Keypoints
-
<li Running standard Linux tools on embedded devices can be made easier without cross-compiling by copying the necessary environment components.
<li The method involves identifying and copying dynamic dependencies (linker, libc, etc.) to the target rather than building a full cross-toolchain.
<li Demonstrates cross-architecture execution by running strace from an arm64 Raspberry Pi on an arm64 Android phone.
<li Recommends using debootstrap and schroot to create a base cross-architecture chroot (e.g., arm64 Bookworm) on Debian-family systems.
<li Provides practical steps and commands to install debootstrap, set up chroots, and enter/exit the chroot environment.
<li Describes how to run binaries on the target device using copied dependencies and a suitable dynamic linker, including LD_LIBRARY_PATH tricks.
<li Shows how to perform “Cross-compiling without cross-compiling” by using QEMU to run binaries locally on the PC, avoiding a full toolchain for small tasks.
MITRE Techniques
- [T1105] Ingress Tool Transfer – Transferring binaries and their dependencies to a target device to enable execution. Quote: ‘adb push `which strace` /data/local/tmp’ and later ‘for i in $(bindeps `which strace`); do adb push $i /data/local/tmp/; done’
- [T1574] Hijack Execution Flow – Use of a copied dynamic linker and library path to run a binary from a non-standard location, effectively altering the normal loader path. Quote: ‘…we have used LD_LIBRARY_PATH (in the first example above, we could have invoked strace this way as well: LD_LIBRARY_PATH=/data/local/tmp /data/local/tmp/ld-linux-aarch64.so.1 /data/local/tmp/strace)’n
Indicators of Compromise
- [File path] Cross-architecture tooling and libraries copied to target device to enable execution – /data/local/tmp/strace, /lib/aarch64-linux-gnu/libc.so.6, and 2 more items
Read more: https://research.nccgroup.com/2024/06/05/cross-execute-your-linux-binaries-dont-cross-compile-them/