

Additional context

I did not raise the issue in the jsdec repository, because it seems to be a problem with Cutter calling it incorrectly.

In case you'd like to inspect the binary yourself, I can send it in a .zip file here.
@huberteff
Copy link

huberteff commented Jul 23, 2024
edited
Loading

I also see "Failed to parse JSON" when trying to analyze a Linux binary (maze6 from www.overthewire.org), on MacOS Sonoma 14.5 (intel).

Version 2.3.4-HEAD-209c26b
Using rizin 0.7.1 @ darwin-x86-64 commit: 7cb15e769c9e8d83de041634dc8a35634ee1cbb7
Based on Qt 5.15.5 (Clang 14.0 (Apple), 64 bit)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@huberteff @vtu-dog