Running CrackMes on M1 Mac

8 July 2023

I have a Macbook Air with an M1 processor and for almost everything I want to do I don’t notice the non-x86 architecture (apart from the excellent battery life). However, recently I’ve been trying to learn about modern reverse engineering and the practice material is usually x86.

If you’re interested in learning about reverse engineering here’s two videos from the Low Level Learning youtube channel that show what I’m attempting to do learn.

• everything is open source if you can reverse engineer (try it RIGHT NOW!)
• I Hacked this Program and Generated Unlimited CD Keys (baby’s first keygenme)

The examples used in both of these videos both require the ability to run x86 ELF binaries in Linux. I think the easiest way to do that is with Docker and the command I’ve ended up using is

docker run --rm -it --platform linux/amd64 -v $PWD:/home busybox

This gives you an interative shell in a busybox container that will run x86 Linux binaries, with the current directory mounted as /home after you exit the shell it will remove the container, so there should be no clean up afterwards. I am reasonably sure this will work on the M2 processor too.

You might like to experiment with using other images that already have useful tools installed, busybox doesn’t ship with objdump for example.

Troubleshooting

Some of the error messages you might see if you don’t get this quite right.

qemu-x86_64: Could not open '/lib64/ld-linux-x86-64.so.2': No such file or directory

This likely means you haven’t added the --platform argument so your container is not running as x86.

bash: ./babys-first: cannot execute binary file

and

zsh: exec format error: ./babys-first

These likely mean you’re trying to run the binary on your M1 without any emulation of x86, the binary is in the wrong format to do that, make sure you’re inside the container’s interactive shell.